Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sale Charger Adware does not go away


  • This topic is locked This topic is locked
10 replies to this topic

#1 BeFunk

BeFunk

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 17 May 2015 - 02:57 PM

Hi guys,

I have this stupid adware that can't remove, i tried a lot of things, JRT, ADWcleaner, CCleaner, Malwarebytes, i removed all my chrome extentions, other browsers like opera and safari, it keeps showing up.

while i'm typing this message i've been redirected to other pages multiple times and it is REALLY obnoxios!!

please give me orders thou masters of the internets!!

 

 

Here is the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Struik (administrator) on STRUIK-PC on 17-05-2015 21:45:22
Running from C:\Users\Struik\Downloads
Loaded Profiles: Struik (Available profiles: Struik)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() Q:\140061.nld\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2015-04-30] (Nota Inc.)
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\MountPoints2: {1616e72f-0269-11e3-a0e2-902b34a4d9dd} - E:\INSTALL.EXE
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\MountPoints2: {59b8c7f2-2083-11e4-a7f4-902b34a4d9dd} - F:\Startme.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2855457390-2934932292-1119176253-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-06] (Oracle Corporation)
BHO-x32: Aanmeldhulp voor Microsoft-account -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-06] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2855457390-2934932292-1119176253-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2855457390-2934932292-1119176253-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2013-04-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2855457390-2934932292-1119176253-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-10-09] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "", "hxxp://search.babylon.com/?affID=110211&tt=120912_cpc_3712_2&babsrc=HP_ss&mntrId=5418a96000000000000000145c889add", "hxxp://www.searchgol.com/?affID=119585&tt=gc_&babsrc=HP_ss_Btisdt7&mntrId=880AC446193A98A4", "hxxp://www.golsearch.com/?affID=119585&tt=gc_&babsrc=HP_ss_Btisdt6&mntrId=880AC446193A98A4", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyE0AyE0Dzy0D0DyDyCtD0DtN0D0Tzu0SyByDtBtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1373660556&ir="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-17]
CHR Extension: (AdBlock) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-17]
CHR Profile: C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-28]
CHR Extension: (Google Drive) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-28]
CHR Extension: (YouTube) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-28]
CHR Extension: (Google Search) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-28]
CHR Extension: (Google Wallet) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-28]
CHR Extension: (Gmail) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-15] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R3 automap; C:\Windows\System32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-12] (Disc Soft Ltd)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-09] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [53080 2011-10-05] (Novation DMS Ltd.)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-17 21:45 - 2015-05-17 21:45 - 00019133 _____ () C:\Users\Struik\Downloads\FRST.txt
2015-05-17 21:43 - 2015-05-17 21:45 - 00000000 ____D () C:\FRST
2015-05-17 21:43 - 2015-05-17 21:43 - 02107392 _____ (Farbar) C:\Users\Struik\Downloads\FRST64.exe
2015-05-16 21:15 - 2015-05-16 21:15 - 00959495 _____ () C:\Users\Struik\Desktop\3c57648b0869fe676733eacb64a8b2bf.psd
2015-05-16 20:43 - 2015-05-16 20:43 - 00082804 _____ () C:\Users\Struik\Downloads\birdman.zip
2015-05-16 20:43 - 2015-05-16 20:43 - 00051831 _____ () C:\Users\Struik\Downloads\resistance_is_futile.zip
2015-05-16 17:14 - 2015-05-16 17:14 - 10545519 _____ () C:\Users\Struik\Desktop\com.snapchat.android-8.1.2-469-minAPI14.apk
2015-05-16 17:13 - 2015-05-16 17:14 - 10545519 _____ () C:\Users\Struik\Downloads\com.snapchat.android-8.1.2-469-minAPI14.apk
2015-05-16 16:15 - 2015-05-16 16:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-STRUIK-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-16 16:15 - 2015-05-16 16:15 - 00000000 ____D () C:\RegBackup
2015-05-16 16:14 - 2015-05-16 16:14 - 02719698 _____ (Thisisu) C:\Users\Struik\Downloads\JRT.exe
2015-05-16 12:31 - 2015-05-17 20:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-16 12:30 - 2015-05-16 12:30 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-16 12:30 - 2015-05-16 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-16 12:30 - 2015-05-16 12:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-16 12:30 - 2015-05-16 12:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-16 12:30 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-16 12:30 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-16 12:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-16 12:27 - 2015-05-16 12:28 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Struik\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-16 11:12 - 2015-05-16 11:14 - 26957525 _____ () C:\Users\Struik\Desktop\Trouwerij Jelske en Robbert (1).zip
2015-05-16 11:06 - 2015-05-16 11:16 - 19619641 _____ () C:\Users\Struik\Desktop\Jelske en Robert (1).zip
2015-05-15 13:26 - 2015-05-15 13:26 - 02209792 _____ () C:\Users\Struik\Downloads\adwcleaner_4.204.exe
2015-05-15 12:26 - 2015-05-15 12:27 - 26957525 _____ () C:\Users\Struik\Downloads\Trouwerij Jelske en Robbert.zip
2015-05-15 11:58 - 2015-05-15 11:58 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2015-05-15 11:58 - 2015-05-15 11:58 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2015-05-14 22:08 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 22:08 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 21:49 - 2015-05-14 21:49 - 01121836 _____ () C:\Users\Struik\Desktop\FISH.psd
2015-05-14 21:32 - 2015-05-14 21:33 - 12112918 _____ () C:\Users\Struik\Downloads\BeFunk_-_Past_Destination.flac
2015-05-14 21:23 - 2015-05-14 21:23 - 00871107 _____ () C:\Users\Struik\Desktop\Futuregareagte.flp
2015-05-14 21:08 - 2015-05-14 21:10 - 31281253 _____ () C:\Users\Struik\Downloads\BeFunk_-_Freedom_to_Funk.flac
2015-05-14 18:22 - 2015-05-14 18:23 - 36491077 _____ () C:\Users\Struik\Downloads\BeFunk_-_Future_Worlds.flac
2015-05-14 18:12 - 2015-05-14 18:12 - 06678567 _____ () C:\Users\Struik\Downloads\BeFunk. - For Traveling.m4a
2015-05-14 12:28 - 2015-05-14 12:28 - 00000262 __RSH () C:\ProgramData\ntuser.pol
2015-05-13 10:38 - 2015-05-13 10:42 - 54936948 _____ () C:\Users\Struik\Downloads\For_Fantasy.wav
2015-05-13 10:29 - 2015-05-13 10:35 - 40887002 _____ () C:\Users\Struik\Downloads\For_Rainfall.wav
2015-05-13 10:28 - 2015-05-13 10:34 - 38380220 _____ () C:\Users\Struik\Downloads\For_Sunshine.wav
2015-05-13 10:27 - 2015-05-13 10:34 - 39693524 _____ () C:\Users\Struik\Downloads\For_Together.wav
2015-05-13 10:26 - 2015-05-13 10:34 - 53167478 _____ () C:\Users\Struik\Downloads\For_Thoughts.wav
2015-05-13 10:15 - 2015-05-13 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-05-13 10:14 - 2015-05-13 10:17 - 47232374 _____ () C:\Users\Struik\Downloads\For_Dreaming.wav
2015-05-13 10:08 - 2015-05-13 10:17 - 105841530 _____ () C:\Users\Struik\Downloads\For_Travelling.wav
2015-05-13 10:05 - 2015-05-13 10:06 - 19570540 _____ () C:\Users\Struik\Downloads\For_You.wav
2015-05-13 10:03 - 2015-05-13 10:04 - 00000000 ____D () C:\Users\Struik\Desktop\Foreverymoment
2015-05-13 09:22 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 09:22 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 09:22 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 09:22 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 09:22 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 09:22 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 09:22 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 09:22 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 09:22 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 09:22 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 09:22 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 09:22 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 09:22 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 09:22 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 09:22 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 09:22 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 09:22 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 09:22 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 09:22 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 09:22 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 09:22 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 09:22 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 09:22 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 09:22 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 09:22 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 09:22 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 09:22 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 09:22 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 09:22 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 09:22 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 09:22 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 09:22 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 09:22 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 09:22 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 09:22 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 09:22 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 09:22 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 09:22 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 09:22 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 09:22 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 09:22 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 09:22 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 09:22 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 09:22 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 09:22 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 09:22 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 09:22 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 09:22 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 09:22 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 09:22 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 09:22 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 09:22 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 09:22 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 09:22 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 09:22 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 09:22 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 09:22 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 09:22 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 09:22 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 09:21 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 09:21 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 09:21 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 09:21 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 09:21 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 09:18 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 09:18 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 09:18 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 09:17 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 09:17 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 09:17 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 09:17 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 09:17 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 09:17 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 09:17 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 09:17 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 09:17 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 09:17 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 09:17 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 09:17 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 09:17 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 09:17 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 09:17 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 09:17 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 09:17 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 09:17 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 09:17 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 09:17 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 09:17 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 09:17 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 09:17 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 09:17 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 09:17 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 09:17 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 09:17 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 09:17 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 09:17 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 09:17 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 09:17 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 09:17 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 09:17 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 09:17 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 09:16 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 09:16 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 09:16 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 09:16 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 09:16 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 09:14 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 09:14 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 09:14 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 09:14 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 09:14 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 09:14 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 09:14 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 21:32 - 2015-05-12 21:32 - 01302529 _____ (AbyssMedia.com ) C:\Users\Struik\Downloads\bpmcounter.exe
2015-05-12 21:32 - 2015-05-12 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abyssmedia
2015-05-12 21:32 - 2015-05-12 21:32 - 00000000 ____D () C:\Program Files (x86)\Abyssmedia
2015-05-12 21:04 - 2015-05-12 22:15 - 00580510 _____ () C:\Users\Struik\Desktop\For Rainfall.flp
2015-05-12 17:06 - 2015-05-12 17:06 - 07942144 _____ (ChbShoot.me) C:\Users\Struik\Downloads\TerrariaInvEdit.572.exe
2015-05-12 13:21 - 2015-05-12 13:26 - 00000000 ____D () C:\Users\Struik\Desktop\ede
2015-05-12 13:18 - 2015-05-13 10:05 - 00000000 ____D () C:\Users\Struik\Desktop\asdf
2015-05-12 13:15 - 2015-05-12 13:15 - 197455627 _____ () C:\Users\Struik\Desktop\Prezieeee.zip
2015-05-12 13:15 - 2015-05-12 13:15 - 00000000 ____D () C:\Users\Struik\Desktop\Prezieeee
2015-05-10 20:26 - 2015-05-10 20:26 - 00000000 ____D () C:\Users\Struik\Downloads\de-verhalenkoffer-hl4hrxnvfzvy (1)
2015-05-10 20:21 - 2015-05-10 20:21 - 00000000 ____D () C:\Users\Struik\Prezi
2015-05-10 20:12 - 2015-05-16 23:58 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-05-10 20:12 - 2015-05-10 20:12 - 00003890 _____ () C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-05-10 20:11 - 2015-05-10 20:11 - 00001865 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi.lnk
2015-05-10 20:11 - 2015-05-10 20:11 - 00001853 _____ () C:\Users\Public\Desktop\Prezi.lnk
2015-05-10 20:09 - 2015-05-10 20:11 - 00000000 ____D () C:\Program Files (x86)\Prezi
2015-05-10 20:07 - 2015-05-10 20:07 - 00003824 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1431281269
2015-05-10 20:07 - 2015-05-10 20:07 - 00001139 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-05-10 20:07 - 2015-05-10 20:07 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-05-10 20:05 - 2015-05-10 20:05 - 00683992 _____ (Opera Software) C:\Users\Struik\Downloads\Opera_NI_stable.exe
2015-05-10 16:39 - 2015-05-12 22:07 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\Mp3tag
2015-05-10 16:39 - 2015-05-10 16:39 - 00000983 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2015-05-10 16:39 - 2015-05-10 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-05-10 16:39 - 2015-05-10 16:39 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-05-10 16:38 - 2015-05-10 16:38 - 02906880 _____ () C:\Users\Struik\Downloads\mp3tagv270setup.exe
2015-05-10 16:20 - 2015-05-10 16:25 - 04891429 _____ () C:\Users\Struik\Desktop\Backcover album.psd
2015-05-10 13:44 - 2015-05-10 13:50 - 128490632 _____ () C:\Users\Struik\Downloads\de-verhalenkoffer-hl4hrxnvfzvy (2).zip
2015-05-09 10:16 - 2015-05-09 10:28 - 255351815 _____ () C:\Users\Struik\Downloads\wetransfer-b2ea64.zip
2015-05-08 16:59 - 2015-05-08 17:04 - 128490280 _____ () C:\Users\Struik\Downloads\de-verhalenkoffer-hl4hrxnvfzvy (1).zip
2015-05-08 11:56 - 2015-05-08 11:56 - 01974978 _____ () C:\Users\Struik\Downloads\looperman-l-0630386-0079022-mrfunktastic-trap-money-hustlas-legato-voice.wav
2015-05-08 11:55 - 2015-05-08 11:55 - 00065536 _____ () C:\Users\Struik\Downloads\looperman-l-1132158-0080218-lolboy356-trap-chant-what.wav
2015-05-08 11:16 - 2015-05-08 11:16 - 04061921 _____ () C:\Users\Struik\Downloads\expitrap.zip
2015-05-08 11:05 - 2015-05-08 11:05 - 01209746 _____ () C:\Users\Struik\Downloads\looperman-l-1528225-0083973-7venth12-808-trap-beat.wav
2015-05-08 11:04 - 2015-05-08 11:04 - 02646146 _____ () C:\Users\Struik\Downloads\looperman-l-1528225-0084063-7venth12-future-bass-808.wav
2015-05-08 10:13 - 2015-05-08 10:20 - 128493452 _____ () C:\Users\Struik\Downloads\de-verhalenkoffer-hl4hrxnvfzvy.zip
2015-05-07 22:10 - 2015-05-07 22:10 - 00000000 ____D () C:\Users\Struik\AppData\Local\openvr
2015-05-07 10:39 - 2015-05-07 10:39 - 00276304 _____ () C:\Windows\Minidump\050715-19999-01.dmp
2015-05-05 13:06 - 2015-05-05 13:06 - 00000000 ___HD () C:\Users\Struik\Desktop\.picasaoriginals
2015-05-01 10:13 - 2015-05-01 10:13 - 02721168 _____ (Microsoft Corporation) C:\Users\Struik\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2015-04-30 20:03 - 2015-04-30 20:49 - 00000000 ____D () C:\Users\Struik\Downloads\Windows 7 Ultimate SP1 x64 en-US Pre-Activated Sep2013
2015-04-28 19:40 - 2015-04-28 19:40 - 00300226 _____ () C:\Users\Struik\Downloads\13_mei_trouwen_robbert_en_jelske.psd
2015-04-26 16:49 - 2015-04-26 16:49 - 00000000 ____D () C:\Users\Struik\Downloads\Horizon Fire - Earthlight
2015-04-26 16:03 - 2015-04-26 16:07 - 89599309 _____ () C:\Users\Struik\Downloads\Horizon Fire - Earthlight.zip
2015-04-25 17:28 - 2015-04-25 17:30 - 39686732 _____ () C:\Users\Struik\Desktop\BeFunk - Classic Cars.wav
2015-04-19 20:38 - 2015-04-19 20:38 - 00082759 _____ () C:\Users\Struik\Downloads\chinese_takeaway2.zip
2015-04-17 15:32 - 2015-04-17 15:32 - 00063470 _____ () C:\Users\Struik\Downloads\simple_dandy.zip
2015-04-17 15:31 - 2015-04-17 15:31 - 00897766 _____ () C:\Users\Struik\Downloads\engcarnation.zip
2015-04-17 15:31 - 2015-04-17 15:31 - 00330922 _____ () C:\Users\Struik\Downloads\neoteric.zip
2015-04-17 15:31 - 2015-04-17 15:31 - 00044859 _____ () C:\Users\Struik\Downloads\aghila.zip
2015-04-17 15:28 - 2015-04-17 15:28 - 00014517 _____ () C:\Users\Struik\Downloads\arual.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-17 21:17 - 2013-03-01 13:07 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-17 20:50 - 2013-02-28 22:45 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 19:54 - 2009-07-14 06:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 19:54 - 2009-07-14 06:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 19:50 - 2013-02-28 22:02 - 01706150 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 19:47 - 2014-09-29 21:43 - 00000000 ____D () C:\Users\Struik\AppData\Local\LogMeIn Hamachi
2015-05-17 19:46 - 2013-02-28 22:45 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 19:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 19:46 - 2009-07-14 06:51 - 00136426 _____ () C:\Windows\setupact.log
2015-05-17 17:49 - 2013-03-12 18:11 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\Skype
2015-05-17 15:45 - 2013-02-28 22:45 - 00004052 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 15:45 - 2013-02-28 22:45 - 00003800 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 14:38 - 2014-06-26 18:38 - 00000000 ____D () C:\AdwCleaner
2015-05-17 10:11 - 2013-03-15 09:46 - 00000000 ____D () C:\Users\Struik\AppData\Local\Adobe
2015-05-17 10:01 - 2013-02-28 22:45 - 00091464 _____ () C:\Users\Struik\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-17 10:01 - 2009-07-14 07:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-17 10:00 - 2010-11-21 05:47 - 00742814 _____ () C:\Windows\PFRO.log
2015-05-17 10:00 - 2009-07-14 06:45 - 05184624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 23:51 - 2014-05-12 17:20 - 00000000 ____D () C:\Users\Struik\AppData\Local\Popcorn-Time
2015-05-16 15:48 - 2013-03-01 13:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-16 15:48 - 2013-03-01 13:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-16 15:48 - 2013-03-01 13:07 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-16 15:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2015-05-16 12:11 - 2014-11-11 14:16 - 00000000 ____D () C:\Windows\pss
2015-05-16 12:10 - 2013-02-28 23:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-16 12:03 - 2013-09-06 09:38 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\.minecraft
2015-05-16 11:46 - 2013-03-31 20:32 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\BitTorrent
2015-05-15 21:11 - 2013-03-01 11:14 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\SoftGrid Client
2015-05-15 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-15 11:58 - 2014-10-01 20:58 - 00003752 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2015-05-15 11:58 - 2014-10-01 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-05-15 11:58 - 2014-10-01 20:57 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2015-05-15 11:25 - 2011-04-12 15:00 - 00746200 _____ () C:\Windows\system32\perfh013.dat
2015-05-15 11:25 - 2011-04-12 15:00 - 00153894 _____ () C:\Windows\system32\perfc013.dat
2015-05-15 11:25 - 2009-07-14 07:13 - 01672440 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 11:17 - 2011-04-12 15:11 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 11:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 19:00 - 2014-03-15 22:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-14 19:00 - 2014-03-14 22:56 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\FileZilla
2015-05-14 19:00 - 2013-08-12 11:20 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\DAEMON Tools Lite
2015-05-14 19:00 - 2013-03-12 14:14 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\Sony
2015-05-14 12:22 - 2013-07-11 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 12:22 - 2013-07-11 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 13:14 - 2013-03-01 11:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-13 13:14 - 2013-02-28 23:16 - 01699322 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-13 13:12 - 2013-03-01 11:22 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 13:12 - 2013-03-01 11:21 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 13:12 - 2013-03-01 11:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 13:12 - 2013-03-01 11:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 13:11 - 2013-08-08 14:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 12:59 - 2013-03-26 14:36 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 12:57 - 2013-07-11 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 10:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-05-12 16:04 - 2014-04-25 09:50 - 00000000 ____D () C:\Users\Struik\AppData\Local\Warframe
2015-05-11 06:50 - 2013-10-17 17:01 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-10 22:35 - 2013-03-07 23:00 - 00000000 ____D () C:\Users\Struik\Desktop\fl studio stuff
2015-05-10 20:21 - 2013-02-28 22:39 - 00000000 ____D () C:\Users\Struik
2015-05-10 20:07 - 2013-10-17 17:02 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\Opera Software
2015-05-10 20:07 - 2013-10-17 17:02 - 00000000 ____D () C:\Users\Struik\AppData\Local\Opera Software
2015-05-10 16:45 - 2013-03-01 15:19 - 00000000 ____D () C:\Users\Struik\Desktop\harolds stuff
2015-05-10 13:22 - 2015-04-13 19:25 - 00000000 ____D () C:\Users\Struik\Desktop\Foto's jelske
2015-05-09 17:48 - 2013-04-04 12:39 - 00000000 ____D () C:\Users\Struik\Documents\school Lena
2015-05-07 10:39 - 2013-08-26 08:22 - 624517774 _____ () C:\Windows\MEMORY.DMP
2015-05-07 10:39 - 2013-08-26 08:22 - 00000000 ____D () C:\Windows\Minidump
2015-05-05 13:24 - 2015-01-28 18:27 - 00016384 _____ () C:\Users\Struik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-01 19:38 - 2013-05-15 14:40 - 00000000 ____D () C:\Users\Struik\AppData\Local\Paint.NET
2015-04-30 21:09 - 2013-03-18 20:47 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\vlc
2015-04-30 10:34 - 2013-03-12 18:11 - 00000000 ____D () C:\ProgramData\Skype
2015-04-26 11:08 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-25 19:32 - 2014-09-24 19:29 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\dvdcss
2015-04-22 22:05 - 2013-03-02 14:33 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\Adobe
2015-04-17 18:15 - 2013-11-05 16:32 - 00000132 _____ () C:\Users\Struik\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-04-17 17:13 - 2015-02-12 10:56 - 00000000 ____D () C:\Users\Struik\Documents\Nexus Mod Manager
2015-04-17 17:13 - 2015-02-09 19:58 - 00000000 ____D () C:\Users\Struik\AppData\Local\Skyrim
2015-04-17 17:13 - 2015-02-09 19:48 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V Skyrim
2015-04-17 14:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
 
==================== Files in the root of some directories =======
 
2013-11-05 16:32 - 2015-04-17 18:15 - 0000132 _____ () C:\Users\Struik\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-01-21 20:26 - 2014-03-31 19:31 - 0000141 _____ () C:\Users\Struik\AppData\Roaming\WB.CFG
2015-01-28 18:27 - 2015-05-05 13:24 - 0016384 _____ () C:\Users\Struik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-11 16:03 - 2013-04-11 16:03 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Public\Cracked Minecraft Un-installerl.exe
 
 
Some content of TEMP:
====================
C:\Users\Struik\AppData\Local\Temp\13-1_vista_win7_win8_64_dd_ccc_whql.exe
C:\Users\Struik\AppData\Local\Temp\3DMark_11_v103.exe
C:\Users\Struik\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win7-64bit.exe
C:\Users\Struik\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Struik\AppData\Local\Temp\comver.dll
C:\Users\Struik\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Struik\AppData\Local\Temp\dsp_ipp.dll
C:\Users\Struik\AppData\Local\Temp\F1BC6A5B-9213-45F6-B849-E124A2D18832.exe
C:\Users\Struik\AppData\Local\Temp\FastDownload.exe
C:\Users\Struik\AppData\Local\Temp\i4jdel0.exe
C:\Users\Struik\AppData\Local\Temp\i4jdel1.exe
C:\Users\Struik\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-b2624jnks.dll
C:\Users\Struik\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\Struik\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.1-b2969jnks.dll
C:\Users\Struik\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.2-b2974jnks.dll
C:\Users\Struik\AppData\Local\Temp\jansi-64-git-MCPC-Plus-jenkins-MCPC-Plus-164-251.dll
C:\Users\Struik\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Struik\AppData\Local\Temp\LOOP.EXE
C:\Users\Struik\AppData\Local\Temp\raptrpatch.exe
C:\Users\Struik\AppData\Local\Temp\raptr_stub.exe
C:\Users\Struik\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Struik\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Struik\AppData\Local\Temp\sfextra.dll
C:\Users\Struik\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Struik\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Struik\AppData\Local\Temp\tmp1821.exe
C:\Users\Struik\AppData\Local\Temp\Uninstall.exe
C:\Users\Struik\AppData\Local\Temp\Uninstaller-4608.exe
C:\Users\Struik\AppData\Local\Temp\_is586C.exe
C:\Users\Struik\AppData\Local\Temp\_is5E87.exe
C:\Users\Struik\AppData\Local\Temp\_is672B.exe
C:\Users\Struik\AppData\Local\Temp\_isD900.exe
C:\Users\Struik\AppData\Local\Temp\_isDD82.exe
C:\Users\Struik\AppData\Local\Temp\_isEFBB.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 13:32
 
==================== End Of Log ============================
 
and here is the addition.txt log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by Struik at 2015-05-17 21:46:38
Running from C:\Users\Struik\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2855457390-2934932292-1119176253-500 - Administrator - Disabled)
Gast (S-1-5-21-2855457390-2934932292-1119176253-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2855457390-2934932292-1119176253-1002 - Limited - Enabled)
Struik (S-1-5-21-2855457390-2934932292-1119176253-1000 - Administrator - Enabled) => C:\Users\Struik
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.7 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Automap 4.6 (HKLM\...\Automap Universal_is1) (Version: 4.6 - Focusrite Audio Engineering Ltd.)
Bass Station 1.6 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 1.6 - Novation Digital Music Systems Ltd.)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
BitTorrent (HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\BitTorrent) (Version: 7.9.2.37755 - BitTorrent Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
BPM Counter 1.6.0.0 (HKLM-x32\...\BPM Counter_is1) (Version: 1.6.0.0 - AbyssMedia.com)
Camel Audio Alchemy (HKLM-x32\...\Camel Audio Alchemy) (Version: 1.55.0 - Camel Audio)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Deckadance 2 (HKLM-x32\...\Deckadance 2) (Version: 2.0 - Image-Line)
Easy Tune 6 B12.0919.2 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0919.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ElectraX full (HKLM-x32\...\Tone2 ElectraX full_is1) (Version:  - Tone2)
emWave2 (HKLM-x32\...\emWave22.2.5.4848) (Version: 2.2.5.4848 - Quantum Intech, Inc.)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Gladiator  full (HKLM-x32\...\Tone2 Gladiator full_is1) (Version:  - Tone2)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Gyazo 2.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HP Officejet 6600 Basissoftware van het apparaat (HKLM\...\{C6FF31F6-7505-49BC-BE55-911F23A4F125}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Lennar Digital Sylenth VSTi v1.2.1 (HKLM-x32\...\Lennar Digital Sylenth VSTi v1.2.1) (Version:  - )
Live 8.0.1 (HKLM-x32\...\Live 8.0.1) (Version:  - )
Live 8.2.4 (HKLM-x32\...\Live 8.2.4) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware versie 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - Nederlands (HKLM-x32\...\{90140011-0061-0413-0000-0000000FF1CE}) (Version: 14.0.6134.5003 - Microsoft Corporation)
Microsoft Office Klik-en-Klaar 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - )
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.2 - Black Tree Gaming)
Nicky Romero Kickstart 1.0.6 (HKLM\...\Kickstart_is1) (Version: 1.0.6 - Nicky Romero)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version:  - Novawave Inc.)
Novation USB Audio Driver 2.3 (HKLM\...\Novation USB Audio Driver_is1) (Version: 2.3 - Novation DMS Ltd.)
ON_OFF Charge B12.0308.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera Stable 29.0.1795.47 (HKLM-x32\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PFPortChecker 1.0.39 (HKLM-x32\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlanetSide 2 (HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PlanetSide 2 Live Test (HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\SOE-PlanetSide 2 Test) (Version: 1.0.3.183 - Sony Online Entertainment)
Prezi (HKLM-x32\...\{63B8F931-2BF3-4D5D-9C28-E2EF88D83DFD}) (Version: 5.2.8 - Prezi.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Razer Abyssus (HKLM-x32\...\{CBD6B23A-B54F-476A-9527-C262F469CACF}) (Version: 2.00 -  Razer USA Ltd.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
RPG Maker VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Sniper Elite V2_is1) (Version:  - )
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
SpaceEngine versie 0.9.7.2 (HKLM-x32\...\{E65FD500-9218-44EC-9586-D39FAB4DFDAF}_is1) (Version: 0.9.7.2 - SpaceEngine)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Glue (HKLM\...\The Glue_is1) (Version: 1.2.8 - )
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{7963F870-6575-11E2-A4D9-F04DA23A5C58}) (Version: 12.0.486 - Sony)
Visual Studio 2012 Update 2 (KB2707250) (HKLM-x32\...\{2fba7dd0-b8eb-4185-aea3-e6910d3f8102}) (Version: 11.0.60315 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Warframe (HKLM-x32\...\{953E5979-ACD5-48D6-92E3-3F28FBF22644}) (Version: 1.0.0 - Digital Extremes)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
13-05-2015 09:16:19 Windows Update
13-05-2015 12:55:11 Windows Update
14-05-2015 22:08:04 Windows Update
16-05-2015 12:04:08 Removed Windows 7 USB/DVD Download Tool
16-05-2015 12:10:06 Removed Arc
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {08E51E35-46DB-4DA8-BFED-37CA38B77206} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.)
Task: {0B5DFED5-F78F-4192-A7CC-6C1B32887C5F} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-04-30] ()
Task: {1038EA5E-B702-4CE3-9339-B8F8945E9453} - System32\Tasks\{55B0B9C0-277B-40DB-B18B-649E38B8C3BA} => pcalua.exe -a "C:\Users\Struik\Downloads\Thaumcraft Mod Installer (1).exe" -d C:\Users\Struik\Downloads
Task: {1B201495-FAE9-4603-827D-C9DFF792D700} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {25328A22-826B-41E2-BD94-DF8039F5F23D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.)
Task: {3E2826FD-EC6B-4786-BA78-BCA7167B5DB7} - System32\Tasks\{F489D945-4EAD-44B3-9AA7-ADFBB1F5F1F6} => C:\VoidLauncher\Start.exe
Task: {4185E5FA-4359-4299-8FC3-42224867982F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe
Task: {4F162DB4-6629-482E-92F3-BE329AB77F8A} - System32\Tasks\AdobeAAMUpdater-1.0-Struik-PC-Struik => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {5075EF77-44D1-495A-831A-34DDA4F312F9} - System32\Tasks\{A7434533-67CB-476F-A34F-4270ADA5A902} => C:\Program Files (x86)\The Elder Scrolls V Skyrim\SkyrimLauncher.exe [2015-02-21] (Bethesda Softworks)
Task: {5352A593-F320-4CCF-90C6-2C4C5127D304} - System32\Tasks\{38264B72-80D8-4A26-8498-CA3F71F86FDE} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2015-03-18] (Microsoft Corporation)
Task: {5FAA0368-8A48-40F5-A362-B63D8B5DECBF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {6CFB5DCA-A6E7-470A-82D1-8410378BF9B9} - System32\Tasks\{B64ABE55-28DB-4A98-83CE-2447046D6FB6} => C:\Program Files (x86)\Transposia\Miel Monteur verkent de Ruimte\Miel5.exe
Task: {73715427-51A3-41C6-B5D3-86237AE872EE} - System32\Tasks\HP AR Program Upload - da10db2ab3f64703a1a2056162c8050c3939d10e5b8f46ef8a7ce3926c68c2c0 => C:\Program Files\HP\HP Officejet 6600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {7C999F58-DEAF-4A8F-A9FC-881EA330C056} - System32\Tasks\Opera scheduled Autoupdate 1431281269 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-17] (Opera Software)
Task: {82A47E1B-FC0D-42D2-84B3-1AC0AE85AADD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A9F5E023-BACA-4BB9-84AE-C59F47EFEAE9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {ACB03703-70F9-456C-8F20-C45D761241FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-16] (Adobe Systems Incorporated)
Task: {AEE4258E-FE34-4A17-BE80-C1A97F16C4DB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {FB9D36FF-F4C3-43DA-A747-03E61D329024} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-03-01 00:27 - 2014-10-15 17:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-02-07 21:54 - 2012-02-07 21:54 - 00078624 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2014-02-11 21:29 - 2014-02-11 21:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-05-15 11:43 - 2015-05-05 06:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
2015-05-15 11:43 - 2015-05-05 06:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
2015-05-15 11:43 - 2015-05-05 06:06 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Struik\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Struik\.DS_Store:com.apple.quarantine
AlternateDataStreams: C:\Users\Struik\Local Settings:bFbptyzWZUP6FFbr4ONGlo0ttkV
AlternateDataStreams: C:\Users\Struik\AppData\Local:bFbptyzWZUP6FFbr4ONGlo0ttkV
AlternateDataStreams: C:\Users\Struik\AppData\Local\Application Data:bFbptyzWZUP6FFbr4ONGlo0ttkV
AlternateDataStreams: C:\Users\Struik\AppData\Local\Q40t8cDt8:nfr5QJYKgcRsYPkLvu2YBL
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Struik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Struik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Inktwaarschuwingen controleren - HP Officejet 6600.lnk => C:\Windows\pss\Inktwaarschuwingen controleren - HP Officejet 6600.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Struik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Schermopname en Snel starten.lnk => C:\Windows\pss\OneNote 2010 Schermopname en Snel starten.lnk.Startup
MSCONFIG\startupreg: Abyssus => C:\Program Files (x86)\Razer\Abyssus\razerhid.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\Struik\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe -update pepperplugin
MSCONFIG\startupreg: GamingKeyboard => "C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_08A7F318A7285B79A57F5D1FFEA14301 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP Officejet 6600 (NET) => "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN23T2G0SS05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
MSCONFIG\startupreg: KPeerNexonEU => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Novation Automap Server => "C:\Program Files (x86)\Novation\Automap\AutomapServer.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [TCP Query User{66F501BA-5077-4DAB-B9BB-A58F3315CE09}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [UDP Query User{3C3C29B0-4016-4450-B9C9-4C607F15331B}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe] => (Allow) C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe
FirewallRules: [TCP Query User{C2B22F2C-F996-4968-AA5B-C74591095A5E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [UDP Query User{26735843-C50A-4362-80C3-ED3358E91C91}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [TCP Query User{4813FBA4-E366-4572-95DC-6A28561CC85F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{06CB0855-6964-4AF5-A32C-A00D66DE2605}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{97B1B2A9-E9A0-48A3-9BE4-B646FA962164}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{612A53CE-99B7-4AA7-8616-914E696EC301}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{537B83DC-09B1-4772-87DF-A6D832394E28}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{D6D1D047-0909-4FF3-8789-9DDC108C1E86}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [{80509F48-FE19-4E65-A356-230913CE2DC0}] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [{D2D5D3B5-512B-48CC-8E16-71293AF2BAE1}] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [{F42E4A8F-D131-402D-B926-FE9B2A406E76}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6FDE1EED-8DFF-428C-A6DE-995C3081F927}] => (Allow) C:\Users\Struik\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{80E9B2CC-FB5E-4DA6-A7C4-BF6BF651F034}] => (Allow) C:\Users\Struik\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C5FA1E73-3427-413E-ACA6-57736FB67A56}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe
FirewallRules: [{4E0A3749-981E-4453-9551-30D5DDB78F61}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe
FirewallRules: [{7D7223A8-796F-4ACF-AC1A-FB1084FCFFAD}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe
FirewallRules: [{5BC61239-D284-48F8-B2C1-E9A72A46D5EB}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe
FirewallRules: [{27CA1449-13C5-4257-A05C-3C36856A7EFB}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D98042F6-F8D1-40C2-8AC4-DD1F7601F116}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{ECADCC0B-C4FE-430A-89F4-B1F0F394982B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E6432FA4-E428-4E47-B7E3-54B2CD43469A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{069644ED-50A0-4240-9B6D-773618E85E09}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{631DAA5B-E4C7-462B-B8AF-8D32EA07921F}C:\program files (x86)\novation\automap\automapserver.exe] => (Allow) C:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [UDP Query User{AF1A83AD-E1EA-4982-A846-2E195476DC01}C:\program files (x86)\novation\automap\automapserver.exe] => (Allow) C:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [TCP Query User{B3BD6FE9-A0CA-41CD-9E81-D74F3FFE641F}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{8E7532A0-DA2D-4383-B376-16E684FE83D4}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [TCP Query User{9A3C1837-F2EF-418C-AB22-F1A40E51B925}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{39B413F1-B28D-4591-B5CB-218EB9BC61D6}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{380456F5-74C1-4BC7-A70A-E061FAA97685}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{D4BB67A2-2FF4-4109-994D-63CB7BB91EFD}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{BEC183E7-0ADB-4ED3-BCBA-6CE82211B587}] => (Allow) C:\Webzen\ArcticCombat\System\ArcticCombat.exe
FirewallRules: [{A57EF23F-98CB-4166-89E4-0732D0244CC9}] => (Allow) C:\Webzen\ArcticCombat\System\ArcticCombat.exe
FirewallRules: [{BA0B8858-E2C6-4142-B4D7-E5BA04234630}] => (Allow) C:\Users\Struik\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{42F7C4C1-3CBC-4B50-8F6B-C60EC9742097}] => (Allow) C:\Users\Struik\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{9E7E29D6-A921-492E-9307-F810F66F632D}C:\users\struik\desktop\cubeworld\server.exe] => (Allow) C:\users\struik\desktop\cubeworld\server.exe
FirewallRules: [UDP Query User{CC28CF8D-9137-4B33-AC1E-2943C7FF2404}C:\users\struik\desktop\cubeworld\server.exe] => (Allow) C:\users\struik\desktop\cubeworld\server.exe
FirewallRules: [TCP Query User{F6A405E9-FCB8-4FB7-98EC-41E6C75251C9}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{3F8E0A9E-6F27-4F98-9F98-8254AAEDA5D8}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{AEDA7B55-F83A-4732-A8A7-E2A77BC0AA43}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [UDP Query User{2B1EC35C-69A4-45CE-AD4F-ACC020F7ADF8}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Allow) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [TCP Query User{23790ABC-795C-467C-BF73-42F3AAACE39A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Block) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [UDP Query User{609E744C-7FBE-496A-9274-3CF7D1F6B736}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe] => (Block) C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
FirewallRules: [TCP Query User{30815332-AE86-4443-8450-1C4E1CAF38EB}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [UDP Query User{4CCBEA13-DE6F-4977-A3BA-48512B593FCD}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [TCP Query User{BBED396E-9595-4808-9193-13ED0D1FFC4B}C:\users\struik\downloads\assassin's creed ii pc full game updated v_1.01 ^^nosteam^^\assassin's creed ii\assassinscreediigame.exe] => (Allow) C:\users\struik\downloads\assassin's creed ii pc full game updated v_1.01 ^^nosteam^^\assassin's creed ii\assassinscreediigame.exe
FirewallRules: [UDP Query User{A9F39AF9-5134-434B-88B7-A07EFCDF5164}C:\users\struik\downloads\assassin's creed ii pc full game updated v_1.01 ^^nosteam^^\assassin's creed ii\assassinscreediigame.exe] => (Allow) C:\users\struik\downloads\assassin's creed ii pc full game updated v_1.01 ^^nosteam^^\assassin's creed ii\assassinscreediigame.exe
FirewallRules: [TCP Query User{083F2BC9-5EA0-4E35-8976-57CD5FCDCD32}C:\program files (x86)\novation\automap\automapserver.exe] => (Allow) C:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [UDP Query User{4A75CE5C-D663-482C-9E56-DC08C921F5CC}C:\program files (x86)\novation\automap\automapserver.exe] => (Allow) C:\program files (x86)\novation\automap\automapserver.exe
FirewallRules: [TCP Query User{D1FDF4AA-1BA1-4D1A-89DF-26B6A4488124}C:\program files (x86)\pfportchecker\pfportchecker.exe] => (Allow) C:\program files (x86)\pfportchecker\pfportchecker.exe
FirewallRules: [UDP Query User{85C1CDA3-ED1C-4F14-8D2A-6FF47454C45C}C:\program files (x86)\pfportchecker\pfportchecker.exe] => (Allow) C:\program files (x86)\pfportchecker\pfportchecker.exe
FirewallRules: [{F0A49833-D3E8-4C33-8EAB-111487897B48}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{953AEA4B-E5E7-4AE1-919F-56829FB1798E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{816DCE48-167A-457A-B4F3-D85D198D4813}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{FD7BE25D-788D-4E14-9C08-A9C85BAF7A76}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{73E5A33F-EED1-4325-9727-B71F0E841930}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2_x64.exe
FirewallRules: [UDP Query User{B54C3B6A-0B16-4D69-B260-E8C90B064900}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2_x64.exe
FirewallRules: [TCP Query User{EB45EF15-C82C-4738-8F01-AD83838E94B3}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{0AAC36C5-209B-405A-8111-11E7311FC2D6}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{5D201052-9920-4CD6-A018-CD885F905FB5}C:\program files (x86)\time4popcorn\popcorn time\popcorn-time.exe] => (Allow) C:\program files (x86)\time4popcorn\popcorn time\popcorn-time.exe
FirewallRules: [UDP Query User{9A233F58-CFC1-4972-8117-BFB2B33DB971}C:\program files (x86)\time4popcorn\popcorn time\popcorn-time.exe] => (Allow) C:\program files (x86)\time4popcorn\popcorn time\popcorn-time.exe
FirewallRules: [{4A5B9268-63E8-4E73-8796-D3212BE2BE9B}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{57209260-F417-47C2-A123-668696D233D4}] => (Allow) C:\Program Files\Ubisoft\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{F0F58073-3E0D-4F26-BCDD-C4180906B0E4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{D3A312ED-A4D0-4F3E-A7A3-CD59823CCA94}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A6050E84-C75F-41D8-9D0D-3B05B0B7CA08}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{084F4FC9-22DB-4F99-8E09-7DABEAA0F1C4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{5D4D3A5F-0BA9-4D7E-95DF-A99BD765EACB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5F78697A-E069-4873-A55B-20AD86716487}] => (Allow) LPort=2869
FirewallRules: [{F59DBC5E-2D86-4703-8778-B6445BAF891F}] => (Allow) LPort=1900
FirewallRules: [{9B371CB8-EECF-496D-BD73-CE342D9944B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{258AFB74-A0C8-4EDF-9DC7-484FCC836B6E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{BD58F618-EED3-4540-8104-D016A8B777D9}C:\program files (x86)\goofball\goofball.exe] => (Allow) C:\program files (x86)\goofball\goofball.exe
FirewallRules: [UDP Query User{83C2341A-F30D-4625-B18F-09B100E4EDD0}C:\program files (x86)\goofball\goofball.exe] => (Allow) C:\program files (x86)\goofball\goofball.exe
FirewallRules: [{C33C34EE-8FA1-43CB-B238-BD2EB04228BA}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe
FirewallRules: [{AF45FA5E-DE92-421E-B8A9-39DACD244C16}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe
FirewallRules: [TCP Query User{3C5033C6-0009-4DF8-ADCE-379B719E8DE1}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{E2DB0894-5BA3-48F9-A31E-9B94542FBFE5}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{BBF04B88-CEEF-4748-B54E-C1DCB8DB52B5}C:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Block) C:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [UDP Query User{8D7DDDF9-6E66-42CE-A09B-543794727DEC}C:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Block) C:\games\sniper ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{3E5A8932-DE65-47CF-848C-0B7337E1D5DF}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe
FirewallRules: [{B7C34E1B-8EC4-49DF-826B-45C582C7D03A}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe
FirewallRules: [{62D704B7-7F02-43DA-A15C-2CDA75DC0167}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7301A67B-0EF8-4FF4-9E1C-2888BD4D4367}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BDC81417-C4AF-49DB-866F-F90DD68F79EA}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{947A69D6-6CC5-4DCF-B1AE-D1DF55EFD6D3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{E23A59BA-97E3-4559-A648-2CE409E85B3A}C:\users\struik\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\struik\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{A7D6E69A-4073-4E71-BEA7-06A502E70AEE}C:\users\struik\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\struik\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{A61B510A-7474-41E9-8840-55299344AD0C}] => (Allow) C:\Program Files (x86)\Villagers and Heroes\VHPatcher.exe
FirewallRules: [{AF38845E-DAA5-4955-B3BF-3C896513DFAE}] => (Allow) C:\Program Files (x86)\Villagers and Heroes\VHLauncher.exe
FirewallRules: [{0BCD71F6-A014-4AF8-A567-FD7A9978FA9D}] => (Allow) C:\Program Files (x86)\Villagers and Heroes\AMysticalLandSAC\VillagersAndHeroes.exe
FirewallRules: [TCP Query User{F7114E6B-0D72-4167-AAEF-5070A29325FB}C:\users\struik\desktop\harolds stuff\cubeworld\server.exe] => (Allow) C:\users\struik\desktop\harolds stuff\cubeworld\server.exe
FirewallRules: [UDP Query User{83AE8130-8120-464B-9C6E-45CC98BF5E12}C:\users\struik\desktop\harolds stuff\cubeworld\server.exe] => (Allow) C:\users\struik\desktop\harolds stuff\cubeworld\server.exe
FirewallRules: [{512B405D-3E1D-4CBE-A07D-2A147AB17C43}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7F7843A1-55CB-4738-AE51-198EB7FEB09A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E2281FD6-BA48-4033-8968-04DBF226902A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{13F355C5-89B8-45D4-BFA8-1C560207ACBF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FB51CC38-7A2B-4848-8D5A-37359DB2813B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{0A8E8791-0434-4343-B8CE-7FB77B09776F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{EE782340-1DF5-4690-AAF7-F6D49DE4BF80}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{BCB8D303-F5BE-4811-8EB4-B548275D51B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{4DD4F072-F03D-45D5-B930-168F86407236}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [{07A986F5-0C62-47BD-A0CD-BCB41006869F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cryptic Studios\Neverwinter.exe
FirewallRules: [TCP Query User{5D841443-20E1-4BDE-A8B9-70D000800CEC}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{11C88E60-ED95-4F99-88A2-614C55126E1A}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{B2EA39AB-CA0C-4CD8-8B0D-E63A99217054}] => (Allow) C:\Users\Struik\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{6E7B0E15-E4D5-401F-9728-4FD1765DFD95}] => (Allow) C:\Users\Struik\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{5965F981-3FEC-4C72-A937-9D3C391CCFBC}] => (Allow) C:\Users\Struik\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{863D81CE-3752-4240-9FC7-A0836A115194}] => (Allow) C:\Users\Struik\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{273CFC2E-D25D-4043-B692-993509C16DD6}] => (Allow) C:\Users\Struik\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{DB709785-1E83-4161-BBCE-FDCD1AB3B8DA}] => (Allow) C:\Users\Struik\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{1AB3C787-488B-4A23-A3C8-8E98C10B7B33}] => (Allow) C:\Users\Struik\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{556959FF-4A40-4DA0-AADB-D3BE28C1D2A2}] => (Allow) C:\Users\Struik\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{6FA6AF98-0F26-4457-842F-FDCBA6AF19C6}] => (Allow) C:\Users\Struik\AppData\Local\Warframe\Downloaded\Public\Warframe.exe
FirewallRules: [{0267AEA5-E8CF-4C37-92AF-2F6C6B7638BA}] => (Allow) C:\Users\Struik\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{77D7B42B-432B-4010-914C-F1E4152D292D}] => (Allow) C:\Users\Struik\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{4296658C-172B-4DAE-BE97-B89556E9DEE0}] => (Allow) C:\Users\Struik\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{2A940BB9-8616-45C6-87FE-CA8E127B5CCC}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{6621AFCC-C5C7-479B-BCFD-B11CD08C7D80}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{66699FF1-6C59-4433-92FC-B16210490075}C:\program files (x86)\image-line\fl studio 11\fl.exe] => (Allow) C:\program files (x86)\image-line\fl studio 11\fl.exe
FirewallRules: [UDP Query User{9626DF78-9515-4658-8878-AF310B2638C1}C:\program files (x86)\image-line\fl studio 11\fl.exe] => (Allow) C:\program files (x86)\image-line\fl studio 11\fl.exe
FirewallRules: [{1C24F678-A4A1-4321-BD07-748CD8DAE12D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/17/2015 08:18:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7601.17567, tijdstempel: 0x4d672ee4
Naam van module met fout: IcarosThumbnailProvider.dll, versie: 2.2.5.302, tijdstempel: 0x53a5db21
Uitzonderingscode: 0xc0000005
Foutoffset: 0x0000000000005278
Id van proces met fout: 0x9bc
Starttijd van toepassing met fout: 0xExplorer.EXE0
Pad naar toepassing met fout: Explorer.EXE1
Pad naar module met fout: Explorer.EXE2
Rapport-id: Explorer.EXE3
 
Error: (05/17/2015 08:18:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEE4E25278
 
Error: (05/17/2015 07:47:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/17/2015 00:17:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/17/2015 10:02:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/16/2015 03:45:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/16/2015 11:39:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/16/2015 11:05:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma WINWORD.EXE, versie 0.0.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.
 
Proces-id: 16bc
 
Starttijd: 01d08fb754eba1c3
 
Eindtijd: 0
 
Toepassingspad: Q:\140061.nld\Office14\WINWORD.EXE
 
Rapport-id: a35e37b3-fbaa-11e4-9a0e-902b34a4d9dd
 
Error: (05/16/2015 11:03:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/15/2015 09:11:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: Struik-PC)
Description: Product: Adobe Reader XI - Nederlands - Update '{AC76BA86-7AD7-0000-2550-7A8C40011011}' kan niet worden geïnstalleerd. Foutcode: 1625. Windows Installer kan logboekbestanden maken om te helpen bij het oplossen van problemen tijdens het installeren van softwarepakketten. Raadpleeg de volgende koppeling voor aanwijzingen over het inschakelen van ondersteuning via logboekregistratie: http://go.microsoft.com/fwlink/?LinkId=23127
 
 
System errors:
=============
Error: (05/17/2015 07:47:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)
 
Error: (05/17/2015 03:44:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: IPBusEnum.
 
Error: (05/17/2015 00:17:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)
 
Error: (05/17/2015 10:02:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)
 
Error: (05/16/2015 07:26:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: IPBusEnum.
 
Error: (05/16/2015 04:15:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Application Virtualization Client-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (05/16/2015 04:15:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Media Player Network Sharing Service-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (05/16/2015 04:15:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De LogMeIn Hamachi Tunneling Engine-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (05/16/2015 04:15:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Application Virtualization Service Agent-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (05/16/2015 04:15:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De PnkBstrA-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
 
Microsoft Office Sessions:
=========================
Error: (05/17/2015 08:18:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4IcarosThumbnailProvider.dll2.2.5.30253a5db21c000000500000000000052789bc01d090c96a9c2cb5C:\Windows\Explorer.EXEC:\Program Files (x86)\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll13492ae6-fcc1-11e4-a36a-902b34a4d9dd
 
Error: (05/17/2015 08:18:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEE4E25278
 
Error: (05/17/2015 07:47:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/17/2015 00:17:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/17/2015 10:02:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/16/2015 03:45:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/16/2015 11:39:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/16/2015 11:05:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE0.0.0.016bc01d08fb754eba1c30Q:\140061.nld\Office14\WINWORD.EXEa35e37b3-fbaa-11e4-9a0e-902b34a4d9dd
 
Error: (05/16/2015 11:03:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/15/2015 09:11:55 PM) (Source: MsiInstaller) (EventID: 1024) (User: Struik-PC)
Description: Adobe Reader XI - Nederlands{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ X4 740 Quad Core Processor 
Percentage of memory in use: 39%
Total physical RAM: 8150.88 MB
Available physical RAM: 4901.41 MB
Total Pagefile: 16299.96 MB
Available Pagefile: 12453.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:146.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 33895A8E)
Partition 1: (Active) - (Size=100 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
thank you!

 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:56 AM

Posted 17 May 2015 - 04:08 PM

:welcome:

Hello BeFunk,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your Desktop, but you had: Running from C:\Users\Struik\Downloads) as fixlist.txt

 
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
DisableService: AppleChargerSrv
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\Run: [AdobeBridge] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com/", "", "hxxp://search.babylon.com/?affID=110211&tt=120912_cpc_3712_2&babsrc=HP_ss&mntrId=5418a96000000000000000145c889add", "hxxp://www.searchgol.com/?affID=119585&tt=gc_&babsrc=HP_ss_Btisdt7&mntrId=880AC446193A98A4", "hxxp://www.golsearch.com/?affID=119585&tt=gc_&babsrc=HP_ss_Btisdt6&mntrId=880AC446193A98A4", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyE0AyE0Dzy0D0DyDyCtD0DtN0D0Tzu0SyByDtBtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1373660556&ir="
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
Corporation)
S3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [X]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.



***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 BeFunk

BeFunk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 19 May 2015 - 06:15 AM

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by Struik at 2015-05-18 07:14:52 Run:1
Running from C:\Users\Struik\Desktop
Loaded Profiles: Struik (Available profiles: Struik)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
DisableService: AppleChargerSrv
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\Run: [AdobeBridge] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com/", "", "hxxp://search.babylon.com/?affID=110211&tt=120912_cpc_3712_2&babsrc=HP_ss&mntrId=5418a96000000000000000145c889add", "hxxp://www.searchgol.com/?affID=119585&tt=gc_&babsrc=HP_ss_Btisdt7&mntrId=880AC446193A98A4", "hxxp://www.golsearch.com/?affID=119585&tt=gc_&babsrc=HP_ss_Btisdt6&mntrId=880AC446193A98A4", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyE0AyE0Dzy0D0DyDyCtD0DtN0D0Tzu0SyByDtBtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1373660556&ir="
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
Corporation)
S3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [X]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
AppleChargerSrv service was disabled
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
AppleChargerSrv => Service deleted successfully.
Corporation) => Error: No automatic fix found for this entry.
Sony PC Companion => Service deleted successfully.
Andbus => Service deleted successfully.
AndDiag => Service deleted successfully.
AndGps => Service deleted successfully.
ANDModem => Service deleted successfully.
EagleX64 => Service deleted successfully.
EmptyTemp: => Removed 32.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 07:20:34 ====
 
checkup:
 

 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 17  
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader XI  
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.152) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
FRST:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by Struik (administrator) on STRUIK-PC on 19-05-2015 13:10:44
Running from C:\Users\Struik\Desktop
Loaded Profiles: Struik (Available profiles: Struik)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() Q:\140061.nld\Office14\WINWORD.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2015-04-30] (Nota Inc.)
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\MountPoints2: {1616e72f-0269-11e3-a0e2-902b34a4d9dd} - E:\INSTALL.EXE
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\...\MountPoints2: {59b8c7f2-2083-11e4-a7f4-902b34a4d9dd} - F:\Startme.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-2855457390-2934932292-1119176253-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2855457390-2934932292-1119176253-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-06] (Oracle Corporation)
BHO-x32: Aanmeldhulp voor Microsoft-account -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-06] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2855457390-2934932292-1119176253-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2855457390-2934932292-1119176253-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2013-04-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2855457390-2934932292-1119176253-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-10-09] ()
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-18]
CHR Extension: (Bookmark Manager) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-18]
CHR Extension: (Google Wallet) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Profile: C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-28]
CHR Extension: (Google Drive) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-28]
CHR Extension: (YouTube) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-28]
CHR Extension: (Google Search) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-28]
CHR Extension: (Google Wallet) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-28]
CHR Extension: (Gmail) - C:\Users\Struik\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-15] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R3 automap; C:\Windows\System32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-12] (Disc Soft Ltd)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-09] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [53080 2011-10-05] (Novation DMS Ltd.)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-18 07:50 - 2015-05-18 07:50 - 00000792 _____ () C:\Users\Struik\Desktop\Addition(with crash) (1).txt
2015-05-18 07:49 - 2015-05-19 13:11 - 00017882 _____ () C:\Users\Struik\Desktop\FRST.txt
2015-05-18 07:11 - 2015-05-18 07:11 - 00001049 _____ () C:\Users\Struik\Desktop\Addition(with crash) (2).txt
2015-05-18 07:05 - 2015-05-18 07:05 - 00852639 _____ () C:\Users\Struik\Downloads\SecurityCheck.exe
2015-05-18 07:05 - 2015-05-18 07:05 - 00852639 _____ () C:\Users\Struik\Desktop\SecurityCheck.exe
2015-05-17 21:46 - 2015-05-17 21:47 - 00057674 _____ () C:\Users\Struik\Downloads\Addition.txt
2015-05-17 21:45 - 2015-05-17 21:47 - 00065956 _____ () C:\Users\Struik\Downloads\FRST.txt
2015-05-17 21:43 - 2015-05-19 13:10 - 00000000 ____D () C:\FRST
2015-05-17 21:43 - 2015-05-17 21:43 - 02107392 _____ (Farbar) C:\Users\Struik\Desktop\FRST64.exe
2015-05-16 21:15 - 2015-05-16 21:15 - 00959495 _____ () C:\Users\Struik\Desktop\3c57648b0869fe676733eacb64a8b2bf.psd
2015-05-16 20:43 - 2015-05-16 20:43 - 00082804 _____ () C:\Users\Struik\Downloads\birdman.zip
2015-05-16 20:43 - 2015-05-16 20:43 - 00051831 _____ () C:\Users\Struik\Downloads\resistance_is_futile.zip
2015-05-16 17:14 - 2015-05-16 17:14 - 10545519 _____ () C:\Users\Struik\Desktop\com.snapchat.android-8.1.2-469-minAPI14.apk
2015-05-16 17:13 - 2015-05-16 17:14 - 10545519 _____ () C:\Users\Struik\Downloads\com.snapchat.android-8.1.2-469-minAPI14.apk
2015-05-16 16:15 - 2015-05-16 16:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-STRUIK-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-16 16:15 - 2015-05-16 16:15 - 00000000 ____D () C:\RegBackup
2015-05-16 16:14 - 2015-05-16 16:14 - 02719698 _____ (Thisisu) C:\Users\Struik\Downloads\JRT.exe
2015-05-16 12:31 - 2015-05-19 12:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-16 12:30 - 2015-05-16 12:30 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-16 12:30 - 2015-05-16 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-16 12:30 - 2015-05-16 12:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-16 12:30 - 2015-05-16 12:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-16 12:30 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-16 12:30 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-16 12:30 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-16 12:27 - 2015-05-16 12:28 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Struik\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-16 11:12 - 2015-05-16 11:14 - 26957525 _____ () C:\Users\Struik\Desktop\Trouwerij Jelske en Robbert (1).zip
2015-05-16 11:06 - 2015-05-16 11:16 - 19619641 _____ () C:\Users\Struik\Desktop\Jelske en Robert (1).zip
2015-05-15 13:26 - 2015-05-15 13:26 - 02209792 _____ () C:\Users\Struik\Downloads\adwcleaner_4.204.exe
2015-05-15 12:26 - 2015-05-15 12:27 - 26957525 _____ () C:\Users\Struik\Downloads\Trouwerij Jelske en Robbert.zip
2015-05-15 11:58 - 2015-05-15 11:58 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2015-05-15 11:58 - 2015-05-15 11:58 - 00000986 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2015-05-14 22:08 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 22:08 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 21:49 - 2015-05-14 21:49 - 01121836 _____ () C:\Users\Struik\Desktop\FISH.psd
2015-05-14 21:32 - 2015-05-14 21:33 - 12112918 _____ () C:\Users\Struik\Downloads\BeFunk_-_Past_Destination.flac
2015-05-14 21:23 - 2015-05-14 21:23 - 00871107 _____ () C:\Users\Struik\Desktop\Futuregareagte.flp
2015-05-14 21:08 - 2015-05-14 21:10 - 31281253 _____ () C:\Users\Struik\Downloads\BeFunk_-_Freedom_to_Funk.flac
2015-05-14 18:22 - 2015-05-14 18:23 - 36491077 _____ () C:\Users\Struik\Downloads\BeFunk_-_Future_Worlds.flac
2015-05-14 18:12 - 2015-05-14 18:12 - 06678567 _____ () C:\Users\Struik\Downloads\BeFunk. - For Traveling.m4a
2015-05-14 12:28 - 2015-05-18 07:21 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-13 10:38 - 2015-05-13 10:42 - 54936948 _____ () C:\Users\Struik\Downloads\For_Fantasy.wav
2015-05-13 10:29 - 2015-05-13 10:35 - 40887002 _____ () C:\Users\Struik\Downloads\For_Rainfall.wav
2015-05-13 10:28 - 2015-05-13 10:34 - 38380220 _____ () C:\Users\Struik\Downloads\For_Sunshine.wav
2015-05-13 10:27 - 2015-05-13 10:34 - 39693524 _____ () C:\Users\Struik\Downloads\For_Together.wav
2015-05-13 10:26 - 2015-05-13 10:34 - 53167478 _____ () C:\Users\Struik\Downloads\For_Thoughts.wav
2015-05-13 10:15 - 2015-05-13 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-05-13 10:14 - 2015-05-13 10:17 - 47232374 _____ () C:\Users\Struik\Downloads\For_Dreaming.wav
2015-05-13 10:08 - 2015-05-13 10:17 - 105841530 _____ () C:\Users\Struik\Downloads\For_Travelling.wav
2015-05-13 10:05 - 2015-05-13 10:06 - 19570540 _____ () C:\Users\Struik\Downloads\For_You.wav
2015-05-13 10:03 - 2015-05-13 10:04 - 00000000 ____D () C:\Users\Struik\Desktop\Foreverymoment
2015-05-13 09:22 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 09:22 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 09:22 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 09:22 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 09:22 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 09:22 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 09:22 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 09:22 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 09:22 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 09:22 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 09:22 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 09:22 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 09:22 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 09:22 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 09:22 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 09:22 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 09:22 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 09:22 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 09:22 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 09:22 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 09:22 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 09:22 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 09:22 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 09:22 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 09:22 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 09:22 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 09:22 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 09:22 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 09:22 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 09:22 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 09:22 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 09:22 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 09:22 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 09:22 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 09:22 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 09:22 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 09:22 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 09:22 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 09:22 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 09:22 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 09:22 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 09:22 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 09:22 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 09:22 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 09:22 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 09:22 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 09:22 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 09:22 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 09:22 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 09:22 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 09:22 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 09:22 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 09:22 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 09:22 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 09:22 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 09:22 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 09:22 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 09:22 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 09:22 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 09:21 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 09:21 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 09:21 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 09:21 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 09:21 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 09:18 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 09:18 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 09:18 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 09:17 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 09:17 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 09:17 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 09:17 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 09:17 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 09:17 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 09:17 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 09:17 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 09:17 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 09:17 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 09:17 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 09:17 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 09:17 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 09:17 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 09:17 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 09:17 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 09:17 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 09:17 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 09:17 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 09:17 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 09:17 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 09:17 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 09:17 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 09:17 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 09:17 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 09:17 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 09:17 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 09:17 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 09:17 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 09:17 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 09:17 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 09:17 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 09:17 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 09:17 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 09:17 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 09:17 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 09:17 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 09:17 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 09:16 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 09:16 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 09:16 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 09:16 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 09:16 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 09:14 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 09:14 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 09:14 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 09:14 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 09:14 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 09:14 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 09:14 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 21:32 - 2015-05-12 21:32 - 01302529 _____ (AbyssMedia.com ) C:\Users\Struik\Downloads\bpmcounter.exe
2015-05-12 21:32 - 2015-05-12 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abyssmedia
2015-05-12 21:32 - 2015-05-12 21:32 - 00000000 ____D () C:\Program Files (x86)\Abyssmedia
2015-05-12 21:04 - 2015-05-12 22:15 - 00580510 _____ () C:\Users\Struik\Desktop\For Rainfall.flp
2015-05-12 17:06 - 2015-05-12 17:06 - 07942144 _____ (ChbShoot.me) C:\Users\Struik\Downloads\TerrariaInvEdit.572.exe
2015-05-12 13:21 - 2015-05-12 13:26 - 00000000 ____D () C:\Users\Struik\Desktop\ede
2015-05-12 13:18 - 2015-05-13 10:05 - 00000000 ____D () C:\Users\Struik\Desktop\asdf
2015-05-12 13:15 - 2015-05-12 13:15 - 197455627 _____ () C:\Users\Struik\Desktop\Prezieeee.zip
2015-05-12 13:15 - 2015-05-12 13:15 - 00000000 ____D () C:\Users\Struik\Desktop\Prezieeee
2015-05-10 20:26 - 2015-05-10 20:26 - 00000000 ____D () C:\Users\Struik\Downloads\de-verhalenkoffer-hl4hrxnvfzvy (1)
2015-05-10 20:21 - 2015-05-10 20:21 - 00000000 ____D () C:\Users\Struik\Prezi
2015-05-10 20:12 - 2015-05-16 23:58 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-05-10 20:12 - 2015-05-10 20:12 - 00003890 _____ () C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-05-10 20:11 - 2015-05-10 20:11 - 00001865 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi.lnk
2015-05-10 20:11 - 2015-05-10 20:11 - 00001853 _____ () C:\Users\Public\Desktop\Prezi.lnk
2015-05-10 20:09 - 2015-05-10 20:11 - 00000000 ____D () C:\Program Files (x86)\Prezi
2015-05-10 20:07 - 2015-05-10 20:07 - 00003824 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1431281269
2015-05-10 20:07 - 2015-05-10 20:07 - 00001139 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-05-10 20:07 - 2015-05-10 20:07 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-05-10 20:05 - 2015-05-10 20:05 - 00683992 _____ (Opera Software) C:\Users\Struik\Downloads\Opera_NI_stable.exe
2015-05-10 16:39 - 2015-05-12 22:07 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\Mp3tag
2015-05-10 16:39 - 2015-05-10 16:39 - 00000983 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2015-05-10 16:39 - 2015-05-10 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-05-10 16:39 - 2015-05-10 16:39 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-05-10 16:38 - 2015-05-10 16:38 - 02906880 _____ () C:\Users\Struik\Downloads\mp3tagv270setup.exe
2015-05-10 16:20 - 2015-05-10 16:25 - 04891429 _____ () C:\Users\Struik\Desktop\Backcover album.psd
2015-05-10 13:44 - 2015-05-10 13:50 - 128490632 _____ () C:\Users\Struik\Downloads\de-verhalenkoffer-hl4hrxnvfzvy (2).zip
2015-05-09 10:16 - 2015-05-09 10:28 - 255351815 _____ () C:\Users\Struik\Downloads\wetransfer-b2ea64.zip
2015-05-08 16:59 - 2015-05-08 17:04 - 128490280 _____ () C:\Users\Struik\Downloads\de-verhalenkoffer-hl4hrxnvfzvy (1).zip
2015-05-08 11:56 - 2015-05-08 11:56 - 01974978 _____ () C:\Users\Struik\Downloads\looperman-l-0630386-0079022-mrfunktastic-trap-money-hustlas-legato-voice.wav
2015-05-08 11:55 - 2015-05-08 11:55 - 00065536 _____ () C:\Users\Struik\Downloads\looperman-l-1132158-0080218-lolboy356-trap-chant-what.wav
2015-05-08 11:16 - 2015-05-08 11:16 - 04061921 _____ () C:\Users\Struik\Downloads\expitrap.zip
2015-05-08 11:05 - 2015-05-08 11:05 - 01209746 _____ () C:\Users\Struik\Downloads\looperman-l-1528225-0083973-7venth12-808-trap-beat.wav
2015-05-08 11:04 - 2015-05-08 11:04 - 02646146 _____ () C:\Users\Struik\Downloads\looperman-l-1528225-0084063-7venth12-future-bass-808.wav
2015-05-08 10:13 - 2015-05-08 10:20 - 128493452 _____ () C:\Users\Struik\Downloads\de-verhalenkoffer-hl4hrxnvfzvy.zip
2015-05-07 22:10 - 2015-05-07 22:10 - 00000000 ____D () C:\Users\Struik\AppData\Local\openvr
2015-05-07 10:39 - 2015-05-07 10:39 - 00276304 _____ () C:\Windows\Minidump\050715-19999-01.dmp
2015-05-05 13:06 - 2015-05-05 13:06 - 00000000 ___HD () C:\Users\Struik\Desktop\.picasaoriginals
2015-05-01 10:13 - 2015-05-01 10:13 - 02721168 _____ (Microsoft Corporation) C:\Users\Struik\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2015-04-30 20:03 - 2015-04-30 20:49 - 00000000 ____D () C:\Users\Struik\Downloads\Windows 7 Ultimate SP1 x64 en-US Pre-Activated Sep2013
2015-04-28 19:40 - 2015-04-28 19:40 - 00300226 _____ () C:\Users\Struik\Downloads\13_mei_trouwen_robbert_en_jelske.psd
2015-04-26 16:49 - 2015-04-26 16:49 - 00000000 ____D () C:\Users\Struik\Downloads\Horizon Fire - Earthlight
2015-04-26 16:03 - 2015-04-26 16:07 - 89599309 _____ () C:\Users\Struik\Downloads\Horizon Fire - Earthlight.zip
2015-04-25 17:28 - 2015-04-25 17:30 - 39686732 _____ () C:\Users\Struik\Desktop\BeFunk - Classic Cars.wav
2015-04-19 20:38 - 2015-04-19 20:38 - 00082759 _____ () C:\Users\Struik\Downloads\chinese_takeaway2.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-19 12:50 - 2013-02-28 22:45 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 12:17 - 2013-03-01 13:07 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-19 11:25 - 2013-03-15 09:46 - 00000000 ____D () C:\Users\Struik\AppData\Local\Adobe
2015-05-19 11:23 - 2009-07-14 06:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-19 11:23 - 2009-07-14 06:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-19 11:19 - 2013-02-28 22:02 - 01787777 _____ () C:\Windows\WindowsUpdate.log
2015-05-19 11:15 - 2013-02-28 22:45 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-19 11:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-19 11:15 - 2009-07-14 06:51 - 00136706 _____ () C:\Windows\setupact.log
2015-05-18 22:51 - 2013-03-01 11:14 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\SoftGrid Client
2015-05-18 22:30 - 2014-09-29 21:43 - 00000000 ____D () C:\Users\Struik\AppData\Local\LogMeIn Hamachi
2015-05-18 07:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-05-17 17:49 - 2013-03-12 18:11 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\Skype
2015-05-17 15:45 - 2013-02-28 22:45 - 00004052 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 15:45 - 2013-02-28 22:45 - 00003800 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-17 14:38 - 2014-06-26 18:38 - 00000000 ____D () C:\AdwCleaner
2015-05-17 10:01 - 2013-02-28 22:45 - 00091464 _____ () C:\Users\Struik\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-17 10:01 - 2009-07-14 07:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-17 10:00 - 2010-11-21 05:47 - 00742814 _____ () C:\Windows\PFRO.log
2015-05-17 10:00 - 2009-07-14 06:45 - 05184624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 23:51 - 2014-05-12 17:20 - 00000000 ____D () C:\Users\Struik\AppData\Local\Popcorn-Time
2015-05-16 15:48 - 2013-03-01 13:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-16 15:48 - 2013-03-01 13:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-16 15:48 - 2013-03-01 13:07 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-16 15:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2015-05-16 12:11 - 2014-11-11 14:16 - 00000000 ____D () C:\Windows\pss
2015-05-16 12:10 - 2013-02-28 23:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-16 12:03 - 2013-09-06 09:38 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\.minecraft
2015-05-16 11:46 - 2013-03-31 20:32 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\BitTorrent
2015-05-15 16:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-15 11:58 - 2014-10-01 20:58 - 00003752 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2015-05-15 11:58 - 2014-10-01 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-05-15 11:58 - 2014-10-01 20:57 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2015-05-15 11:25 - 2011-04-12 15:00 - 00746200 _____ () C:\Windows\system32\perfh013.dat
2015-05-15 11:25 - 2011-04-12 15:00 - 00153894 _____ () C:\Windows\system32\perfc013.dat
2015-05-15 11:25 - 2009-07-14 07:13 - 01672440 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 11:17 - 2011-04-12 15:11 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 11:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 19:00 - 2014-03-15 22:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-14 19:00 - 2014-03-14 22:56 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\FileZilla
2015-05-14 19:00 - 2013-08-12 11:20 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\DAEMON Tools Lite
2015-05-14 19:00 - 2013-03-12 14:14 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\Sony
2015-05-14 12:22 - 2013-07-11 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 12:22 - 2013-07-11 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 13:14 - 2013-03-01 11:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-13 13:14 - 2013-02-28 23:16 - 01699322 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-13 13:12 - 2013-03-01 11:22 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 13:12 - 2013-03-01 11:21 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 13:12 - 2013-03-01 11:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 13:12 - 2013-03-01 11:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 13:11 - 2013-08-08 14:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 12:59 - 2013-03-26 14:36 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 12:57 - 2013-07-11 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 16:04 - 2014-04-25 09:50 - 00000000 ____D () C:\Users\Struik\AppData\Local\Warframe
2015-05-11 06:50 - 2013-10-17 17:01 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-10 22:35 - 2013-03-07 23:00 - 00000000 ____D () C:\Users\Struik\Desktop\fl studio stuff
2015-05-10 20:21 - 2013-02-28 22:39 - 00000000 ____D () C:\Users\Struik
2015-05-10 20:07 - 2013-10-17 17:02 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\Opera Software
2015-05-10 20:07 - 2013-10-17 17:02 - 00000000 ____D () C:\Users\Struik\AppData\Local\Opera Software
2015-05-10 16:45 - 2013-03-01 15:19 - 00000000 ____D () C:\Users\Struik\Desktop\harolds stuff
2015-05-10 13:22 - 2015-04-13 19:25 - 00000000 ____D () C:\Users\Struik\Desktop\Foto's jelske
2015-05-09 17:48 - 2013-04-04 12:39 - 00000000 ____D () C:\Users\Struik\Documents\school Lena
2015-05-07 10:39 - 2013-08-26 08:22 - 624517774 _____ () C:\Windows\MEMORY.DMP
2015-05-07 10:39 - 2013-08-26 08:22 - 00000000 ____D () C:\Windows\Minidump
2015-05-05 13:24 - 2015-01-28 18:27 - 00016384 _____ () C:\Users\Struik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-01 19:38 - 2013-05-15 14:40 - 00000000 ____D () C:\Users\Struik\AppData\Local\Paint.NET
2015-04-30 21:09 - 2013-03-18 20:47 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\vlc
2015-04-30 10:34 - 2013-03-12 18:11 - 00000000 ____D () C:\ProgramData\Skype
2015-04-26 11:08 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-25 19:32 - 2014-09-24 19:29 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\dvdcss
2015-04-22 22:05 - 2013-03-02 14:33 - 00000000 ____D () C:\Users\Struik\AppData\Roaming\Adobe
 
==================== Files in the root of some directories =======
 
2013-11-05 16:32 - 2015-04-17 18:15 - 0000132 _____ () C:\Users\Struik\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-01-21 20:26 - 2014-03-31 19:31 - 0000141 _____ () C:\Users\Struik\AppData\Roaming\WB.CFG
2015-01-28 18:27 - 2015-05-05 13:24 - 0016384 _____ () C:\Users\Struik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-11 16:03 - 2013-04-11 16:03 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Public\Cracked Minecraft Un-installerl.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 13:32
 
==================== End Of Log ============================


#4 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:56 AM

Posted 19 May 2015 - 07:01 AM

Hello BeFunk,


Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 8 and save it to your desktop.
  • Under "Java Platform, Standard Edition"...click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select (click on) the download link for your operating system (Windows x86 Offline: jre-8u**-windows-i586.exe or Windows x64: jre-8u**-windows-x64.exe) and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-8u25-windows-i586.exe (or jre-8u25-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

---


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:56 AM

Posted 21 May 2015 - 12:41 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 BeFunk

BeFunk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 21 May 2015 - 01:41 AM

malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scandatum: 20-5-2015
Scantijd: 21:01:51
Logbestand: Malwarebytes scanlog.txt
Beheerder: Ja
 
Versie: 0.00.0.0000
Malware Gegevensbestand: v2015.05.20.05
Rootkit Gegevensbestand: v2015.05.16.01
Licentie: Proef
Malwarebescherming: Ingeschakeld
Kwaadaardige Website Bescherming: Ingeschakeld
Zelfbescherming: Uitgeschakeld
 
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Struik
 
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 374669
Verstreken Tijd: 22 m, 42 s
 
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
 
Processen: 0
(Geen kwaadaardige items gedetecteerd)
 
Modules: 0
(Geen kwaadaardige items gedetecteerd)
 
Registersleutels: 0
(Geen kwaadaardige items gedetecteerd)
 
Registerwaardes: 0
(Geen kwaadaardige items gedetecteerd)
 
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
 
Mappen: 0
(Geen kwaadaardige items gedetecteerd)
 
Bestanden: 0
(Geen kwaadaardige items gedetecteerd)
 
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
 
 
(end)
 
eset scan log:
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\322cb724-1680-423d-8862-1b52ca5027ad\updater.bak.vir a variant of Win32/BrowseFox.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\322cb724-1680-423d-8862-1b52ca5027ad\updater.exe.vir a variant of Win32/BrowseFox.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll.vir a variant of Win32/Toolbar.Montiera.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\uninstall.exe.vir a variant of Win32/InstallCore.YX potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll.vir a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sale Charger\Uninstaller.exe.vir Win32/BrowseFox.AZ potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugincontainer.bak.vir a variant of Win32/BrowseFox.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugincontainer.exe.vir a variant of Win32/BrowseFox.AU potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\2\Plugin.exe.vir a variant of Win32/BrowseFox.AP potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\2bak\Plugin.exe.vir a variant of Win32/BrowseFox.AP potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\3\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\3bak\Plugin.exe.vir a variant of Win32/BrowseFox.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\8\Plugin.exe.vir a variant of Win32/BrowseFox.AT potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugins\8bak\Plugin.exe.vir a variant of Win32/BrowseFox.AT potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\Struik\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Struik\AppData\Roaming\Mysearchdial\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Struik\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\ProgramData\InstallMate\{0AEB0AC5-C8EC-4311-A1FA-80CED1082833}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{0AEB0AC5-C8EC-4311-A1FA-80CED1082833}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\Struik\Downloads\Core-Temp-installer.exe Win32/Somoto.Q potentially unwanted application
C:\Users\Struik\Downloads\dfdownloader_BJx9iO_.exe a variant of Win32/DepoDownloader.A potentially unwanted application
C:\Users\Struik\Downloads\dfdownloader_G8MhTF_.exe a variant of Win32/DepoDownloader.A potentially unwanted application
C:\Users\Struik\Downloads\FileZilla_3.7.4.1_win32-setup.exe a variant of Win32/Injected.F trojan
C:\Users\Struik\Downloads\install_flash_player.exe multiple threats
C:\Users\Struik\Downloads\Minecraft_1.7.2.exe Win32/OneInstaller.C potentially unwanted application
C:\Users\Struik\Downloads\PFPortChecker.exe Win32/InstallMonetizer.AN potentially unwanted application
C:\Users\Struik\Downloads\Assassin's Creed II PC full game updated v_1.01 ^^nosTEAM^^\Assassin's Creed II\loader.exe a variant of Win32/Packed.VMProtect.AAA trojan
C:\Users\Struik\Downloads\Assassin's Creed II PC full game updated v_1.01 ^^nosTEAM^^\Assassin's Creed II\Play_ASC2.exe a variant of Win32/Packed.VMProtect.AAA trojan
C:\Users\Struik\Downloads\Assassin's Creed II PC full game updated v_1.01 ^^nosTEAM^^\Assassin's Creed II\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan
 
adware is still here, but eset did not remove the detected threats though.
 
adblock can block the popups though but the sidebars are still here:
 


#7 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:56 AM

Posted 21 May 2015 - 02:32 AM

Hello BeFunk,

many items ESET found, are already in C:\AdwCleaner\Quarantine\C\..
We delete the rest now.
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
C:\ProgramData\InstallMate\{0AEB0AC5-C8EC-4311-A1FA-80CED1082833}\Custom.dll
C:\Users\All Users\InstallMate\{0AEB0AC5-C8EC-4311-A1FA-80CED1082833}\Custom.dll
C:\Users\Struik\Downloads\Core-Temp-installer.exe
C:\Users\Struik\Downloads\dfdownloader_BJx9iO_.exe
C:\Users\Struik\Downloads\dfdownloader_G8MhTF_.exe
C:\Users\Struik\Downloads\FileZilla_3.7.4.1_win32-setup.exe
C:\Users\Struik\Downloads\install_flash_player.exe
C:\Users\Struik\Downloads\Minecraft_1.7.2.exe
C:\Users\Struik\Downloads\PFPortChecker.exe
C:\Users\Struik\Downloads\Assassin's Creed II PC full game updated v_1.01 ^^nosTEAM^^\Assassin's Creed II\loader.exe
C:\Users\Struik\Downloads\Assassin's Creed II PC full game updated v_1.01 ^^nosTEAM^^\Assassin's Creed II\Play_ASC2.exe
C:\Users\Struik\Downloads\Assassin's Creed II PC full game updated v_1.01 ^^nosTEAM^^\Assassin's Creed II\ubiorbitapi_r2.dll 
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. DSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:56 AM

Posted 26 May 2015 - 06:32 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 BeFunk

BeFunk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 26 May 2015 - 10:45 AM

hey Jo!

 

thank you for your help so far! 

the ads are gone! :thumbup2:  i have malwarebytes constantly running and the computer seems clean to me!

 

if you want me to do some final tests, tell me.



#10 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:56 AM

Posted 26 May 2015 - 10:53 AM

Did you follow the instructions from post #7 http://www.bleepingcomputer.com/forums/t/576488/sale-charger-adware-does-not-go-away/#entry3712178

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:56 AM

Posted 29 May 2015 - 02:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users