Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Globasearch.com browser redirect


  • Please log in to reply
23 replies to this topic

#1 Pjotr7

Pjotr7

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 01 July 2015 - 04:13 AM

Dears

 

I'm looking for help in removing an infection with Globasearch.com on my PC (Windows 8)

 

When opening IE, I'm redirected to one of these pages : 

- webswitch.tk

- seehub.tk

- bettersearch.tk

 

Also, chrome behaves a bit strange.

 

What I tried so far (note : translated from Dutch) :

 

1) IE

- internet options > reset home page

- internet options > advanced > reset advanced settings

- internet options > advances > reset > remove personal settings

- manage extensions (nothing really suspect to be seen)

 

Note : resetting IE like this makes that it looks like it's working normally, but upon reboot everything is back as it was.... During startup a strange "Setup" icon appears for a while in the bottom menu bar.

 

2) Chrome

- settings > extensions (nothing really suspect to be seen)

 

3) Windows

- I didn't find a suspect program to uninstal in the installed programs list nor in the startup list

- in the App list I see some leftovers from Handbrake

- in the C: > program files x86 > Common ; I see some leftovers from Aimersoft

 

All help is appreciated !

 

P7

 



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:50 PM

Posted 01 July 2015 - 04:23 AM

Hello and welcome,

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

§  Flush DNS

§  Report IE Proxy Settings

§  Reset IE Proxy Settings

§  Report FF Proxy Settings

§  Reset FF Proxy Settings

§  List content of Hosts

§  List IP configuration

§  List Winsock Entries

§  List last 10 Event Viewer log

§  List Installed Programs

§  List Devices

§  List Users, Partitions and Memory size.

§  List Minidump Files

§  List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

-----

 

ESET Online Scanner

§  Click here to download the installer for ESET Online Scanner and save it to your Desktop.

§  Disable all your antivirus and antimalware software - see how to do that here.

§  Right click on esetsmartinstaller_enu.exe and select Run as Administrator.

§  Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.

§  Select Enable detection of potentially unwanted applications.

§  Click Advanced Settings, then place a checkmark in the following:

o    Remove found threats

o    Scan archives

o    Scan for potentially unsafe applications

o    Enable Anti-Stealth technology

§  Click Start to begin scanning.

§  ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.

§  When the scan is done, click List threats (only available if ESET Online Scanner found something).

§  Click Export, then save the file to your desktop.

§  Click Back, then Finish to exit ESET Online Scanner.

 

-----

 

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.

NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.



If you already have MBAM 2.0 installed:

 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

 

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

 

--------

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  Click on Scan button.

§  When the scan has finished click on Clean button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

------

 

Please download Junkware Removal Tool to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 Pjotr7

Pjotr7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 01 July 2015 - 07:05 AM

Dear Severac,

 

Thanks for your kind reply.

 

For the first step : here is the result (in text) :

 

Logfile of random's system information tool 1.10 (written by random/random)
Run by Pieter at 2015-07-01 11:33:09
Microsoft Windows 8.1
System drive C: has 63 GB (52%) free of 122 GB
Total RAM: 16338 MB (87% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:23, on 1/07/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Pieter\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Pieter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=211&b=3&installkey=bbyeCcKCXf3EM7Nnl0YN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [DelaypluginInstall] C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe
O4 - HKCU\..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Pieter\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - Startup: Dropbox.lnk = Pieter\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: WSAMVCUchrome - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10025 bytes

======Listing Processes======

 

 

wininit.exe

winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session -first
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
dashost.exe {4aa8491e-fc3f-4057-988c28b55959b831}
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e1d9ed49-4026-412f-a218-25ae3680833e -SystemEventPortName:HostProcess-2db95f2a-3d37-4cc1-9054-94c08c1bf088 -IoCancelEventPortName:HostProcess-a3633c52-a7fc-4752-8fd6-6192f3496718 -NonStateChangingEventPortName:HostProcess-d3786e69-211b-458b-9218-9d4dcc96c081 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b94c5784-83da-4256-ab28-e82d3de9cb37 -DeviceGroupId:WpdFsGroup
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\WINDOWS\system32\GWX\GWX.exe"
"C:\Users\Pieter\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe" --onOSstartup=true --showwindow=false --waitForRegistration=true
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --no-sandbox --user-agent="Mozilla/5.0 (Windows NT 6.3.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 CreativeCloud/2.0.0.74" --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-severity=disable --channel="3732.0.1450323644\280282365" /prefetch:673131151
"C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3788 CREDAT:267521 /prefetch:2
"C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3788 CREDAT:3151322 /prefetch:2
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3788 CREDAT:726509 /prefetch:2
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3788 CREDAT:3151106 /prefetch:2

"C:\Users\Pieter\AppData\Local\Microsoft\Windows\INetCache\IE\HFQ0WCI9\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2325574770-147232080-113212408-1001Core.job - C:\Users\Pieter\AppData\Local\Dropbox\Update\DropboxUpdate.exe  /c
C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-2325574770-147232080-113212408-1001UA.job - C:\Users\Pieter\AppData\Local\Dropbox\Update\DropboxUpdate.exe  /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-22 662672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-14 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-03-30 500936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2015-04-07 169768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CAHeadless"=C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [2012-09-17 840784]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2015-04-26 43816]
"Dropbox Update"=C:\Users\Pieter\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-13 134512]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2015-03-20 60712]
"Nikon Message Center 2"=C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [2011-10-30 571392]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-05-13 5515496]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-10-02 421888]
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2015-04-20 2584240]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-10 271744]
"Aimersoft Helper Compact.exe"=C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014-10-31 2066432]
"DelaypluginInstall"=C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ImageBrowser EX Agent.lnk - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
Spyder3Utility.lnk - C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe

C:\Users\Pieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Pieter\AppData\Roaming\Dropbox\bin\Dropbox.exe
OneNote 2010 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-07-01 11:33:09 ----D---- C:\rsit
2015-07-01 11:33:09 ----D---- C:\Program Files\trend micro
2015-06-13 07:49:59 ----D---- C:\ProgramData\Dropbox
2015-06-10 11:06:32 ----A---- C:\WINDOWS\system32\invagent.dll
2015-06-10 11:06:32 ----A---- C:\WINDOWS\system32\generaltel.dll
2015-06-10 11:06:32 ----A---- C:\WINDOWS\system32\devinv.dll
2015-06-10 11:06:32 ----A---- C:\WINDOWS\system32\appraiser.dll
2015-06-10 11:06:32 ----A---- C:\WINDOWS\system32\aepic.dll
2015-06-10 11:06:32 ----A---- C:\WINDOWS\system32\aepdu.dll
2015-06-10 11:06:32 ----A---- C:\WINDOWS\system32\aeinv.dll
2015-06-10 11:06:32 ----A---- C:\WINDOWS\system32\acmigration.dll
2015-06-10 11:06:31 ----A---- C:\WINDOWS\system32\puiobj.dll
2015-06-10 11:06:31 ----A---- C:\WINDOWS\system32\localspl.dll
2015-06-10 11:06:30 ----A---- C:\WINDOWS\SYSWOW64\puiobj.dll
2015-06-10 11:06:30 ----A---- C:\WINDOWS\system32\compstui.dll
2015-06-10 11:06:28 ----A---- C:\WINDOWS\SYSWOW64\rastapi.dll
2015-06-10 11:06:28 ----A---- C:\WINDOWS\system32\UtcResources.dll
2015-06-10 11:06:28 ----A---- C:\WINDOWS\system32\rastapi.dll
2015-06-10 11:06:28 ----A---- C:\WINDOWS\system32\diagtrack.dll
2015-06-10 11:06:26 ----A---- C:\WINDOWS\SYSWOW64\rgb9rast.dll
2015-06-10 11:06:26 ----A---- C:\WINDOWS\SYSWOW64\msftedit.dll
2015-06-10 11:06:26 ----A---- C:\WINDOWS\system32\msftedit.dll
2015-06-10 11:06:20 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2015-06-10 11:06:20 ----A---- C:\WINDOWS\SYSWOW64\authz.dll
2015-06-10 11:06:20 ----A---- C:\WINDOWS\system32\tquery.dll
2015-06-10 11:06:20 ----A---- C:\WINDOWS\system32\mssrch.dll
2015-06-10 11:06:20 ----A---- C:\WINDOWS\system32\authz.dll
2015-06-10 11:06:19 ----AC---- C:\WINDOWS\system32\drivers\USBXHCI.SYS
2015-06-10 11:06:19 ----A---- C:\WINDOWS\SYSWOW64\UIAutomationCore.dll
2015-06-10 11:06:19 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2015-06-10 11:06:19 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2015-06-10 11:06:19 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2015-06-10 11:06:19 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2015-06-10 11:06:19 ----A---- C:\WINDOWS\SYSWOW64\mssph.dll
2015-06-10 11:06:19 ----A---- C:\WINDOWS\SYSWOW64\comctl32.dll
2015-06-10 11:06:19 ----A---- C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 11:06:19 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 11:06:19 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 11:06:19 ----A---- C:\WINDOWS\system32\mssvp.dll
2015-06-10 11:06:19 ----A---- C:\WINDOWS\system32\mssphtb.dll
2015-06-10 11:06:19 ----A---- C:\WINDOWS\system32\mssph.dll
2015-06-10 11:06:19 ----A---- C:\WINDOWS\system32\mshtml.dll
2015-06-10 11:06:19 ----A---- C:\WINDOWS\system32\comctl32.dll
2015-06-10 11:06:18 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2015-06-10 11:06:17 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2015-06-10 11:06:17 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2015-06-10 11:06:17 ----A---- C:\WINDOWS\system32\wininet.dll
2015-06-10 11:06:17 ----A---- C:\WINDOWS\system32\jscript9.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\SYSWOW64\actxprxy.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\webcheck.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\vbscript.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\urlmon.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\mshtmled.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\jscript.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\inetcomm.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\ieui.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\iepeers.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\ieframe.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\dxtrans.dll
2015-06-10 11:06:16 ----A---- C:\WINDOWS\system32\actxprxy.dll
2015-06-10 11:06:12 ----A---- C:\WINDOWS\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2015-07-01 11:33:09 ----D---- C:\Program Files
2015-07-01 11:29:41 ----D---- C:\WINDOWS\Prefetch
2015-07-01 11:21:06 ----D---- C:\WINDOWS\Temp
2015-07-01 11:00:00 ----D---- C:\WINDOWS\system32\sru
2015-07-01 10:13:07 ----RD---- C:\WINDOWS\System32
2015-07-01 10:13:07 ----D---- C:\WINDOWS\Inf
2015-07-01 10:13:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-01 09:29:21 ----D---- C:\WINDOWS\Microsoft.NET
2015-07-01 08:47:15 ----D---- C:\Users\Pieter\AppData\Roaming\Dropbox
2015-07-01 08:46:19 ----D---- C:\ProgramData\NVIDIA
2015-07-01 07:21:41 ----D---- C:\WINDOWS\Tasks
2015-07-01 07:21:41 ----D---- C:\WINDOWS\system32\Tasks
2015-07-01 06:45:32 ----D---- C:\Program Files\Google
2015-07-01 06:45:32 ----D---- C:\Program Files (x86)\Google
2015-06-30 22:51:22 ----HD---- C:\ProgramData
2015-06-30 22:51:21 ----SHD---- C:\WINDOWS\Installer
2015-06-30 20:48:03 ----D---- C:\WINDOWS\system32\config
2015-06-29 18:22:47 ----D---- C:\WINDOWS\SysWOW64
2015-06-27 18:14:08 ----SHD---- C:\System Volume Information
2015-06-27 15:44:35 ----D---- C:\WINDOWS\system32\drivers
2015-06-27 10:41:49 ----HD---- C:\Program Files\WindowsApps
2015-06-27 10:41:49 ----D---- C:\WINDOWS\AppReadiness
2015-06-24 16:46:10 ----D---- C:\WINDOWS\WinSxS
2015-06-24 16:46:10 ----D---- C:\WINDOWS\CbsTemp
2015-06-20 05:02:45 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2015-06-13 09:04:44 ----D---- C:\WINDOWS\rescache
2015-06-13 08:53:45 ----D---- C:\WINDOWS\system32\DriverStore
2015-06-13 08:53:03 ----D---- C:\WINDOWS\system32\catroot2
2015-06-10 18:40:06 ----SD---- C:\WINDOWS\system32\CompatTel
2015-06-10 18:40:06 ----RD---- C:\WINDOWS\ToastData
2015-06-10 18:40:06 ----D---- C:\WINDOWS\SYSWOW64\nl-NL
2015-06-10 18:40:06 ----D---- C:\WINDOWS\system32\nl-NL
2015-06-10 18:40:06 ----D---- C:\WINDOWS\system32\appraiser
2015-06-10 18:40:06 ----D---- C:\WINDOWS\PolicyDefinitions
2015-06-10 18:40:06 ----D---- C:\WINDOWS\apppatch
2015-06-10 18:40:06 ----D---- C:\Program Files\Internet Explorer
2015-06-10 18:40:06 ----D---- C:\Program Files (x86)\Internet Explorer
2015-06-10 12:38:47 ----D---- C:\ProgramData\Microsoft Help
2015-06-10 12:38:13 ----D---- C:\WINDOWS\system32\MRT
2015-06-10 12:36:49 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2015-04-22 65736]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2015-04-22 272248]
R0 PxHlpa64;PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2012-08-10 56336]
R0 Wof;Windows Overlay File System Filter Driver; C:\WINDOWS\system32\drivers\Wof.sys [2014-03-13 157016]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2015-04-22 93528]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2015-04-22 1047320]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2015-06-27 442264]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2015-04-22 29168]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2015-04-22 89944]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2015-04-22 137288]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 MEIx64;@oem4.inf,%HECI_SvcDesc%;Intel® Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2013-01-11 64624]
R3 NVHDA;@oem11.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2013-09-17 196384]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2013-09-17 11274528]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT-stuurprogramma; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 WUDFSensorLP;@locationprovider.inf,%WudfLocationProviderDisplayName%;UMDF-reflectorservice voor LocationProvider; C:\WINDOWS\System32\drivers\WUDFRd.sys [2014-10-29 226304]
R3 WUDFWpdFs;WUDFWpdFs; C:\WINDOWS\System32\drivers\WUDFRd.sys [2014-10-29 226304]
R3 WUDFWpdMtp;WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [2014-10-29 226304]
S3 Spyder3;@oem9.inf,%SpyderName%;Datacolor Spyder3; C:\WINDOWS\System32\drivers\Spyder3.sys [2010-03-30 15360]
S3 WDC_SAM;@oem30.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\WINDOWS\System32\drivers\wdcsam64.sys [2015-01-27 14464]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\WINDOWS\System32\drivers\WinUsb.sys [2013-08-22 78848]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-17 171600]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-06-12 82112]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-01-20 77128]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-04-22 343336]
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2013-09-12 920864]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2015-04-07 643880]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-18 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-26 1260320]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-18 116648]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

-----------------EOF-----------------

 



#4 Pjotr7

Pjotr7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 01 July 2015 - 07:09 AM

Dear Severac,

 

About the second step (ESET Online Scanner), what should one do with the output ? Where is it used ?

 

Kr, P.



#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:50 PM

Posted 01 July 2015 - 07:16 AM

Hi, I didn't ask for RSIT log, I asked for Mini Tool Box log. 

 

I don't fully understand second question. Eset will check for signs of infections.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 Pjotr7

Pjotr7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 01 July 2015 - 07:24 AM

Hi severac, I'm sorry, I've been trying some things in vain. Should I already proceed with the seond step or wait? Here's the correct log :

 

MiniToolBox by Farbar  Version: 01-07-2015
Ran by Pieter (administrator) on 01-07-2015 at 14:00:25
Running from "D:\Pieter\Desktop"
Microsoft Windows 8.1  (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek PCIe GBE Family-controller = Ethernet (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="LAN-verbinding* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : tonesPC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Realtek PCIe GBE Family-controller
   Physical Address. . . . . . . . . : 10-BF-48-BA-47-97
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2a02:a03f:12:f200:55e1:dcc3:973d:b17c(Preferred)
   Temporary IPv6 Address. . . . . . : 2a02:a03f:12:f200:8d05:ec53:49b8:5f44(Preferred)
   Link-local IPv6 Address . . . . . : fe80::55e1:dcc3:973d:b17c%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : woensdag 1 juli 2015 8:46:24
   Lease Expires . . . . . . . . . . : woensdag 1 juli 2015 14:46:26
   Default Gateway . . . . . . . . . : fe80::9e97:26ff:fe98:e3f2%3
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 252755784
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-47-02-33-10-BF-48-BA-47-97
   DNS Servers . . . . . . . . . . . : fe80::9e97:26ff:fe98:e3f2%3
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.lan:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter LAN-verbinding* 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:10c9:f6a:ae0c:676f(Preferred)
   Link-local IPv6 Address . . . . . : fe80::10c9:f6a:ae0c:676f%5(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 83886080
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-47-02-33-10-BF-48-BA-47-97
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  fe80::9e97:26ff:fe98:e3f2

Name:    google.com
Addresses:  2a00:1450:400c:c05::65
   194.78.99.187
   194.78.99.152
   194.78.99.181
   194.78.99.166
   194.78.99.173
   194.78.99.146
   194.78.99.174
   194.78.99.160
   194.78.99.153
   194.78.99.159
   194.78.99.180
   194.78.99.167

Pinging google.com [2a00:1450:400c:c00::65] with 32 bytes of data:
Reply from 2a00:1450:400c:c00::65: time=28ms
Reply from 2a00:1450:400c:c00::65: time=27ms

Ping statistics for 2a00:1450:400c:c00::65:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 27ms, Maximum = 28ms, Average = 27ms
Server:  UnKnown
Address:  fe80::9e97:26ff:fe98:e3f2

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
   2001:4998:58:c02::a9
   2001:4998:44:204::a7
   98.138.253.109
   206.190.36.45
   98.139.183.24

Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=123ms
Reply from 2001:4998:58:c02::a9: time=123ms

Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 123ms, Maximum = 123ms, Average = 123ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...10 bf 48 ba 47 97 ......Realtek PCIe GBE Family-controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    266
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    266
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    266 ::/0                     fe80::9e97:26ff:fe98:e3f2
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:9d38:6abd:10c9:f6a:ae0c:676f/128
                                    On-link
  3    266 2a02:a03f:12:f200::/56   fe80::9e97:26ff:fe98:e3f2
  3    266 2a02:a03f:12:f200::/64   On-link
  3    266 2a02:a03f:12:f200:55e1:dcc3:973d:b17c/128
                                    On-link
  3    266 2a02:a03f:12:f200:8d05:ec53:49b8:5f44/128
                                    On-link
  3    266 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::10c9:f6a:ae0c:676f/128
                                    On-link
  3    266 fe80::55e1:dcc3:973d:b17c/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    266 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/01/2015 10:27:29 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume Door systeem gereserveerd is niet geoptimaliseerd, omdat er een fout is opgetreden: De parameter is onjuist. (0x80070057)

Error: (07/01/2015 09:29:13 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume Door systeem gereserveerd is niet geoptimaliseerd, omdat er een fout is opgetreden: De parameter is onjuist. (0x80070057)

Error: (07/01/2015 08:27:36 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume Door systeem gereserveerd is niet geoptimaliseerd, omdat er een fout is opgetreden: De parameter is onjuist. (0x80070057)

Error: (06/29/2015 09:51:02 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume Door systeem gereserveerd is niet geoptimaliseerd, omdat er een fout is opgetreden: De parameter is onjuist. (0x80070057)

Error: (06/29/2015 08:47:44 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (06/28/2015 09:53:04 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume Door systeem gereserveerd is niet geoptimaliseerd, omdat er een fout is opgetreden: De parameter is onjuist. (0x80070057)

Error: (06/27/2015 04:03:58 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume Door systeem gereserveerd is niet geoptimaliseerd, omdat er een fout is opgetreden: De parameter is onjuist. (0x80070057)

Error: (06/27/2015 10:41:42 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume Door systeem gereserveerd is niet geoptimaliseerd, omdat er een fout is opgetreden: De parameter is onjuist. (0x80070057)

Error: (06/24/2015 08:21:15 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume Door systeem gereserveerd is niet geoptimaliseerd, omdat er een fout is opgetreden: De parameter is onjuist. (0x80070057)

Error: (06/21/2015 03:40:26 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume Door systeem gereserveerd is niet geoptimaliseerd, omdat er een fout is opgetreden: De parameter is onjuist. (0x80070057)

System errors:
=============
Error: (07/01/2015 08:48:22 AM) (Source: Service Control Manager) (User: )
Description: De NVIDIA Update Service Daemon-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (07/01/2015 08:48:22 AM) (Source: Service Control Manager) (User: )
Description: De nvUpdatusService-service kan niet als .\UpdatusUser met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%1330

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (07/01/2015 06:47:38 AM) (Source: Service Control Manager) (User: )
Description: De NVIDIA Update Service Daemon-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (07/01/2015 06:47:38 AM) (Source: Service Control Manager) (User: )
Description: De nvUpdatusService-service kan niet als .\UpdatusUser met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%1330

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (06/30/2015 10:36:14 PM) (Source: Service Control Manager) (User: )
Description: De NVIDIA Update Service Daemon-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (06/30/2015 10:36:14 PM) (Source: Service Control Manager) (User: )
Description: De nvUpdatusService-service kan niet als .\UpdatusUser met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%1330

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (06/30/2015 09:17:33 PM) (Source: Service Control Manager) (User: )
Description: De NVIDIA Update Service Daemon-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (06/30/2015 09:17:33 PM) (Source: Service Control Manager) (User: )
Description: De nvUpdatusService-service kan niet als .\UpdatusUser met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%1330

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (06/30/2015 09:04:27 PM) (Source: Service Control Manager) (User: )
Description: De NVIDIA Update Service Daemon-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (06/30/2015 09:04:27 PM) (Source: Service Control Manager) (User: )
Description: De nvUpdatusService-service kan niet als .\UpdatusUser met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%1330

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Microsoft Office Sessions:
=========================
Error: (07/01/2015 10:27:29 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: Door systeem gereserveerdDe parameter is onjuist. (0x80070057)

Error: (07/01/2015 09:29:13 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: Door systeem gereserveerdDe parameter is onjuist. (0x80070057)

Error: (07/01/2015 08:27:36 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: Door systeem gereserveerdDe parameter is onjuist. (0x80070057)

Error: (06/29/2015 09:51:02 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: Door systeem gereserveerdDe parameter is onjuist. (0x80070057)

Error: (06/29/2015 08:47:44 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883

Error: (06/28/2015 09:53:04 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: Door systeem gereserveerdDe parameter is onjuist. (0x80070057)

Error: (06/27/2015 04:03:58 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: Door systeem gereserveerdDe parameter is onjuist. (0x80070057)

Error: (06/27/2015 10:41:42 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: Door systeem gereserveerdDe parameter is onjuist. (0x80070057)

Error: (06/24/2015 08:21:15 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: Door systeem gereserveerdDe parameter is onjuist. (0x80070057)

Error: (06/21/2015 03:40:26 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: Door systeem gereserveerdDe parameter is onjuist. (0x80070057)

CodeIntegrity Errors:
===================================
  Date: 2015-04-22 19:31:36.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-22 19:31:34.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-22 19:31:34.501
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-22 19:31:34.344
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-22 19:31:34.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-22 19:31:33.922
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-22 19:31:33.672
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-22 19:31:33.500
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-22 19:31:33.250
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-22 19:31:33.094
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

=========================== Installed Programs ============================

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.0.0.74 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\{66CF1DF9-1715-4325-89BC-76B1CA2EE3BE}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BookWright version 1.0.51 (HKLM-x32\...\{C17978EB-5A2C-40E3-B351-F03A27245BF9}_is1) (Version: 1.0.51 - Blurb, Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.7.0.3 - )
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.52.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.3.1 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.1.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.19.43 - )
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.0.1.0 - )
Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.1.0.7 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.9.0.1 - Canon Inc.)
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.3.0 - NIKON CORPORATION)
Distortion Control Data (HKLM-x32\...\{B08B4896-886C-4644-8664-BBA4CE99D318}) (Version: 1.00.0000 - Nikon)
Dropbox (HKCU\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
FUJIFILM MyFinePix Studio 4.0 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hugin 2012.0.0 (HKLM-x32\...\Hugin) (Version: 2012.0.0 hg_a6e4184ad538 - The Hugin Development Team)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
NVIDIA 3D Vision stuurprogramma 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafisch stuurprogramma 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.11 - Nikon)
PRE11 STI 64Installer (HKLM-x32\...\{B614E5FA-6DA4-45A1-845C-52F870240A89}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAF (HKLM-x32\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
RAW FILE CONVERTER EX powered by SILKYPIX (HKLM-x32\...\{30B1CCDB-209B-4E94-8311-379F2E6B6B59}) (Version: 3 - Ichikawa Soft Laboratory) Hidden
RAW FILE CONVERTER EX powered by SILKYPIX (HKLM-x32\...\InstallShield_{30B1CCDB-209B-4E94-8311-379F2E6B6B59}) (Version: 3 - Ichikawa Soft Laboratory)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spyder3Pro (HKLM-x32\...\Spyder3Pro) (Version:  - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.4 - Nikon)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 16337.96 MB
Available physical RAM: 13981.5 MB
Total Virtual: 19337.96 MB
Available Virtual: 16470.08 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:118.9 GB) (Free:61.61 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:1863.01 GB) (Free:350.62 GB) NTFS

========================= Users: ========================================

Gebruikersaccounts voor \\TONESPC

Administrator            Gast                     Pieter                  
UpdatusUser             
De opdracht is voltooid.

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

10-06-2015 10:35:12 Windows Update
18-06-2015 16:18:11 Gepland controlepunt
24-06-2015 14:46:02 Windows Update

**** End of log ****



#7 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:50 PM

Posted 01 July 2015 - 07:29 AM

Yes, proceed with other steps and post all requested logs. Please, do not use RSIT or other tools that requests experts help in reading and using.

 

So, I am waiting logs from:

Eset,

MBAM,

AdwCleaner and

JRT.

 

:thumbup2:


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#8 Pjotr7

Pjotr7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 01 July 2015 - 09:14 AM

Hi again Severac,

The ESET scanning took some time but here is the result (I'll continue with the rest) :

 

C:\Users\Pieter\AppData\Local\Temp\is-GICAO.tmp\prsetup.exe a variant of Win32/Adware.Agent.NOH application cleaned by deleting - quarantined
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting - quarantined



#9 Pjotr7

Pjotr7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 01 July 2015 - 09:35 AM

The MBAM scan log looks like it found something too :-)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/07/2015
Scan Time: 16:20
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.01.03
Rootkit Database: v2015.06.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Pieter

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 435055
Time Elapsed: 7 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.GlobalSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [06915785bdcd40f6a1246495f40f57a9],

Registry Values: 1
PUP.Optional.GlobalSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.globasearch.com/?serie=211&installkey=bbyeCcKCXf3EM7Nnl0YN&b=3&q={searchTerms}, Quarantined, [06915785bdcd40f6a1246495f40f57a9]

Registry Data: 1
Hijack.GlobaSearch.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.globasearch.com/?serie=211&b=3&installkey=bbyeCcKCXf3EM7Nnl0YN, Good: (www.google.com), Bad: (http://www.globasearch.com/?serie=211&b=3&installkey=bbyeCcKCXf3EM7Nnl0YN),Replaced,[a7f0508cdcae56e0f38c381a1ee86997]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#10 Pjotr7

Pjotr7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 01 July 2015 - 09:45 AM

Hi Severac,

 

The ADWcleaner directs me to some very elementary page (URL below) with not much more than a login field.

https://analytics.general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

 

Should I use this instead ?

http://www.bleepingcomputer.com/download/adwcleaner/

 

Rgds, P.



#11 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:50 PM

Posted 01 July 2015 - 10:04 AM

Hi Severac,

 

Should I use this instead ?

http://www.bleepingcomputer.com/download/adwcleaner/

 

Rgds, P.

 

Yes.  :thumbup2:


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#12 Pjotr7

Pjotr7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 01 July 2015 - 10:11 AM

Ok :-)

In the meantime I ran JRT with the following result :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.5 (07.01.2015:1)
OS: Windows 8.1 x64
Ran by Pieter on wo 01/07/2015 at 17:06:43,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Chrome

[C:\Users\Pieter\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Pieter\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Pieter\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Pieter\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on wo 01/07/2015 at 17:08:03,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#13 Pjotr7

Pjotr7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 01 July 2015 - 10:20 AM

Hi again !

 

I clicked Scan in AdwCleaner a few minutes ago but I can't see any progress. The scan button is disabled (greyed out), and there is a text asking me to wait for action and deselect items I want to keep. Somthing wich looks like a progress bar is entirely grey. Could it be stuck ?

 

Kr, P.



#14 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:50 PM

Posted 01 July 2015 - 10:30 AM

Wait for a few more minutes. Then try to close and restart if nothing happens.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#15 Pjotr7

Pjotr7
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 01 July 2015 - 10:49 AM

I retried, things looked the same but in a tab I found 2 checked items. I clicked the remove button (name was in Dutch : verwijdern) next teh scan button. I got a first log (which I saved), the system rebooted and generated a similar looking log in which it was said that the 2 items were removed. The logfile did not save and I got an error when I tried to save it myself. But I did read it. Below is the content of the intermediate log file :

 

# AdwCleaner v4.207 - Logbestand aangemaakt 01/07/2015 op 17:38:52
# Laatste update 21/06/2015 door Xplode
# Database : 2015-06-29.1 [Server]
# Besturingssysteem : Windows 8.1  (x64)
# Gebruikersnaam : Pieter - TONESPC
# Gestart vanuit : D:\Pieter\Desktop\AdwCleaner.exe
# Optie : Scannen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

***** [ Geplande taken ] *****

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

Gegevens Gevonden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}

***** [ Webbrowsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.130

*************************

AdwCleaner[R0].txt - [948 bytes] - [01/07/2015 17:13:21]
AdwCleaner[R1].txt - [870 bytes] - [01/07/2015 17:38:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [928 bytes] ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users