Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 ([color=red]ATTENTION: ====> FRST version is 27 days old and could be outdated[/color]) Ran by SYSTEM on MININT-50QEU3G on 09-04-2014 18:47:08 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11369576 2010-08-10] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2586504 2010-08-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [AllShare Play] - C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe [399264 2012-08-29] (Samsung Electronics) HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\Fullrate\Common\FSM32.EXE [199264 2009-08-05] (F-Secure Corporation) HKLM-x32\...\Run: [F-Secure TNB] - C:\Program Files (x86)\Fullrate\FSGUI\TNBUtil.exe [2349664 2009-08-05] (F-Secure Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\Corfitz\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\Corfitz\...\Run: [WebCake Desktop] - C:\Users\Corfitz\AppData\Roaming\Betcat\WebCakeDesktop.exe Startup: C:\Users\Corfitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\Corfitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j6eeezjlc.lnk ShortcutTarget: j6eeezjlc.lnk -> C:\ProgramData\cljzeee6j.cpp (Microsoft Corporation) Startup: C:\Users\Corfitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) Startup: C:\Users\Corfitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Screen Clipper and Launcher til OneNote 2007.lnk ShortcutTarget: Screen Clipper and Launcher til OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Corfitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk ShortcutTarget: tcbhn.lnk -> (No File) ==================== Services (Whitelisted) ================= S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-01-27] (Just Develop It) S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [574464 2013-12-19] () S2 DefaultTabUpdate; C:\Users\Corfitz\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2012-10-05] () S2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\Fullrate\Anti-Virus\fsgk32st.exe [215648 2009-08-05] (F-Secure Corporation) S3 FSDFWD; C:\Program Files (x86)\Fullrate\FWES\Program\fsdfwd.exe [844384 2011-03-24] (F-Secure Corporation) S2 FSMA; C:\Program Files (x86)\Fullrate\Common\FSMA32.EXE [186976 2009-08-05] (F-Secure Corporation) S3 FSORSPClient; C:\Program Files (x86)\Fullrate\ORSP Client\fsorsp.exe [60352 2013-06-06] (F-Secure Corporation) S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-04-09] (SurfRight B.V.) S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED) S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-06-14] (Wajam) S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [425104 2014-02-26] (Taiwan Shui Mu Chih Ching Technology Limited.) S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-02-26] (Cherished Technololgy LIMITED) S2 WebCake Desktop Updater; C:\Program Files (x86)\WADesktop.Updater.exe [X] S2 Winmgmt; C:\PROGRA~3\j6eeezjlc.zvv [X] ==================== Drivers (Whitelisted) ==================== S3 F-Secure Gatekeeper; C:\Program Files (x86)\Fullrate\Anti-Virus\minifilter\fsgk.sys [202176 2013-07-10] (F-Secure Corporation) S1 F-Secure HIPS; C:\Program Files (x86)\Fullrate\HIPS\drivers\fshs.sys [57920 2009-08-05] (F-Secure Corporation) S0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2012-08-15] () S0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42672 2011-08-17] () S1 FSES; C:\Windows\System32\drivers\fses.sys [45624 2011-03-24] (F-Secure Corporation) S1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [94312 2013-05-02] (F-Secure Corporation) S1 fsvista; C:\Program Files (x86)\Fullrate\Anti-Virus\minifilter\fsvista.sys [14904 2009-08-05] () S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-09] () S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-12-23] (Windows (R) 2003 DDK 3790 provider) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-09 07:48 - 2014-04-09 18:47 - 00000000 ____D () C:\FRST 2014-04-09 00:53 - 2014-04-09 00:53 - 00000000 ____D () C:\Program Files\HitmanPro 2014-04-08 23:23 - 2014-04-09 00:53 - 00032512 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys 2014-04-08 23:11 - 2014-04-08 23:23 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-04-07 23:34 - 2014-04-07 23:34 - 00000000 __SHD () C:\found.001 2014-04-07 05:01 - 2014-04-07 05:07 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-04-07 04:56 - 2014-04-07 04:56 - 00003298 _____ () C:\Windows\System32\Tasks\{F6B84BB2-13D8-4460-8132-7B918BDA1734} 2014-04-07 04:15 - 2014-04-07 04:15 - 00009800 ____N () C:\bootsqm.dat 2014-04-07 00:58 - 2014-04-07 00:58 - 00000000 ____D () C:\Windows\System32\SPReview 2014-03-14 04:18 - 2014-03-14 04:18 - 00000169 _____ () C:\Users\Corfitz\Desktop\Google.url 2014-03-10 00:20 - 2014-04-09 01:08 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro ==================== One Month Modified Files and Folders ======= 2014-04-09 18:47 - 2014-04-09 07:48 - 00000000 ____D () C:\FRST 2014-04-09 05:18 - 2013-12-27 12:01 - 03958505 _____ () C:\action.log 2014-04-09 05:17 - 2014-02-26 22:02 - 00000000 ____D () C:\Program Files (x86)\WinZipper 2014-04-09 05:17 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-09 05:17 - 2009-07-13 20:51 - 00076909 _____ () C:\Windows\setupact.log 2014-04-09 05:08 - 2014-02-05 19:54 - 00000388 _____ () C:\Windows\Tasks\Re-markit Update.job 2014-04-09 05:07 - 2012-08-10 13:08 - 00000000 ____D () C:\Users\Corfitz\AppData\Roaming\Dropbox 2014-04-09 05:07 - 2012-08-03 05:40 - 00000000 ____D () C:\Users\Corfitz\AppData\Roaming\BrowserCompanion 2014-04-09 05:07 - 2012-02-16 09:59 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-09 05:06 - 2014-02-12 13:23 - 00001368 _____ () C:\Users\Corfitz\Desktop\Gratis! Rens din Registry.lnk 2014-04-09 05:06 - 2012-04-03 22:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-09 05:06 - 2012-01-24 02:10 - 00000414 _____ () C:\Windows\Tasks\Final Media Player Update Checker.job 2014-04-09 05:05 - 2013-02-03 02:08 - 00000288 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job 2014-04-09 01:19 - 2010-08-28 13:51 - 01868511 _____ () C:\Windows\WindowsUpdate.log 2014-04-09 01:08 - 2014-03-10 00:20 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro 2014-04-09 00:58 - 2009-07-13 20:45 - 00014144 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-09 00:58 - 2009-07-13 20:45 - 00014144 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-09 00:53 - 2014-04-09 00:53 - 00000000 ____D () C:\Program Files\HitmanPro 2014-04-09 00:53 - 2014-04-08 23:23 - 00032512 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys 2014-04-09 00:42 - 2012-08-31 02:17 - 00000000 ___RD () C:\Users\Corfitz\Dropbox 2014-04-09 00:42 - 2012-02-16 09:59 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-08 23:23 - 2014-04-08 23:11 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-04-08 23:23 - 2012-10-05 13:18 - 00000000 ____D () C:\Program Files (x86)\DefaultTab 2014-04-07 23:34 - 2014-04-07 23:34 - 00000000 __SHD () C:\found.001 2014-04-07 05:13 - 2012-09-19 23:00 - 00000000 ____D () C:\Users\Corfitz\AppData\Roaming\Skype 2014-04-07 05:07 - 2014-04-07 05:01 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-04-07 05:01 - 2013-02-03 02:08 - 00000280 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job 2014-04-07 04:56 - 2014-04-07 04:56 - 00003298 _____ () C:\Windows\System32\Tasks\{F6B84BB2-13D8-4460-8132-7B918BDA1734} 2014-04-07 04:45 - 2013-07-25 23:03 - 00000000 ____D () C:\Windows\System32\MRT 2014-04-07 04:45 - 2012-09-05 10:23 - 00000000 ____D () C:\AllShare Play 2014-04-07 04:44 - 2013-03-17 11:09 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup 2014-04-07 04:15 - 2014-04-07 04:15 - 00009800 ____N () C:\bootsqm.dat 2014-04-07 03:21 - 2011-03-22 11:57 - 00229532 _____ () C:\Windows\PFRO.log 2014-04-07 03:08 - 2013-07-02 02:58 - 00000000 ____D () C:\Program Files (x86)\WebCake 2014-04-07 01:33 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp 2014-04-07 00:58 - 2014-04-07 00:58 - 00000000 ____D () C:\Windows\System32\SPReview 2014-04-01 12:37 - 2012-02-16 09:59 - 00003930 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-01 12:37 - 2012-02-16 09:59 - 00003678 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-31 23:07 - 2011-03-24 02:26 - 00170255 _____ () C:\Users\Corfitz\danid.log 2014-03-31 23:06 - 2010-08-28 14:24 - 00478138 _____ () C:\Windows\System32\perfh006.dat 2014-03-31 23:06 - 2010-08-28 14:24 - 00083598 _____ () C:\Windows\System32\perfc006.dat 2014-03-31 23:06 - 2009-07-13 21:13 - 01288574 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-03-30 23:14 - 2011-03-21 11:02 - 00000000 ____D () C:\users\Corfitz 2014-03-30 23:13 - 2011-03-24 02:26 - 01068895 _____ () C:\Users\Corfitz\danid.log.1 2014-03-29 11:28 - 2011-03-22 12:04 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-03-28 00:01 - 2011-07-02 13:35 - 00000000 ____D () C:\Users\Corfitz\Documents\Youcam 2014-03-18 23:20 - 2011-03-30 08:14 - 90015360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-03-17 01:12 - 2012-02-16 10:00 - 00002341 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-14 04:44 - 2014-02-05 22:26 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-03-14 04:41 - 2012-05-13 22:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 04:41 - 2012-05-13 22:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-14 04:18 - 2014-03-14 04:18 - 00000169 _____ () C:\Users\Corfitz\Desktop\Google.url 2014-03-14 04:17 - 2012-01-26 08:04 - 00000000 ____D () C:\Users\Corfitz\Desktop\Mapper 2014-03-14 02:47 - 2011-08-10 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-12 00:44 - 2012-04-03 22:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 00:44 - 2012-04-03 22:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-12 00:44 - 2011-06-08 08:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Corfitz\AppData\Local\Temp\00FF7270.dll C:\Users\Corfitz\AppData\Local\Temp\028113BA.dll C:\Users\Corfitz\AppData\Local\Temp\02F30568.dll C:\Users\Corfitz\AppData\Local\Temp\03AC9AC1.dll C:\Users\Corfitz\AppData\Local\Temp\03AEAA7F.dll C:\Users\Corfitz\AppData\Local\Temp\0B034A45.dll C:\Users\Corfitz\AppData\Local\Temp\0B227571.dll C:\Users\Corfitz\AppData\Local\Temp\0B23B9EB.dll C:\Users\Corfitz\AppData\Local\Temp\0C421DEC.dll C:\Users\Corfitz\AppData\Local\Temp\0C57C170.dll C:\Users\Corfitz\AppData\Local\Temp\0C89D710.dll C:\Users\Corfitz\AppData\Local\Temp\0F1A2C73.dll C:\Users\Corfitz\AppData\Local\Temp\0F1BF986.dll C:\Users\Corfitz\AppData\Local\Temp\15CFA402.dll C:\Users\Corfitz\AppData\Local\Temp\16FA5B06.dll C:\Users\Corfitz\AppData\Local\Temp\16FD5F4E.dll C:\Users\Corfitz\AppData\Local\Temp\1739FDAD.dll C:\Users\Corfitz\AppData\Local\Temp\176D2266.dll C:\Users\Corfitz\AppData\Local\Temp\17705C56.dll C:\Users\Corfitz\AppData\Local\Temp\17716E70.dll C:\Users\Corfitz\AppData\Local\Temp\1AE932AB.dll C:\Users\Corfitz\AppData\Local\Temp\1C1BF16E.dll C:\Users\Corfitz\AppData\Local\Temp\1DCE6CB7.dll C:\Users\Corfitz\AppData\Local\Temp\1F860FDA.dll C:\Users\Corfitz\AppData\Local\Temp\231E0B98.dll C:\Users\Corfitz\AppData\Local\Temp\248A1A2F.dll C:\Users\Corfitz\AppData\Local\Temp\248B2F06.dll C:\Users\Corfitz\AppData\Local\Temp\24C80C29.dll C:\Users\Corfitz\AppData\Local\Temp\24E43DDB.dll C:\Users\Corfitz\AppData\Local\Temp\24ED1B65.dll C:\Users\Corfitz\AppData\Local\Temp\24F0BA12.dll C:\Users\Corfitz\AppData\Local\Temp\24F8B3D8.dll C:\Users\Corfitz\AppData\Local\Temp\261BE538.dll C:\Users\Corfitz\AppData\Local\Temp\28F450BA.dll C:\Users\Corfitz\AppData\Local\Temp\29060CE7.dll C:\Users\Corfitz\AppData\Local\Temp\2B5D419A.dll C:\Users\Corfitz\AppData\Local\Temp\2DB7A620.dll C:\Users\Corfitz\AppData\Local\Temp\2DBBAA14.dll C:\Users\Corfitz\AppData\Local\Temp\2DBFF8B7.dll C:\Users\Corfitz\AppData\Local\Temp\2DC28E45.dll C:\Users\Corfitz\AppData\Local\Temp\2DCF8F7E.dll C:\Users\Corfitz\AppData\Local\Temp\2DE8DE86.dll C:\Users\Corfitz\AppData\Local\Temp\2DED444C.dll C:\Users\Corfitz\AppData\Local\Temp\2F0C4A67.dll C:\Users\Corfitz\AppData\Local\Temp\2F0C9AAC.dll C:\Users\Corfitz\AppData\Local\Temp\2F0EF6C1.dll C:\Users\Corfitz\AppData\Local\Temp\2F107BC7.dll C:\Users\Corfitz\AppData\Local\Temp\3070C939.dll C:\Users\Corfitz\AppData\Local\Temp\30720ABB.dll C:\Users\Corfitz\AppData\Local\Temp\3076033F.dll C:\Users\Corfitz\AppData\Local\Temp\307F62C9.dll C:\Users\Corfitz\AppData\Local\Temp\311DA8D6.dll C:\Users\Corfitz\AppData\Local\Temp\33B9E4A2.dll C:\Users\Corfitz\AppData\Local\Temp\33C07155.dll C:\Users\Corfitz\AppData\Local\Temp\3541C518.dll C:\Users\Corfitz\AppData\Local\Temp\35985919.dll C:\Users\Corfitz\AppData\Local\Temp\363C3FDE.dll C:\Users\Corfitz\AppData\Local\Temp\363FE05C.dll C:\Users\Corfitz\AppData\Local\Temp\36428661.dll C:\Users\Corfitz\AppData\Local\Temp\36F6B510.dll C:\Users\Corfitz\AppData\Local\Temp\39F173FB.dll C:\Users\Corfitz\AppData\Local\Temp\39F642EE.dll C:\Users\Corfitz\AppData\Local\Temp\3A7AB0B1.dll C:\Users\Corfitz\AppData\Local\Temp\412A4B7B.dll C:\Users\Corfitz\AppData\Local\Temp\412E37F4.dll C:\Users\Corfitz\AppData\Local\Temp\41347EEA.dll C:\Users\Corfitz\AppData\Local\Temp\41C8D124.dll C:\Users\Corfitz\AppData\Local\Temp\427ECEF8.dll C:\Users\Corfitz\AppData\Local\Temp\42A3270E.dll C:\Users\Corfitz\AppData\Local\Temp\44D1E33E.dll C:\Users\Corfitz\AppData\Local\Temp\44D998F5.dll C:\Users\Corfitz\AppData\Local\Temp\465A729C.dll C:\Users\Corfitz\AppData\Local\Temp\4724BE9B.dll C:\Users\Corfitz\AppData\Local\Temp\47AEA635.dll C:\Users\Corfitz\AppData\Local\Temp\47B49DF9.dll C:\Users\Corfitz\AppData\Local\Temp\47B635F3.dll C:\Users\Corfitz\AppData\Local\Temp\47B70DE9.dll C:\Users\Corfitz\AppData\Local\Temp\48B87E56.dll C:\Users\Corfitz\AppData\Local\Temp\4A14BC32.dll C:\Users\Corfitz\AppData\Local\Temp\4A191A3F.dll C:\Users\Corfitz\AppData\Local\Temp\4A1A9DAB.dll C:\Users\Corfitz\AppData\Local\Temp\4B7D60EB.dll C:\Users\Corfitz\AppData\Local\Temp\4B8206D3.dll C:\Users\Corfitz\AppData\Local\Temp\4C4C7F88.dll C:\Users\Corfitz\AppData\Local\Temp\4C5863BD.dll C:\Users\Corfitz\AppData\Local\Temp\4DE9EB31.dll C:\Users\Corfitz\AppData\Local\Temp\4E36F28F.dll C:\Users\Corfitz\AppData\Local\Temp\56725F84.dll C:\Users\Corfitz\AppData\Local\Temp\56832536.dll C:\Users\Corfitz\AppData\Local\Temp\5684DC9C.dll C:\Users\Corfitz\AppData\Local\Temp\56853836.dll C:\Users\Corfitz\AppData\Local\Temp\56F0BE28.dll C:\Users\Corfitz\AppData\Local\Temp\5705B55D.dll C:\Users\Corfitz\AppData\Local\Temp\570FD34F.dll C:\Users\Corfitz\AppData\Local\Temp\58435FF8.dll C:\Users\Corfitz\AppData\Local\Temp\591141CD.dll C:\Users\Corfitz\AppData\Local\Temp\5C862ADA.dll C:\Users\Corfitz\AppData\Local\Temp\5CB19384.dll C:\Users\Corfitz\AppData\Local\Temp\5EF6909A.dll C:\Users\Corfitz\AppData\Local\Temp\5EF947B2.dll C:\Users\Corfitz\AppData\Local\Temp\5EFA0F55.dll C:\Users\Corfitz\AppData\Local\Temp\5EFF61B3.dll C:\Users\Corfitz\AppData\Local\Temp\5F02AE6B.dll C:\Users\Corfitz\AppData\Local\Temp\60BC0C8A.dll C:\Users\Corfitz\AppData\Local\Temp\611F9271.dll C:\Users\Corfitz\AppData\Local\Temp\62FD1DD1.dll C:\Users\Corfitz\AppData\Local\Temp\630A341B.dll C:\Users\Corfitz\AppData\Local\Temp\6313D8E4.dll C:\Users\Corfitz\AppData\Local\Temp\63AE41CD.dll C:\Users\Corfitz\AppData\Local\Temp\63B69F7D.dll C:\Users\Corfitz\AppData\Local\Temp\641B7C6B.dll C:\Users\Corfitz\AppData\Local\Temp\6663B045.dll C:\Users\Corfitz\AppData\Local\Temp\66C84D2A.dll C:\Users\Corfitz\AppData\Local\Temp\66CD076A.dll C:\Users\Corfitz\AppData\Local\Temp\66CE7F47.dll C:\Users\Corfitz\AppData\Local\Temp\678FC81F.dll C:\Users\Corfitz\AppData\Local\Temp\679348B7.dll C:\Users\Corfitz\AppData\Local\Temp\683CCB5C.dll C:\Users\Corfitz\AppData\Local\Temp\690CB529.dll C:\Users\Corfitz\AppData\Local\Temp\6A5E213F.dll C:\Users\Corfitz\AppData\Local\Temp\6B3493D7.dll C:\Users\Corfitz\AppData\Local\Temp\6B36E6C8.dll C:\Users\Corfitz\AppData\Local\Temp\6B37EEDD.dll C:\Users\Corfitz\AppData\Local\Temp\6B37FC52.dll C:\Users\Corfitz\AppData\Local\Temp\6B39727C.dll C:\Users\Corfitz\AppData\Local\Temp\6E5EC1B0.dll C:\Users\Corfitz\AppData\Local\Temp\6E62D738.dll C:\Users\Corfitz\AppData\Local\Temp\6E65E69B.dll C:\Users\Corfitz\AppData\Local\Temp\6F26E0D6.dll C:\Users\Corfitz\AppData\Local\Temp\71EE9063.dll C:\Users\Corfitz\AppData\Local\Temp\724C6C58.dll C:\Users\Corfitz\AppData\Local\Temp\7264C8C5.dll C:\Users\Corfitz\AppData\Local\Temp\7268E18D.dll C:\Users\Corfitz\AppData\Local\Temp\726CEF71.dll C:\Users\Corfitz\AppData\Local\Temp\74B0F1C7.dll C:\Users\Corfitz\AppData\Local\Temp\765436F8.dll C:\Users\Corfitz\AppData\Local\Temp\78AC4C8C.dll C:\Users\Corfitz\AppData\Local\Temp\78B971D7.dll C:\Users\Corfitz\AppData\Local\Temp\79CD34FC.dll C:\Users\Corfitz\AppData\Local\Temp\7CAEA0D2.dll C:\Users\Corfitz\AppData\Local\Temp\7CB0B3E6.dll C:\Users\Corfitz\AppData\Local\Temp\7CF23438.dll C:\Users\Corfitz\AppData\Local\Temp\7CF9EC09.dll C:\Users\Corfitz\AppData\Local\Temp\7EE46C31.dll C:\Users\Corfitz\AppData\Local\Temp\7z.dll C:\Users\Corfitz\AppData\Local\Temp\83D5E629.dll C:\Users\Corfitz\AppData\Local\Temp\85153146.dll C:\Users\Corfitz\AppData\Local\Temp\8519B0D3.dll C:\Users\Corfitz\AppData\Local\Temp\89053C48.dll C:\Users\Corfitz\AppData\Local\Temp\8AF6417C.dll C:\Users\Corfitz\AppData\Local\Temp\8AFA0934.dll C:\Users\Corfitz\AppData\Local\Temp\8AFA21AD.dll C:\Users\Corfitz\AppData\Local\Temp\8AFA3352.dll C:\Users\Corfitz\AppData\Local\Temp\8AFD23B4.dll C:\Users\Corfitz\AppData\Local\Temp\8E88615E.dll C:\Users\Corfitz\AppData\Local\Temp\8F8BB3E3.dll C:\Users\Corfitz\AppData\Local\Temp\9127263E.dll C:\Users\Corfitz\AppData\Local\Temp\9129A970.dll C:\Users\Corfitz\AppData\Local\Temp\92F43EA5.dll C:\Users\Corfitz\AppData\Local\Temp\92F5EBB4.dll C:\Users\Corfitz\AppData\Local\Temp\93119D34.dll C:\Users\Corfitz\AppData\Local\Temp\9411312F.dll C:\Users\Corfitz\AppData\Local\Temp\941584A0.dll C:\Users\Corfitz\AppData\Local\Temp\95062694.dll C:\Users\Corfitz\AppData\Local\Temp\991472C1.dll C:\Users\Corfitz\AppData\Local\Temp\9916D5F6.dll C:\Users\Corfitz\AppData\Local\Temp\9F5FF83F.dll C:\Users\Corfitz\AppData\Local\Temp\9F7D8158.dll C:\Users\Corfitz\AppData\Local\Temp\A026F61A.dll C:\Users\Corfitz\AppData\Local\Temp\A1AE3B9D.dll C:\Users\Corfitz\AppData\Local\Temp\A1C4FA2E.dll C:\Users\Corfitz\AppData\Local\Temp\A1EBDD07.dll C:\Users\Corfitz\AppData\Local\Temp\A87D0A23.dll C:\Users\Corfitz\AppData\Local\Temp\A886DAE0.dll C:\Users\Corfitz\AppData\Local\Temp\A88E32A9.dll C:\Users\Corfitz\AppData\Local\Temp\A8F706B3.dll C:\Users\Corfitz\AppData\Local\Temp\A8FAEE1B.dll C:\Users\Corfitz\AppData\Local\Temp\AAE753F7.dll C:\Users\Corfitz\AppData\Local\Temp\AdbeRdr1010_da_DK.exe C:\Users\Corfitz\AppData\Local\Temp\AEB51311.dll C:\Users\Corfitz\AppData\Local\Temp\AEB901C9.dll C:\Users\Corfitz\AppData\Local\Temp\AFCEF521.dll C:\Users\Corfitz\AppData\Local\Temp\AFE14D47.dll C:\Users\Corfitz\AppData\Local\Temp\AFE6091B.dll C:\Users\Corfitz\AppData\Local\Temp\ApnStub.exe C:\Users\Corfitz\AppData\Local\Temp\B041E314.dll C:\Users\Corfitz\AppData\Local\Temp\B163AC7B.dll C:\Users\Corfitz\AppData\Local\Temp\B2B1D1BE.dll C:\Users\Corfitz\AppData\Local\Temp\B2B68B3A.dll C:\Users\Corfitz\AppData\Local\Temp\B2BA397B.dll C:\Users\Corfitz\AppData\Local\Temp\B66E0076.dll C:\Users\Corfitz\AppData\Local\Temp\B671BE0D.dll C:\Users\Corfitz\AppData\Local\Temp\B675B36E.dll C:\Users\Corfitz\AppData\Local\Temp\B7CFA0F2.dll C:\Users\Corfitz\AppData\Local\Temp\B9E6290C.dll C:\Users\Corfitz\AppData\Local\Temp\B9FC8F01.dll C:\Users\Corfitz\AppData\Local\Temp\BackupSetup.exe C:\Users\Corfitz\AppData\Local\Temp\BBD87DD0.dll C:\Users\Corfitz\AppData\Local\Temp\BE223F69.dll C:\Users\Corfitz\AppData\Local\Temp\C418C0DF.dll C:\Users\Corfitz\AppData\Local\Temp\C5692EAC.dll C:\Users\Corfitz\AppData\Local\Temp\C5B5D66C.dll C:\Users\Corfitz\AppData\Local\Temp\C5B925CB.dll C:\Users\Corfitz\AppData\Local\Temp\CF0105CF.dll C:\Users\Corfitz\AppData\Local\Temp\CF0954F2.dll C:\Users\Corfitz\AppData\Local\Temp\CF88543C.dll C:\Users\Corfitz\AppData\Local\Temp\coupish-babylon.exe C:\Users\Corfitz\AppData\Local\Temp\D0320DB6.dll C:\Users\Corfitz\AppData\Local\Temp\D03507A9.dll C:\Users\Corfitz\AppData\Local\Temp\D03508D1.dll C:\Users\Corfitz\AppData\Local\Temp\D03512A1.dll C:\Users\Corfitz\AppData\Local\Temp\D0355CF9.dll C:\Users\Corfitz\AppData\Local\Temp\D03587EF.dll C:\Users\Corfitz\AppData\Local\Temp\D03A16BA.dll C:\Users\Corfitz\AppData\Local\Temp\D3E1FDFF.dll C:\Users\Corfitz\AppData\Local\Temp\D4443E52.dll C:\Users\Corfitz\AppData\Local\Temp\D45056D6.dll C:\Users\Corfitz\AppData\Local\Temp\D8597B7F.dll C:\Users\Corfitz\AppData\Local\Temp\D8B43A16.dll C:\Users\Corfitz\AppData\Local\Temp\D8B7ACB5.dll C:\Users\Corfitz\AppData\Local\Temp\D93F52F6.dll C:\Users\Corfitz\AppData\Local\Temp\DA4DBF57.dll C:\Users\Corfitz\AppData\Local\Temp\DA4E5358.dll C:\Users\Corfitz\AppData\Local\Temp\DDF63B85.dll C:\Users\Corfitz\AppData\Local\Temp\DE23442D.dll C:\Users\Corfitz\AppData\Local\Temp\DE49A423.dll C:\Users\Corfitz\AppData\Local\Temp\DE4EC18E.dll C:\Users\Corfitz\AppData\Local\Temp\DF3EB5C4.dll C:\Users\Corfitz\AppData\Local\Temp\DF432A69.dll C:\Users\Corfitz\AppData\Local\Temp\DF440372.dll C:\Users\Corfitz\AppData\Local\Temp\DF4968E7.dll C:\Users\Corfitz\AppData\Local\Temp\DF636B4B.dll C:\Users\Corfitz\AppData\Local\Temp\DivXInstaller.exe C:\Users\Corfitz\AppData\Local\Temp\E1EEB4F5.dll C:\Users\Corfitz\AppData\Local\Temp\E1FE3CE1.dll C:\Users\Corfitz\AppData\Local\Temp\E2FF659A.dll C:\Users\Corfitz\AppData\Local\Temp\E31570F1.dll C:\Users\Corfitz\AppData\Local\Temp\E31BC125.dll C:\Users\Corfitz\AppData\Local\Temp\E33D1FAD.dll C:\Users\Corfitz\AppData\Local\Temp\E38425FB.dll C:\Users\Corfitz\AppData\Local\Temp\E38A6F32.dll C:\Users\Corfitz\AppData\Local\Temp\E3A3F665.dll C:\Users\Corfitz\AppData\Local\Temp\E3B1BB93.dll C:\Users\Corfitz\AppData\Local\Temp\E5E06177.dll C:\Users\Corfitz\AppData\Local\Temp\E73C295A.dll C:\Users\Corfitz\AppData\Local\Temp\E76F2A3A.dll C:\Users\Corfitz\AppData\Local\Temp\E7715DC3.dll C:\Users\Corfitz\AppData\Local\Temp\E7729788.dll C:\Users\Corfitz\AppData\Local\Temp\E7748749.dll C:\Users\Corfitz\AppData\Local\Temp\E77916EC.dll C:\Users\Corfitz\AppData\Local\Temp\E781B194.dll C:\Users\Corfitz\AppData\Local\Temp\E789DCBA.dll C:\Users\Corfitz\AppData\Local\Temp\E78C7442.dll C:\Users\Corfitz\AppData\Local\Temp\E78F53DA.dll C:\Users\Corfitz\AppData\Local\Temp\E791E176.dll C:\Users\Corfitz\AppData\Local\Temp\E79D297A.dll C:\Users\Corfitz\AppData\Local\Temp\EB6EC456.dll C:\Users\Corfitz\AppData\Local\Temp\ECDD18FA.dll C:\Users\Corfitz\AppData\Local\Temp\ECE4F9D4.dll C:\Users\Corfitz\AppData\Local\Temp\ECE5ADF6.dll C:\Users\Corfitz\AppData\Local\Temp\ECE98CB6.dll C:\Users\Corfitz\AppData\Local\Temp\ED281981.dll C:\Users\Corfitz\AppData\Local\Temp\ED78F9A8.dll C:\Users\Corfitz\AppData\Local\Temp\F0B0F09D.dll C:\Users\Corfitz\AppData\Local\Temp\F0B3F5CD.dll C:\Users\Corfitz\AppData\Local\Temp\F0B97589.dll C:\Users\Corfitz\AppData\Local\Temp\F2081CE4.dll C:\Users\Corfitz\AppData\Local\Temp\F2D0D8FD.dll C:\Users\Corfitz\AppData\Local\Temp\F2D3AB9A.dll C:\Users\Corfitz\AppData\Local\Temp\F3DD421F.dll C:\Users\Corfitz\AppData\Local\Temp\F5389745.dll C:\Users\Corfitz\AppData\Local\Temp\F540637B.dll C:\Users\Corfitz\AppData\Local\Temp\F90DBB41.dll C:\Users\Corfitz\AppData\Local\Temp\F90DF60D.dll C:\Users\Corfitz\AppData\Local\Temp\FCA34B6A.dll C:\Users\Corfitz\AppData\Local\Temp\FEEBCECD.dll C:\Users\Corfitz\AppData\Local\Temp\FF87363F.dll C:\Users\Corfitz\AppData\Local\Temp\fsprod.dll C:\Users\Corfitz\AppData\Local\Temp\fssfm.dll C:\Users\Corfitz\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe C:\Users\Corfitz\AppData\Local\Temp\i4jdel0.exe C:\Users\Corfitz\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\Corfitz\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\Corfitz\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Corfitz\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Corfitz\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Corfitz\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Corfitz\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\Corfitz\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Corfitz\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Corfitz\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Corfitz\AppData\Local\Temp\Mobogenie_Setup_2.1.37_506.exe C:\Users\Corfitz\AppData\Local\Temp\NEWA7F7.tmp.exe C:\Users\Corfitz\AppData\Local\Temp\p596pwux.dll C:\Users\Corfitz\AppData\Local\Temp\preconfig.exe C:\Users\Corfitz\AppData\Local\Temp\scs.exe C:\Users\Corfitz\AppData\Local\Temp\setup.exe C:\Users\Corfitz\AppData\Local\Temp\SHSetup.exe C:\Users\Corfitz\AppData\Local\Temp\SkypeSetup.exe C:\Users\Corfitz\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\Corfitz\AppData\Local\Temp\Toolbar_Downius.exe C:\Users\Corfitz\AppData\Local\Temp\Updater.exe C:\Users\Corfitz\AppData\Local\Temp\vcredist_x64.exe C:\Users\Corfitz\AppData\Local\Temp\wajam_install.exe C:\Users\Corfitz\AppData\Local\Temp\_ReMarkit_up.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-04-07 00:58:45 Restore point made on: 2014-04-07 02:05:14 Restore point made on: 2014-04-07 05:02:26 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4028.61 MB Available physical RAM: 3410.53 MB Total Pagefile: 4026.76 MB Available Pagefile: 3403.45 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:113 GB) (Free:51.46 GB) NTFS Drive d: () (Fixed) (Total:166.77 GB) (Free:166.68 GB) NTFS Drive f: (SAMSUNG_REC) (Fixed) (Total:18.22 GB) (Free:0.63 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive h: (USB) (Removable) (Total:7.51 GB) (Free:7.5 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: FA62C07F) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. LastRegBack: 2014-04-07 02:35 ==================== End Of Log ============================