Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

websearches.com as startpage, slow bootup, slow pc [Solved]


  • This topic is locked This topic is locked

#16
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

Internet explorer, paint, .. opens now normally after reboot, thanks.

 

No other logs of combofix are in C drive, only that one I already uploaded and the htm file (CF-submit) I do see a folder 'Combofix', therein is one log with the same date and hour as the one I found directly under C drive (the one I posted). in this folder also other filetypes are found.

 

I will now continue the other steps.


  • 0

Advertisements


#17
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

# AdwCleaner v4.101 - Rapport aangemaakt 15/11/2014 op 21:58:44
# Laatste Update 09/11/2014 door Xplode
# Database : 2014-11-13.1 [Live]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : Gisele - GISELE-HP-LAP
# Gestart vanuit : C:\Users\Gisele\Desktop\AdwCleaner.exe
# Optie : Verwijderen

***** [ Services ] *****

[#] Service Verwijderd : HssSrv
[#] Service Verwijderd : hsstrayservice

***** [ Bestanden / Mappen ] *****

Map Verwijderd : C:\ProgramData\AVG Security Toolbar
Map Verwijderd : C:\ProgramData\Babylon
Map Verwijderd : C:\ProgramData\DSearchLink
Map Verwijderd : C:\ProgramData\hotspot shield
Map Verwijderd : C:\ProgramData\QuickSet
Map Verwijderd : C:\ProgramData\RegClean
Map Verwijderd : C:\ProgramData\simplitec
Map Verwijderd : C:\ProgramData\Allmyapps
Map Verwijderd : C:\ProgramData\surff aoned kieep
Map Verwijderd : C:\ProgramData\YoutubeAdblocker
Map Verwijderd : C:\ProgramData\9e34cd70ba3be717
Map Verwijderd : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Map Verwijderd : C:\Program Files (x86)\BearShare Applications
Map Verwijderd : C:\Program Files (x86)\globalUpdate
Map Verwijderd : C:\Program Files (x86)\hotspot shield
Map Verwijderd : C:\Program Files (x86)\MyFunCards_5m
Map Verwijderd : C:\Program Files (x86)\simplitec
Map Verwijderd : C:\Program Files (x86)\Sk-Enhancer
Map Verwijderd : C:\Program Files (x86)\System Speedup
Map Verwijderd : C:\Program Files (x86)\YourFileDownloaderUpdater
Map Verwijderd : C:\Program Files (x86)\surff aoned kieep
Map Verwijderd : C:\Windows\SysWOW64\hotspot shield
Map Verwijderd : C:\Windows\SysWOW64\SearchProtect
Map Verwijderd : C:\Users\Gisele\AppData\Local\Bundled software uninstaller
Map Verwijderd : C:\Users\Gisele\AppData\Local\Conduit
Map Verwijderd : C:\Users\Gisele\AppData\Local\genienext
Map Verwijderd : C:\Users\Gisele\AppData\Local\globalUpdate
Map Verwijderd : C:\Users\Gisele\AppData\Local\mapsgalaxy_39
Map Verwijderd : C:\Users\Gisele\AppData\Local\Mobogenie
Map Verwijderd : C:\Users\Gisele\AppData\Local\PackageAware
Map Verwijderd : C:\Users\Gisele\AppData\Local\SearchProtect
Map Verwijderd : C:\Users\Gisele\AppData\Local\CrashRpt
Map Verwijderd : C:\Users\Gisele\AppData\LocalLow\buenosearch LTD
Map Verwijderd : C:\Users\Gisele\AppData\LocalLow\Conduit
Map Verwijderd : C:\Users\Gisele\AppData\LocalLow\DataMngr
Map Verwijderd : C:\Users\Gisele\AppData\LocalLow\Delta
Map Verwijderd : C:\Users\Gisele\AppData\LocalLow\iac
Map Verwijderd : C:\Users\Gisele\AppData\LocalLow\iRobinHood
Map Verwijderd : C:\Users\Gisele\AppData\LocalLow\mapsgalaxy_39
Map Verwijderd : C:\Users\Gisele\AppData\LocalLow\MyFunCards_5m
Map Verwijderd : C:\Users\Gisele\AppData\LocalLow\PriceGong
Map Verwijderd : C:\Users\Gisele\AppData\LocalLow\Softonic
Map Verwijderd : C:\Users\Gisele\AppData\Roaming\Babylon
Map Verwijderd : C:\Users\Gisele\AppData\Roaming\goforfiles
Map Verwijderd : C:\Users\Gisele\AppData\Roaming\newnext.me
Map Verwijderd : C:\Users\Gisele\AppData\Roaming\OpenCandy
Map Verwijderd : C:\Users\Gisele\AppData\Roaming\PerformerSoft
Map Verwijderd : C:\Users\Gisele\AppData\Roaming\Solvusoft
Map Verwijderd : C:\Users\Gisele\AppData\Roaming\Systweak
Map Verwijderd : C:\Users\Gisele\AppData\Roaming\VOPackage
Map Verwijderd : C:\Users\Gisele\AppData\Roaming\YourFileDownloader
Bestand Verwijderd : C:\Windows\System32\roboot64.exe

***** [ Taken ] *****

Taak Verwijderd : GoforFilesUpdate

***** [ Snelkoppelingen ] *****

Snelkoppeling Gedesinfecteerd : C:\Users\Gisele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Snelkoppeling Gedesinfecteerd : C:\Users\Gisele\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Register ] *****

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Sleutel Verwijderd : HKCU\Software\8558b8bb669e815
Sleutel Verwijderd : HKLM\SOFTWARE\8558b8bb669e815
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{756C097C-6BDB-45DE-A8F1-83E01AB86BA4}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{B69509B5-4A90-4433-A2DE-BE439F6581F2}
Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Waarde Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Sleutel Verwijderd : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Sleutel Verwijderd : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Sleutel Verwijderd : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Sleutel Verwijderd : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Sleutel Verwijderd : HKCU\Software\1ClickDownload
Sleutel Verwijderd : HKCU\Software\BI
Sleutel Verwijderd : HKCU\Software\Conduit_Search_Protect
Sleutel Verwijderd : HKCU\Software\GlobalUpdate
Sleutel Verwijderd : HKCU\Software\GoforFiles
Sleutel Verwijderd : HKCU\Software\hotspotshield
Sleutel Verwijderd : HKCU\Software\InstallCore
Sleutel Verwijderd : HKCU\Software\InstalledThirdPartyPrograms
Sleutel Verwijderd : HKCU\Software\MapsGalaxy_39
Sleutel Verwijderd : HKCU\Software\RegisteredApplicationsEx
Sleutel Verwijderd : HKCU\Software\smarttweak
Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\systweak
Sleutel Verwijderd : HKCU\Software\TutoTag
Sleutel Verwijderd : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\PriceGong
Sleutel Verwijderd : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Sleutel Verwijderd : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Sleutel Verwijderd : HKLM\SOFTWARE\Babylon
Sleutel Verwijderd : HKLM\SOFTWARE\GoforFiles
Sleutel Verwijderd : HKLM\SOFTWARE\hotspotshield
Sleutel Verwijderd : HKLM\SOFTWARE\MapsGalaxy_39
Sleutel Verwijderd : HKLM\SOFTWARE\simplitec
Sleutel Verwijderd : HKLM\SOFTWARE\SoftwareUpdater
Sleutel Verwijderd : HKLM\SOFTWARE\SProtector
Sleutel Verwijderd : HKLM\SOFTWARE\systweak
Sleutel Verwijderd : HKLM\SOFTWARE\Tutorials
Sleutel Verwijderd : HKLM\SOFTWARE\Vittalia
Sleutel Verwijderd : HKLM\SOFTWARE\webssearchesSoftware
Sleutel Verwijderd : HKLM\SOFTWARE\YourFileDownloader
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Instelling Hersteld : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Instelling Hersteld : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Instelling Hersteld : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Instelling Hersteld : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

*************************

AdwCleaner[R0].txt - [18233 octets] - [15/11/2014 21:52:10]
AdwCleaner[R1].txt - [18294 octets] - [15/11/2014 21:54:28]
AdwCleaner[S0].txt - [15940 octets] - [15/11/2014 21:58:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16001 octets] ##########


  • 0

#18
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Gisele (administrator) on GISELE-HP-LAP on 15-11-2014 22:08:22
Running from C:\Users\Gisele\Desktop
Loaded Profile: Gisele (Available profiles: Gisele)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_223_ActiveX.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-28] (Google Inc.)
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {6BCC5539-643F-485D-94A5-C6C89F48B37D} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6BCC5539-643F-485D-94A5-C6C89F48B37D} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll No File
BHO-x32: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Aanmeldhulp voor Microsoft-account -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-774167087-3708585068-1396899783-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-774167087-3708585068-1396899783-1000 -> No Name - {0734D757-FEA6-4637-A7E4-2BD40A7FD8DA} -  No File
Toolbar: HKU\S-1-5-21-774167087-3708585068-1396899783-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.130.130.1 195.130.131.1

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-774167087-3708585068-1396899783-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
FF Extension: eID België - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2012-10-05]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\VDownloader\Addons\FireFox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-04-28]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx []
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-04-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-10-31] (Ellora Assets Corp.) [File not signed]
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 22:08 - 2014-11-15 22:08 - 00015516 _____ () C:\Users\Gisele\Desktop\FRST.txt
2014-11-15 22:08 - 2014-11-15 22:08 - 00000000 ____D () C:\FRST
2014-11-15 22:07 - 2014-11-15 22:07 - 02116608 _____ (Farbar) C:\Users\Gisele\Desktop\FRST64.exe
2014-11-15 17:31 - 2014-11-15 17:51 - 00000000 ____D () C:\ComboFix
2014-11-14 21:09 - 2014-11-14 21:09 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\TeamViewer
2014-11-14 20:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-14 20:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-14 20:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-14 20:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-14 20:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-14 20:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-14 20:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-14 20:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-14 20:45 - 2014-11-15 17:51 - 00000000 ____D () C:\Qoobox
2014-11-14 20:45 - 2014-11-15 17:41 - 00000000 ____D () C:\Windows\erdnt
2014-11-14 15:11 - 2014-11-15 22:06 - 00000000 ____D () C:\Users\Gisele\Desktop\Nieuwe map
2014-11-14 14:05 - 2014-11-14 14:05 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-11-14 14:05 - 2014-11-14 14:05 - 00001126 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-11-14 14:05 - 2014-11-14 14:05 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-14 13:51 - 2014-11-15 22:00 - 00007052 _____ () C:\Windows\PFRO.log
2014-11-14 12:17 - 2014-11-14 12:18 - 17574816 _____ (Vitzo Limited ) C:\Users\Gisele\Downloads\VDownloaderSetup (1).exe
2014-11-14 10:30 - 2014-11-14 10:30 - 00001209 _____ () C:\Users\Gisele\Desktop\MAGIX Xtreme Print Studio.lnk
2014-11-14 10:21 - 2014-11-14 10:21 - 00002096 _____ () C:\Users\Public\Desktop\PC Drukkerij CD's & DVD's versie 6.lnk
2014-11-14 10:21 - 2014-11-14 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Computing
2014-11-14 10:20 - 2014-11-14 10:20 - 00000000 ____D () C:\Program Files (x86)\Easy Computing
2014-11-14 10:07 - 2014-11-15 22:00 - 00000784 _____ () C:\Windows\setupact.log
2014-11-14 10:07 - 2014-11-14 10:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-14 10:00 - 2014-11-10 12:43 - 699062512 _____ () C:\Users\Gisele\Documents\Zangeres Zonder Naam.mp4
2014-11-14 10:00 - 2014-10-29 19:25 - 730048494 _____ () C:\Users\Gisele\Documents\SYMPHONIE DES LEBENS BEST OF SEMINO ROSSI.mp4
2014-11-14 10:00 - 2014-10-19 11:01 - 61349286 _____ () C:\Users\Gisele\Documents\TROS Op Volle Toeren 29-09-1983.mp4
2014-11-14 10:00 - 2014-10-19 11:01 - 235414210 _____ () C:\Users\Gisele\Documents\TROS Op Volle Toeren 09-11-1984 (complete uitzending).mp4
2014-11-14 09:59 - 2014-11-10 12:37 - 266819926 _____ () C:\Users\Gisele\Documents\Op volle toeren - TROS 11-03-19821.mp4
2014-11-14 09:59 - 2014-10-19 10:58 - 265831079 _____ () C:\Users\Gisele\Documents\Op volle toeren 1981 - Complete uitzending.mp4
2014-11-14 09:59 - 2014-10-19 10:57 - 266819926 _____ () C:\Users\Gisele\Documents\Op volle toeren - TROS 11-03-1982.mp4
2014-11-14 09:59 - 2014-10-19 10:56 - 235187670 _____ () C:\Users\Gisele\Documents\Op volle toeren 12-01-1987.mp4
2014-11-14 09:58 - 2014-11-10 12:41 - 636845349 _____ () C:\Users\Gisele\Documents\heintje.mp4
2014-11-14 09:58 - 2014-11-10 12:37 - 832256054 _____ () C:\Users\Gisele\Documents\hollandse ouwe 6.mp4
2014-11-14 09:58 - 2014-10-29 19:47 - 19354801 _____ () C:\Users\Gisele\Documents\André Hazes & Gerard Joling Unchained Melody.mp4
2014-11-13 13:29 - 2014-11-13 13:29 - 00001047 _____ () C:\Users\Public\Desktop\MAGIX MP3 deluxe MX.lnk
2014-11-13 13:29 - 2014-11-13 13:29 - 00000000 ____D () C:\Users\Gisele\Documents\MAGIX_MusicEditor
2014-11-13 13:29 - 2014-11-13 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-11-13 13:28 - 2014-11-13 13:28 - 00000000 ___RD () C:\Users\Gisele\Documents\MAGIX
2014-11-13 13:28 - 2014-11-13 13:28 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-11-13 12:14 - 2014-11-13 12:14 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cfee6bf72142fd
2014-11-13 12:14 - 2014-11-13 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-11-13 10:46 - 2014-11-15 08:15 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-11-13 10:45 - 2014-11-15 08:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-11-13 10:45 - 2014-11-15 08:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-11-12 18:46 - 2014-11-12 18:46 - 00003050 _____ () C:\Windows\System32\Tasks\{10A84920-3E16-4375-9AC1-E08445D4B6BF}
2014-11-12 18:43 - 2014-11-12 18:43 - 00509984 ____N (Microsoft Corporation) C:\HTGD0006.exe
2014-11-12 18:43 - 2014-11-12 18:43 - 00040960 ____N () C:\HTGD0003.exe
2014-11-12 18:43 - 2014-11-12 18:43 - 00036864 ____N () C:\HTGD0005.exe
2014-11-12 18:43 - 2014-11-12 18:43 - 00013855 _____ () C:\HTGD0004.txt
2014-11-12 18:43 - 2014-11-12 18:43 - 00003728 _____ () C:\HTGD0002.bmp
2014-11-12 11:47 - 2014-11-12 17:34 - 00015819 _____ () C:\Users\Gisele\Documents\Anja.odt
2014-11-12 10:26 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:26 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:24 - 2014-11-12 10:24 - 00000000 __SHD () C:\Users\Gisele\AppData\Local\EmieBrowserModeList
2014-11-12 10:00 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 10:00 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 10:00 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 10:00 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:00 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:00 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:00 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:00 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:00 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:00 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 10:00 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:00 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:00 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:00 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:00 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:00 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:00 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:00 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:00 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:00 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:00 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:00 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:00 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:00 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 09:59 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:59 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 09:58 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 09:58 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 09:58 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 09:58 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 09:58 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 09:58 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 09:58 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 09:58 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 09:58 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 09:57 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 09:57 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 09:57 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 09:57 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 09:57 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 09:57 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 09:57 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 09:57 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 09:57 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 09:57 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 09:57 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 09:57 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 09:57 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 09:57 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 09:57 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 09:57 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 09:57 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 09:57 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 09:57 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 09:57 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 09:57 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 09:57 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 09:57 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 09:57 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 09:57 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 09:57 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 09:57 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 09:57 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 09:57 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 09:57 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 09:57 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 09:57 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 09:57 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 09:57 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 09:57 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 09:57 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 09:57 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 09:57 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 09:57 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 09:57 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 09:57 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 09:57 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 09:57 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 09:57 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 09:57 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 09:57 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 09:57 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 09:53 - 2014-11-15 21:42 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForGisele.job
2014-11-12 09:53 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:53 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 09:45 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:45 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 09:44 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:44 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 09:44 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:44 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:44 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:44 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:44 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:44 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 05:19 - 2014-11-12 05:21 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\WiseUpdate
2014-11-11 17:54 - 2014-11-14 21:28 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8CF9FF90-B28E-455B-B6CC-0DC6874004A8}
2014-11-11 16:28 - 2014-11-11 16:28 - 00001731 _____ () C:\Users\Gisele\Desktop\BearShare.lnk
2014-11-11 16:22 - 2014-11-11 16:22 - 00000000 _____ () C:\vcredist.bmp
2014-11-11 16:03 - 2014-11-11 16:03 - 00000314 _____ () C:\Users\Gisele\Desktop\Google Maps.url
2014-11-11 15:33 - 2014-11-11 15:33 - 17574816 _____ (Vitzo Limited ) C:\Users\Gisele\Downloads\VDownloaderSetup.exe
2014-11-11 15:23 - 2014-11-12 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HERMA Label Designer plus 1.1 NL
2014-11-11 15:23 - 2014-11-12 18:27 - 00000000 ____D () C:\Program Files (x86)\HERMA
2014-11-11 15:23 - 2014-11-11 15:22 - 00397312 _____ () C:\Windows\iwexec.exe
2014-11-11 14:50 - 2014-11-11 14:50 - 00001999 _____ () C:\Users\Gisele\Desktop\HP Photosmart 5520 series.lnk
2014-11-11 14:32 - 2014-11-11 14:32 - 00001564 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-11-11 14:32 - 2014-11-11 14:32 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\LibreOffice
2014-11-11 14:32 - 2014-11-11 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-11-11 14:31 - 2014-11-11 14:32 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-11-11 14:23 - 2014-11-11 14:23 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2014-11-11 14:14 - 2014-11-11 14:14 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-11 14:14 - 2014-11-11 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-11 13:49 - 2014-11-11 13:49 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Hemera
2014-11-11 13:12 - 2014-11-11 13:12 - 00001224 _____ () C:\Users\Gisele\Desktop\Revo Uninstaller.lnk
2014-11-11 13:09 - 2014-11-11 13:09 - 00000696 _____ () C:\Users\Gisele\Desktop\Downloads.lnk
2014-11-11 12:54 - 2014-11-11 12:54 - 00000172 _____ () C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-11-11 12:53 - 2014-11-11 12:53 - 00621912 _____ ( ) C:\Users\Gisele\Downloads\VDownloaderIC.exe
2014-11-11 12:21 - 2014-11-11 12:21 - 00001399 _____ () C:\Users\Gisele\Desktop\MP3Gain.lnk
2014-11-11 12:08 - 2014-11-11 12:08 - 00001061 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2014-11-11 12:08 - 2014-11-11 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2014-11-11 11:53 - 2014-11-11 11:53 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-11 11:48 - 2014-11-11 11:48 - 00000488 _____ () C:\Users\Gisele\Desktop\Lokale schijf ©.lnk
2014-11-11 11:16 - 2014-11-14 12:31 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\GemistDownloader
2014-11-11 11:16 - 2014-11-11 11:16 - 00001079 _____ () C:\Users\Gisele\Desktop\GemistDownloader.lnk
2014-11-11 11:16 - 2014-11-11 11:16 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GemistDownloader
2014-11-11 11:12 - 2014-11-11 11:13 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-11-11 11:12 - 2014-11-11 11:12 - 00001848 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-11-11 11:12 - 2014-11-11 11:12 - 00000380 _____ () C:\Windows\Tasks\GarminUpdaterTask.job
2014-11-11 11:12 - 2014-11-11 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-11-11 11:07 - 2014-11-11 14:25 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-11-11 11:07 - 2014-11-11 11:07 - 00001322 _____ () C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2014-11-11 10:58 - 2014-11-11 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-11-11 10:58 - 2014-11-11 10:58 - 00000000 ____D () C:\Program Files\DivX
2014-11-11 10:48 - 2014-11-11 10:48 - 00001192 _____ () C:\Users\Public\Desktop\eID Viewer.lnk
2014-11-11 10:48 - 2014-11-11 10:48 - 00000000 ____D () C:\Windows\SysWOW64\siscardplugins
2014-11-11 10:48 - 2014-11-11 10:48 - 00000000 ____D () C:\Program Files\log
2014-11-11 09:59 - 2014-11-11 09:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-11-11 08:42 - 2014-11-11 08:42 - 00002058 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-11-11 08:42 - 2014-11-11 08:42 - 00001401 _____ () C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-11 08:42 - 2014-11-11 08:42 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-10 19:53 - 2014-11-10 19:53 - 00000000 _____ () C:\autoexec.bat
2014-11-10 18:58 - 2014-11-10 18:58 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGisele
2014-11-10 18:13 - 2014-11-10 18:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-10 18:08 - 2014-11-11 17:38 - 00001371 _____ () C:\Users\Gisele\Desktop\Internet Explorer.lnk
2014-11-10 16:35 - 2014-11-10 17:07 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-11-10 16:34 - 2014-11-10 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2014-11-10 16:34 - 2012-11-21 20:16 - 01184984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc1dmod.dll
2014-11-10 16:34 - 2012-11-21 20:16 - 00626688 _____ (On2.com) C:\Windows\SysWOW64\vp7vfw.dll
2014-11-10 16:27 - 2014-11-10 16:27 - 00001113 _____ () C:\Users\Gisele\Desktop\Documenten.lnk
2014-11-10 16:07 - 2014-11-10 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader
2014-11-10 16:07 - 2014-11-10 16:07 - 00000378 _____ () C:\Windows\Tasks\Update Service YourFileDownloader.job
2014-11-09 16:01 - 2014-11-11 11:11 - 00000000 ____D () C:\Users\Gisele\AppData\Local\Garmin
2014-11-09 11:32 - 2014-11-11 11:12 - 00000000 ____D () C:\ProgramData\Garmin
2014-11-09 11:31 - 2014-11-11 11:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-09 11:27 - 2014-11-09 11:27 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin
2014-11-09 11:27 - 2014-11-09 11:27 - 00000000 ____D () C:\Program Files (x86)\Garmin GPS Plugin
2014-11-09 11:26 - 2014-11-09 11:33 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Garmin
2014-11-06 04:58 - 2014-11-06 04:58 - 00000320 _____ () C:\Windows\Tasks\1114avUpdateInfo.job
2014-11-06 04:58 - 2014-11-06 04:58 - 00000000 ____D () C:\ProgramData\Avg_Update_1114av
2014-10-29 21:35 - 2014-10-29 21:35 - 00263960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-10-23 03:49 - 2014-11-15 22:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfee6bf72142fd.job
2014-10-19 17:01 - 2014-10-19 17:01 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\AVG2015
2014-10-19 16:57 - 2014-10-19 17:00 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-19 16:56 - 2014-11-10 18:12 - 00000000 ____D () C:\Users\Gisele\AppData\Local\Avg2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 22:03 - 2012-10-03 17:47 - 01433921 _____ () C:\Windows\WindowsUpdate.log
2014-11-15 22:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-15 21:52 - 2012-02-10 15:33 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-15 21:39 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-15 21:39 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-15 21:19 - 2012-10-09 20:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-15 17:54 - 2012-02-10 23:38 - 00745998 _____ () C:\Windows\system32\perfh013.dat
2014-11-15 17:54 - 2012-02-10 23:38 - 00153918 _____ () C:\Windows\system32\perfc013.dat
2014-11-15 17:54 - 2009-07-14 06:13 - 01671080 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 17:43 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-15 17:42 - 2009-07-14 03:34 - 71041024 _____ () C:\Windows\system32\config\software.bak
2014-11-15 17:42 - 2009-07-14 03:34 - 21495808 _____ () C:\Windows\system32\config\system.bak
2014-11-15 17:42 - 2009-07-14 03:34 - 00720896 _____ () C:\Windows\system32\config\default.bak
2014-11-15 17:42 - 2009-07-14 03:34 - 00057344 _____ () C:\Windows\system32\config\sam.bak
2014-11-15 17:42 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-11-15 14:28 - 2012-10-04 05:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-15 08:17 - 2012-10-05 19:50 - 00000000 ____D () C:\Program Files\VDownloader
2014-11-14 21:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-14 21:00 - 2009-07-14 05:45 - 00424496 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 20:45 - 2013-10-24 11:59 - 00000000 ____D () C:\Users\Gisele\AppData\Local\BearShare
2014-11-14 20:40 - 2012-10-05 18:40 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\uTorrent
2014-11-14 20:37 - 2012-10-05 11:40 - 00114648 _____ () C:\Users\Gisele\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-14 14:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 12:28 - 2014-02-20 09:36 - 00000000 ___RD () C:\Users\Gisele\Documents\Freemake
2014-11-14 12:26 - 2013-03-11 14:22 - 00000000 ____D () C:\ProgramData\Freemake
2014-11-14 12:25 - 2013-04-28 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-11-14 12:25 - 2013-03-11 14:21 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-11-14 12:06 - 2012-10-05 19:44 - 00000000 ____D () C:\Users\Gisele\AppData\Local\CrashDumps
2014-11-14 11:49 - 2012-10-05 18:16 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\vlc
2014-11-14 11:48 - 2014-05-30 15:37 - 00000000 ____D () C:\Users\Gisele\Documents\62 TENORS HITS
2014-11-14 11:48 - 2014-01-10 19:59 - 00000000 ____D () C:\Users\Gisele\Documents\34 HOLLANDSE HITS
2014-11-14 11:48 - 2014-01-10 19:55 - 00000000 ____D () C:\Users\Gisele\Documents\HOLLANDS
2014-11-14 10:29 - 2013-12-02 20:39 - 00000000 ____D () C:\Users\Gisele\AppData\Local\Easy Computing
2014-11-14 10:22 - 2012-02-10 16:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-14 05:12 - 2013-12-05 11:45 - 00000000 ___DC () C:\Users\Gisele\AppData\Local\MigWiz
2014-11-14 05:12 - 2007-01-02 02:25 - 00000000 ____D () C:\Windows\Panther
2014-11-14 05:11 - 2014-04-02 10:29 - 00000000 ____D () C:\ProgramData\MAGIX
2014-11-14 05:11 - 2014-04-02 10:24 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\MAGIX
2014-11-13 13:11 - 2014-02-20 12:53 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\MediaMonkey
2014-11-13 12:37 - 2012-10-09 20:23 - 00000000 ____D () C:\Users\Gisele\AppData\Local\Google
2014-11-13 12:37 - 2012-10-09 20:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-13 12:14 - 2012-10-09 20:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 19:09 - 2014-01-13 13:09 - 00000000 ____D () C:\Users\Gisele\Tracing
2014-11-12 16:39 - 2013-12-09 21:23 - 00000000 ___RD () C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1
2014-11-12 11:27 - 2012-10-03 17:47 - 00000000 ____D () C:\Users\Gisele
2014-11-12 10:16 - 2014-04-23 03:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 10:11 - 2013-08-17 09:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 10:04 - 2012-10-10 09:56 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 09:35 - 2012-12-25 19:42 - 00000000 ____D () C:\$AVG
2014-11-12 04:52 - 2012-02-10 15:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 04:52 - 2012-02-10 15:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 04:52 - 2012-02-10 15:33 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 17:30 - 2013-01-17 10:02 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-11 17:30 - 2012-10-04 10:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-11 17:11 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-11 14:59 - 2014-02-20 11:34 - 00000856 _____ () C:\Windows\ODBCINST.INI
2014-11-11 14:23 - 2012-10-05 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2014-11-11 14:23 - 2012-10-05 18:29 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2014-11-11 14:13 - 2012-10-05 18:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-11 13:49 - 2012-10-03 17:48 - 00000000 ____D () C:\Users\Gisele\AppData\Local\VirtualStore
2014-11-11 12:08 - 2014-04-09 12:53 - 00000228 _____ () C:\Windows\Tasks\elbyExecuteWithUAC.job
2014-11-11 12:02 - 2014-02-21 12:09 - 00000000 ____D () C:\ProgramData\Uninstall
2014-11-11 12:00 - 2014-02-21 12:00 - 00000000 ____D () C:\ProgramData\Roxio
2014-11-11 11:53 - 2012-10-05 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-11 11:16 - 2014-06-30 15:08 - 00000000 ____D () C:\Program Files (x86)\GemistDownloader
2014-11-11 11:11 - 2014-01-01 09:41 - 00000000 ___RD () C:\Users\Gisele\Documents\GARMIN
2014-11-11 10:59 - 2014-05-11 10:13 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-11-11 10:59 - 2014-05-11 10:12 - 00000000 ____D () C:\ProgramData\DivX
2014-11-11 10:48 - 2012-10-05 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID
2014-11-11 10:48 - 2012-10-05 19:31 - 00000000 ____D () C:\Program Files (x86)\Belgium Identity Card
2014-11-11 10:48 - 2011-06-28 11:18 - 00000970 _____ () C:\Windows\beidgui.conf
2014-11-11 08:35 - 2014-02-09 14:28 - 00000000 ___RD () C:\Users\Gisele\Documents\HP
2014-11-10 17:07 - 2012-12-25 19:56 - 00000000 ____D () C:\Program Files (x86)\VSO
2014-11-10 17:07 - 2012-11-01 16:33 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\dvdcss
2014-11-10 17:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-10 16:34 - 2012-12-25 19:56 - 00099384 _____ () C:\Users\Gisele\AppData\Roaming\inst.exe
2014-11-10 16:34 - 2012-12-25 19:56 - 00082816 _____ (VSO Software) C:\Users\Gisele\AppData\Roaming\pcouffin.sys
2014-11-10 16:34 - 2012-12-25 19:56 - 00007859 _____ () C:\Users\Gisele\AppData\Roaming\pcouffin.cat
2014-11-10 16:34 - 2012-12-25 19:56 - 00000055 _____ () C:\Users\Gisele\AppData\Roaming\pcouffin.log
2014-11-10 16:34 - 2012-12-25 19:56 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Vso
2014-11-10 16:08 - 2014-03-04 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-10 16:08 - 2014-02-06 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-11-10 16:08 - 2014-01-15 10:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-11-10 16:08 - 2013-04-10 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-10 16:08 - 2012-10-05 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SubMagic
2014-11-10 16:08 - 2012-10-05 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BearShare
2014-11-10 16:08 - 2012-06-01 01:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-11-10 16:08 - 2012-02-10 15:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-11-10 16:08 - 2012-02-10 15:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-11-10 16:08 - 2012-02-10 15:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-11-10 16:08 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-10 16:08 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-10 16:08 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-10 15:53 - 2013-12-28 17:41 - 00017962 _____ () C:\Users\Gisele\Documents\dvd fims nieuw.odt
2014-11-10 11:13 - 2014-04-20 22:18 - 00000000 ___RD () C:\Users\Gisele\Documents\FIRMA
2014-11-04 12:19 - 2014-01-01 10:07 - 00000000 ____D () C:\Users\Gisele\Documents\DVD COVERS
2014-11-01 13:10 - 2014-07-17 12:18 - 00000000 ____D () C:\Users\Gisele\Documents\UGANDA
2014-11-01 12:22 - 2014-02-06 12:10 - 00000000 ____D () C:\Users\Gisele\Documents\SANTANDER
2014-10-31 18:07 - 2012-10-05 20:06 - 00000123 ___SH () C:\ProgramData\.zreglib
2014-10-30 12:30 - 2014-03-19 18:57 - 00692736 _____ () C:\Users\Gisele\AppData\Local\rx_audio.Cache
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 19:50 - 2014-02-21 14:12 - 13783216 _____ () C:\Users\Gisele\AppData\Local\rx_image32.Cache
2014-10-29 17:53 - 2014-01-10 19:58 - 00000000 ____D () C:\Users\Gisele\Documents\50 VLAAMSE HITS
2014-10-29 17:26 - 2013-11-17 14:12 - 00000000 ___RD () C:\Users\Gisele\Documents\HANDLEIDINGEN
2014-10-28 17:39 - 2014-06-29 14:50 - 00000000 ____D () C:\ProgramData\Apple
2014-10-28 17:36 - 2014-09-29 09:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-28 17:19 - 2014-02-21 12:13 - 00000000 ____D () C:\Users\Gisele\AppData\Local\Corel_Corporation
2014-10-24 10:46 - 2014-08-22 07:21 - 00000000 ____D () C:\Users\Gisele\AppData\Local\Adobe
2014-10-23 03:49 - 2014-06-18 03:40 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8a9ea7de147b.job
2014-10-20 11:53 - 2014-02-16 14:51 - 00000000 ___RD () C:\Users\Gisele\Documents\75 Great tenor performances
2014-10-19 17:00 - 2013-10-06 10:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-19 16:57 - 2012-10-04 05:10 - 00000000 ____D () C:\Program Files (x86)\AVG

Files to move or delete:
====================
C:\Windows\Tasks\{8BE261E3-B96D-4439-BA1F-AAD83FF4FAE1}.job

Some content of TEMP:
====================
C:\Users\Gisele\AppData\Local\Temp\Quarantine.exe
C:\Users\Gisele\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-15 00:52

==================== End Of Log ============================


  • 0

#19
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by Gisele at 2014-11-15 22:09:08
Running from C:\Users\Gisele\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.3.0 - SlySoft)
Ashampoo WinOptimizer Free v.1.0.0 (HKLM-x32\...\{4209F371-8668-980C-19C9-F8698AB75135}_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4213 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Belgium e-ID middleware 4.0.7 (build 7453) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207453}) (Version: 4.0.7453 - Belgian Government)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.140 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.3300 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Easy Computing - PC Drukkerij CD's & DVD's versie 6 (HKLM-x32\...\{E15CA073-CE07-4A33-8381-D4906C6173A7}) (Version: 4.1 - )
Elevated Installer (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{045320b6-c340-4960-aefd-57bf08a9b425}) (Version: 3.2.21.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
GemistDownloader (HKLM-x32\...\GemistDownloader) (Version: 2.8.1.8 - Wietze Beukema (HelpdeskWeb.nl))
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version:  - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{8A9B16F0-A84E-4EC5-BDA7-0ACCE79FB043}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP Photosmart 5520 series Basissoftware van het apparaat (HKLM\...\{D2FFE8A1-980E-4CF9-A48F-453D767BA661}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Productverbeteringsonderzoek (HKLM\...\{ABDD5DC4-E37C-40E1-AB1C-601AA7F7D383}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
LibreOffice 4.2 Help Pack (Dutch) (HKLM-x32\...\{B9953A9A-27B6-43C6-A65E-BCE875E9F1BF}) (Version: 4.2.3.3 - The Document Foundation)
LibreOffice 4.2.3.3 (HKLM-x32\...\{4117DF3C-6677-4A22-90B7-FF06923417E9}) (Version: 4.2.3.3 - The Document Foundation)
Macromedia Flash Player 8 (HKLM-x32\...\{6815FCDD-401D-481E-BA88-31B4754C2B46}) (Version: 8.0.22.0 - Macromedia)
MAGIX MP3 deluxe MX (HKLM-x32\...\MX.{84230203-26A9-4D3D-84FD-53B8EDF61087}) (Version: 18.0.3.115 - MAGIX Software GmbH)
MAGIX MP3 deluxe MX (Version: 18.0.3.115 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (Version: 7.0.1.29 - MAGIX Software GmbH) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0413-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 nl) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 nl)) (Version: 24.6.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version:  - )
Stuurprogrammapakket voor Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Stuurprogrammapakket voor Windows - Fedict SmartCard  (03/25/2014 4.0.7.4) (HKLM\...\B02255EDA75F867B4D85C5A5D23E13D9EF71E8AE) (Version: 03/25/2014 4.0.7.4 - Fedict)
Stuurprogrammapakket voor Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Update Service YourFileDownloader (HKU\S-1-5-21-774167087-3708585068-1396899783-1000\...\Update Service YourFileDownloader) (Version: 2.14.46 - http://www.yourfile-downloader.com.com) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.33 - VSO-Software SARL)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-774167087-3708585068-1396899783-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-774167087-3708585068-1396899783-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-774167087-3708585068-1396899783-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-774167087-3708585068-1396899783-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-774167087-3708585068-1396899783-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-774167087-3708585068-1396899783-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points  =========================

12-11-2014 09:01:01 Windows Update
12-11-2014 09:26:52 Windows Update
12-11-2014 17:42:54 Geïnstalleerd Easy Computing 15.000 Cliparts
14-11-2014 04:13:00 simplitec Power Suite: Energie besparen (Optimaliseren)
14-11-2014 04:14:57 simplitec Power Suite: Registry opruimen (Fouten verhelpen)
14-11-2014 09:21:06 Geïnstalleerd PC Drukkerij CD's & DVD's versie 6
14-11-2014 09:21:28 Geïnstalleerd Easy Computing - PC Drukkerij CD's & DVD's versie )±

15-11-2014 07:15:44 Removed Java 7 Update 7 (64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-15 17:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09B2D955-8D46-48DB-81CB-B97804C60739} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0F9CEDB3-8BBE-4302-B3DA-076C0793AF60} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1F55D593-C44F-4DCE-ABC9-669A390EE296} - System32\Tasks\Softland\FBackup 5\FBackup 5 Tray Agent_Gisele => C:\Program Files (x86)\Softland\FBackup 5\bTray.exe
Task: {28C15568-52AC-4F9E-B8E1-437EF193BF93} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink)
Task: {2F533DB8-0CB7-447F-A55F-5E93BACDD10C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
Task: {3662156F-7604-4060-B28D-562B9F48460F} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {4A1CD95E-D5B6-42FA-AD40-15EC3A9D6302} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {4B5F6003-CB98-46E8-86AA-F780BDF720A8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {50C7D608-2342-47CE-847E-267CE6710DDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
Task: {6632CA4C-9469-40D0-A72D-FBCAEEC5C74F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6634E84D-6931-431F-A2C9-0DF3F1A43B4B} - System32\Tasks\{2683A1CA-06EF-4604-8288-7DA072D4747C} => Iexplore.exe http://ui.skype.com/...tall?page=tsWLM
Task: {6E27E8AA-7D0B-497A-ACC7-1E3080E8E2B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {7E68F999-2C18-4840-9047-F71D2E5BEDA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {82FECA5E-94B7-4AE2-A065-D14BE0F8A0E5} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {BB7EE7DA-CDB1-4147-8ACA-981C37DB5A18} - System32\Tasks\GoogleUpdateTaskMachineCore1cfee6bf72142fd => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
Task: {C2438ADD-EA0F-47BC-B92F-F14530AF3AE9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {ED63F08A-521B-483A-B86D-E7925E5901D1} - System32\Tasks\AllmyappsUpdateTask => C:\Users\Gisele\AppData\Roaming\Allmyapps\Allmyapps.exe
Task: {FAA7FCA6-DC14-4FE6-9A8E-3BFCBFF68658} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-09-06] (Microsoft)
Task: C:\Windows\Tasks\0414bUpdateInfo.job => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0814avUpdateInfo.job => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avUpdateInfo.job => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\elbyExecuteWithUAC.job => C:\Program Files (x86)\SlySoft\AnyDVD\ExecuteWithUAC.exe
Task: C:\Windows\Tasks\GarminUpdaterTask.job => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8a9ea7de147b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfee6bf72142fd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGisele.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\SH.job => C:\Users\Gisele\AppData\Roaming\SH.exe <==== ATTENTION
Task: C:\Windows\Tasks\Update Service YourFileDownloader.job => C:\Program Files (x86)\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZOJPJJ.job => C:\Users\Gisele\AppData\Roaming\ZOJPJJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\{8BE261E3-B96D-4439-BA1F-AAD83FF4FAE1}.job => c:\program files\internet explorer\iexplore.exe

==================== Loaded Modules (whitelisted) =============

2014-11-10 16:35 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Gisele\Documents\De Kermisklanten - Ik heb eerbied voor jouw grijze haren ( 1970 ).mp3:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: HssSrv => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MapsGalaxy_39Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AnyDVD => "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Photosmart 5520 series (NET) => "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN32K185SB0602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MapsGalaxy Home Page Guard 64 bit => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader => C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: VDownloader => "C:\Program Files\VDownloader\VDownloader4.exe" /silent
MSCONFIG\startupreg: Windows Mobile-based device management => %windir%\WindowsMobile\wmdcBase.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-774167087-3708585068-1396899783-500 - Administrator - Disabled)
Gast (S-1-5-21-774167087-3708585068-1396899783-501 - Limited - Disabled)
Gisele (S-1-5-21-774167087-3708585068-1396899783-1000 - Administrator - Enabled) => C:\Users\Gisele
HomeGroupUser$ (S-1-5-21-774167087-3708585068-1396899783-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2014 10:01:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 09:33:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 05:44:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 05:28:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 05:24:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 04:36:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 02:37:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 09:01:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 02:01:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 01:53:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/15/2014 10:01:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)

Error: (11/15/2014 10:01:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (via LRPC)

Error: (11/15/2014 10:00:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Microsoft Antimalware Service-service kan vanwege de volgende fout niet worden gestart:
%%1053

Error: (11/15/2014 10:00:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Microsoft Antimalware Service.

Error: (11/15/2014 09:59:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN-uitbreidingsmodule is onverwacht gestopt.

Pad naar module: C:\Windows\System32\bcmihvsrv64.dll

Error: (11/15/2014 09:59:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN-uitbreidingsmodule is onverwacht gestopt.

Pad naar module: C:\Windows\System32\bcmihvsrv64.dll

Error: (11/15/2014 09:59:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN-uitbreidingsmodule is onverwacht gestopt.

Pad naar module: C:\Windows\System32\bcmihvsrv64.dll

Error: (11/15/2014 09:58:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De FABS - Helping agent for MAGIX media database-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (11/15/2014 09:58:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Media Player Network Sharing Service-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (11/15/2014 09:58:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.

Microsoft Office Sessions:
=========================
Error: (11/15/2014 10:01:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 09:33:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 05:44:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 05:28:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 05:24:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 04:36:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2014 02:37:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 09:01:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 02:01:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 01:53:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2014-11-15 17:32:45.312
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-11-15 17:32:45.296
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-11-15 17:32:45.265
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-11-15 17:32:45.234
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-11-15 16:41:41.354
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-11-15 16:41:41.339
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-11-15 16:41:41.307
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-11-15 16:41:41.276
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-11-15 14:44:35.518
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

  Date: 2014-11-15 14:44:35.489
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 31%
Total physical RAM: 6040.36 MB
Available physical RAM: 4147.13 MB
Total Pagefile: 12078.9 MB
Available Pagefile: 10066.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.59 GB) (Free:252.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:23.87 GB) (Free:2.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D514C5BB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================


  • 0

#20
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

The black screen with mouse icon still appears for a while before login screen appears.

 

startpage on internet explorer is back the old one,so websearches is gone, thanks.

 

What can we do next to maybe cleanup the system?


  • 0

#21
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Things are looking better but we still have some work to do. Please follow the steps below.

 

 

 

Step#1 - Remove Microsoft Security Essentials Remnants

Download the MSE removal tool to your desktop. Double-click on the file and simply select Run when prompted and accept the defaults. You may (but I doubt it in this case) get a message stating that the program wasn't found which is fine. It's important to check that no remnants were identified.

 

Step#2 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot.

 

Ashampoo WinOptimizer Free v.1.0.0

Update Service YourFileDownloader

 

 

Step#3 - FRST Fix
 NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   3.26KB   238 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#4 - JRT
Note: Please disable your Antivirus Software before doing Step#1. Info on how to do this is here but in general you normally can right-click the icon that represents your AV by the time on your computer and disable.
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

 

Step#5 - Malwarebytes Scan

 

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

 

 

Step#6 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 

 
 
Items for your next post
1. FRST Fix Log

2. JRT log

3. Malwarebytes log

4. FRST and Addition logs

 


  • 0

#22
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

Results Step#1 - Remove Microsoft Security Essentials Remnants:

the fix it tool says 'this microsoft fix it has been processed. I don't know what it has done, as it doesn't tell. So I'm not sure if remnants were identified.


  • 0

#23
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

uninstalling apps:

 

ashampoo: message appears after uninstalling:  uninstaling of ashampp is finished, soms element couldn't be removed, this can be removed manually.

 

update service: an error occurd while removing update service.... it's possible it is already removed? Do you want to remove update serice.. from the list of programs and ... ? I clicked yes.


  • 0

#24
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Gisele at 2014-11-16 08:22:33 Run:1
Running from C:\Users\Gisele\Desktop
Loaded Profile: Gisele (Available profiles: Gisele)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {6BCC5539-643F-485D-94A5-C6C89F48B37D} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO-x32: Toolbar BHO -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll No File
BHO-x32: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-774167087-3708585068-1396899783-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-774167087-3708585068-1396899783-1000 -> No Name - {0734D757-FEA6-4637-A7E4-2BD40A7FD8DA} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin HKU\S-1-5-21-774167087-3708585068-1396899783-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\VDownloader\Addons\FireFox
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx []
C:\Users\Gisele\AppData\Roaming\WiseUpdate
C:\Users\Gisele\Desktop\BearShare.lnk
C:\Users\Gisele\Downloads\VDownloaderSetup.exe
C:\Users\Gisele\Downloads\VDownloaderIC.exe
C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader
C:\Windows\Tasks\Update Service YourFileDownloader.job
C:\Program Files\VDownloader
C:\Users\Gisele\AppData\Local\BearShare
Task: C:\Windows\Tasks\SH.job => C:\Users\Gisele\AppData\Roaming\SH.exe <==== ATTENTION
Task: C:\Windows\Tasks\Update Service YourFileDownloader.job => C:\Program Files (x86)\YourFileDownloaderUpdater\YourFileDownloaderUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZOJPJJ.job => C:\Users\Gisele\AppData\Roaming\ZOJPJJ.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
C:\Users\Gisele\AppData\Roaming\ZOJPJJ.exe
C:\Users\Gisele\AppData\Roaming\SH.exe
C:\Program Files (x86)\YourFileDownloaderUpdater
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
EmptyTemp:
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value deleted successfully.
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value deleted successfully.
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value deleted successfully.
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-774167087-3708585068-1396899783-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BCC5539-643F-485D-94A5-C6C89F48B37D}" => Key deleted successfully.
"HKCR\CLSID\{6BCC5539-643F-485D-94A5-C6C89F48B37D}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key not found.
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0734D757-FEA6-4637-A7E4-2BD40A7FD8DA} => value deleted successfully.
"HKCR\CLSID\{0734D757-FEA6-4637-A7E4-2BD40A7FD8DA}" => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => Key not found.
FF Plugin HKU\S-1-5-21-774167087-3708585068-1396899783-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll No File => Error: No automatic fix found for this entry.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh" => Key deleted successfully.
"C:\Program Files\VDownloader\Addons\Chrome.crx" => File/Directory not found.
C:\Users\Gisele\AppData\Roaming\WiseUpdate => Moved successfully.
C:\Users\Gisele\Desktop\BearShare.lnk => Moved successfully.
C:\Users\Gisele\Downloads\VDownloaderSetup.exe => Moved successfully.
C:\Users\Gisele\Downloads\VDownloaderIC.exe => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader => Moved successfully.
C:\Windows\Tasks\Update Service YourFileDownloader.job => Moved successfully.
C:\Program Files\VDownloader => Moved successfully.
C:\Users\Gisele\AppData\Local\BearShare => Moved successfully.
C:\Windows\Tasks\SH.job => Moved successfully.
C:\Windows\Tasks\Update Service YourFileDownloader.job not found.
C:\Windows\Tasks\ZOJPJJ.job => Moved successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\Users\Gisele\AppData\Roaming\ZOJPJJ.exe => Moved successfully.
C:\Users\Gisele\AppData\Roaming\SH.exe => Moved successfully.
"C:\Program Files (x86)\YourFileDownloaderUpdater" => File/Directory not found.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
De bewerking is voltooid.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
De bewerking is voltooid.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
De bewerking is voltooid.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
De bewerking is voltooid.
 
 
 
========= End of Reg: =========
 
EmptyTemp: => Removed 222.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#25
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Gisele on zo 16/11/2014 at  8:32:30,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.DynamicBarButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.DynamicBarButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.Radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.Radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.RadioSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.RadioSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SkinLauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SkinLauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SkinLauncherSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SkinLauncherSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.UrlAlertButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.UrlAlertButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.XMLSessionPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.XMLSessionPlugin.1
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Gisele\appdata\local\{02FE036D-56B0-4B48-ABF9-1135EB6648D9}
Successfully deleted: [Empty Folder] C:\Users\Gisele\appdata\local\{333280E3-9F93-41C9-9FB4-267025FA2A14}
Successfully deleted: [Empty Folder] C:\Users\Gisele\appdata\local\{568C18DC-53C5-4681-84D1-22C0198BAE01}
Successfully deleted: [Empty Folder] C:\Users\Gisele\appdata\local\{67E0A997-BBA3-465E-8C63-9AFF5404B479}
Successfully deleted: [Empty Folder] C:\Users\Gisele\appdata\local\{74FD1AAD-A6A6-4CB0-A26E-93DDC89798C4}
Successfully deleted: [Empty Folder] C:\Users\Gisele\appdata\local\{92E038DF-8DF4-4ADF-A893-8201FFEC5AEB}
Successfully deleted: [Empty Folder] C:\Users\Gisele\appdata\local\{950B0D5C-D598-4372-A86E-610A190F850C}
Successfully deleted: [Empty Folder] C:\Users\Gisele\appdata\local\{C2A0C559-8AB3-432D-863B-6B22ABA815C6}
Successfully deleted: [Empty Folder] C:\Users\Gisele\appdata\local\{ECB4A04C-5EEE-43B8-961B-37F29D97F2FB}
Successfully deleted: [Empty Folder] C:\Users\Gisele\appdata\local\{FF8B521A-4F75-42F4-BBBB-F9317E85E90A}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on zo 16/11/2014 at  8:36:21,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

Advertisements


#26
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 16/11/2014
Scan Time: 8:50:52
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.16.01
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Gisele
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336465
Time Elapsed: 22 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.RobinHood.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{54E67346-EE5A-45B6-82AA-4F0BB28C79C2}, Quarantined, [3eab370364183afc5312ead0e022cf31], 
PUP.Optional.ClickCaption.A, HKLM\SOFTWARE\WOW6432NODE\ClickCaption_1.10.0.2, Quarantined, [35b42614a5d70a2c8ff7f04492710bf5], 
PUP.Optional.RobinHood.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iidmoehhpbghchkaogkhmcckhlhebekn, Quarantined, [06e37bbf0f6d122462825a074ab99e62], 
PUP.Optional.DealCabby.A, HKU\S-1-5-21-774167087-3708585068-1396899783-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DealCabby, Quarantined, [03e66cce186452e4f7202e8180844fb1], 
 
Registry Values: 2
PUP.Optional.FreeMakeConverter.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\, Quarantined, [dc0de357037996a012990d288b789967]
PUP.Optional.SpeedTest, HKU\S-1-5-21-774167087-3708585068-1396899783-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|speedtest4354@BestOffers, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, Quarantined, [09e03dfd1b61d6606b0c67e03bc82ed2]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 4
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\SPEEDTEST4354@BESTOFFERS, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\SPEEDTEST4354@BESTOFFERS\chrome, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\SPEEDTEST4354@BESTOFFERS\chrome\content, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\SPEEDTEST4354@BESTOFFERS\chrome\skin, Quarantined, [797096a48cf066d032b523f9ae558977], 
 
Files: 31
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome.manifest, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\icon.png, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\install.rdf, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\background.html, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.js, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.xml, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\config.js, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\content.js, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.js, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.png, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.xul, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.ico, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.png, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.ico, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.png, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.ico, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.png, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.ico, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.png, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.ico, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.png, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.ico, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.png, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.ico, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.png, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\jquery-1.9.1.min.js, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\options.xul, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\rjs.js, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\settings.json, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\subscriptloader.js, Quarantined, [797096a48cf066d032b523f9ae558977], 
PUP.Optional.SpeedTest.A, C:\Users\Gisele\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin\framework.css, Quarantined, [797096a48cf066d032b523f9ae558977], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#27
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Gisele (administrator) on GISELE-HP-LAP on 16-11-2014 09:26:23
Running from C:\Users\Gisele\Desktop
Loaded Profile: Gisele (Available profiles: Gisele)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-774167087-3708585068-1396899783-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-28] (Google Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hln.be/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {6BCC5539-643F-485D-94A5-C6C89F48B37D} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Aanmeldhulp voor Microsoft-account -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-774167087-3708585068-1396899783-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-774167087-3708585068-1396899783-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
FF Extension: eID België - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2012-10-05]
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-04-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-10-31] (Ellora Assets Corp.) [File not signed]
S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-10-21] (Garmin Ltd or its subsidiaries)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-03] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-13] (USB Smart Card Reader)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-16 09:26 - 2014-11-16 09:26 - 00013292 _____ () C:\Users\Gisele\Desktop\FRST.txt
2014-11-16 08:50 - 2014-11-16 08:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-16 08:50 - 2014-11-16 08:50 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-16 08:50 - 2014-11-16 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-16 08:50 - 2014-11-16 08:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-16 08:50 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-16 08:50 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-16 08:50 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-16 08:32 - 2014-11-16 08:32 - 00000000 ____D () C:\Windows\ERUNT
2014-11-16 08:20 - 2014-11-16 08:20 - 02116608 _____ (Farbar) C:\Users\Gisele\Desktop\FRST64.exe
2014-11-16 07:57 - 2014-11-16 08:57 - 00000354 _____ () C:\Windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
2014-11-16 07:57 - 2014-11-16 07:57 - 00014068 _____ () C:\FixitRegBackup.reg
2014-11-16 07:57 - 2014-11-16 07:57 - 00002786 _____ () C:\Windows\System32\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051
2014-11-15 22:08 - 2014-11-16 09:26 - 00000000 ____D () C:\FRST
2014-11-15 17:31 - 2014-11-15 17:51 - 00000000 ____D () C:\ComboFix
2014-11-14 21:09 - 2014-11-14 21:09 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\TeamViewer
2014-11-14 20:48 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-14 20:48 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-14 20:48 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-14 20:48 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-14 20:48 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-14 20:48 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-14 20:48 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-14 20:48 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-14 20:45 - 2014-11-15 17:51 - 00000000 ____D () C:\Qoobox
2014-11-14 20:45 - 2014-11-15 17:41 - 00000000 ____D () C:\Windows\erdnt
2014-11-14 15:11 - 2014-11-16 09:25 - 00000000 ____D () C:\Users\Gisele\Desktop\Nieuwe map
2014-11-14 14:05 - 2014-11-14 14:05 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-11-14 14:05 - 2014-11-14 14:05 - 00001126 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-11-14 14:05 - 2014-11-14 14:05 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-11-14 13:51 - 2014-11-16 09:24 - 00019306 _____ () C:\Windows\PFRO.log
2014-11-14 12:17 - 2014-11-14 12:18 - 17574816 _____ (Vitzo Limited ) C:\Users\Gisele\Downloads\VDownloaderSetup (1).exe
2014-11-14 10:30 - 2014-11-14 10:30 - 00001209 _____ () C:\Users\Gisele\Desktop\MAGIX Xtreme Print Studio.lnk
2014-11-14 10:21 - 2014-11-14 10:21 - 00002096 _____ () C:\Users\Public\Desktop\PC Drukkerij CD's & DVD's versie 6.lnk
2014-11-14 10:21 - 2014-11-14 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Computing
2014-11-14 10:20 - 2014-11-14 10:20 - 00000000 ____D () C:\Program Files (x86)\Easy Computing
2014-11-14 10:07 - 2014-11-16 09:24 - 00001232 _____ () C:\Windows\setupact.log
2014-11-14 10:07 - 2014-11-14 10:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-14 10:00 - 2014-11-10 12:43 - 699062512 _____ () C:\Users\Gisele\Documents\Zangeres Zonder Naam.mp4
2014-11-14 10:00 - 2014-10-29 19:25 - 730048494 _____ () C:\Users\Gisele\Documents\SYMPHONIE DES LEBENS BEST OF SEMINO ROSSI.mp4
2014-11-14 10:00 - 2014-10-19 11:01 - 61349286 _____ () C:\Users\Gisele\Documents\TROS Op Volle Toeren 29-09-1983.mp4
2014-11-14 10:00 - 2014-10-19 11:01 - 235414210 _____ () C:\Users\Gisele\Documents\TROS Op Volle Toeren 09-11-1984 (complete uitzending).mp4
2014-11-14 09:59 - 2014-11-10 12:37 - 266819926 _____ () C:\Users\Gisele\Documents\Op volle toeren - TROS 11-03-19821.mp4
2014-11-14 09:59 - 2014-10-19 10:58 - 265831079 _____ () C:\Users\Gisele\Documents\Op volle toeren 1981 - Complete uitzending.mp4
2014-11-14 09:59 - 2014-10-19 10:57 - 266819926 _____ () C:\Users\Gisele\Documents\Op volle toeren - TROS 11-03-1982.mp4
2014-11-14 09:59 - 2014-10-19 10:56 - 235187670 _____ () C:\Users\Gisele\Documents\Op volle toeren 12-01-1987.mp4
2014-11-14 09:58 - 2014-11-10 12:41 - 636845349 _____ () C:\Users\Gisele\Documents\heintje.mp4
2014-11-14 09:58 - 2014-11-10 12:37 - 832256054 _____ () C:\Users\Gisele\Documents\hollandse ouwe 6.mp4
2014-11-14 09:58 - 2014-10-29 19:47 - 19354801 _____ () C:\Users\Gisele\Documents\André Hazes & Gerard Joling Unchained Melody.mp4
2014-11-13 13:29 - 2014-11-13 13:29 - 00001047 _____ () C:\Users\Public\Desktop\MAGIX MP3 deluxe MX.lnk
2014-11-13 13:29 - 2014-11-13 13:29 - 00000000 ____D () C:\Users\Gisele\Documents\MAGIX_MusicEditor
2014-11-13 13:29 - 2014-11-13 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-11-13 13:28 - 2014-11-13 13:28 - 00000000 ___RD () C:\Users\Gisele\Documents\MAGIX
2014-11-13 13:28 - 2014-11-13 13:28 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-11-13 12:14 - 2014-11-13 12:14 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cfee6bf72142fd
2014-11-13 12:14 - 2014-11-13 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-11-13 10:46 - 2014-11-15 08:15 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-11-13 10:45 - 2014-11-15 08:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-11-13 10:45 - 2014-11-15 08:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-11-12 18:46 - 2014-11-12 18:46 - 00003050 _____ () C:\Windows\System32\Tasks\{10A84920-3E16-4375-9AC1-E08445D4B6BF}
2014-11-12 18:43 - 2014-11-12 18:43 - 00509984 ____N (Microsoft Corporation) C:\HTGD0006.exe
2014-11-12 18:43 - 2014-11-12 18:43 - 00040960 ____N () C:\HTGD0003.exe
2014-11-12 18:43 - 2014-11-12 18:43 - 00036864 ____N () C:\HTGD0005.exe
2014-11-12 18:43 - 2014-11-12 18:43 - 00013855 _____ () C:\HTGD0004.txt
2014-11-12 18:43 - 2014-11-12 18:43 - 00003728 _____ () C:\HTGD0002.bmp
2014-11-12 11:47 - 2014-11-12 17:34 - 00015819 _____ () C:\Users\Gisele\Documents\Anja.odt
2014-11-12 10:26 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 10:26 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 10:24 - 2014-11-12 10:24 - 00000000 __SHD () C:\Users\Gisele\AppData\Local\EmieBrowserModeList
2014-11-12 10:00 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 10:00 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 10:00 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 10:00 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 10:00 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 10:00 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 10:00 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 10:00 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 10:00 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 10:00 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 10:00 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 10:00 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 10:00 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:00 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 10:00 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 10:00 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 10:00 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 10:00 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 10:00 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 10:00 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 10:00 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 10:00 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 10:00 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 10:00 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 09:59 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:59 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 09:58 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 09:58 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 09:58 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 09:58 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 09:58 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 09:58 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 09:58 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 09:58 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 09:58 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 09:57 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 09:57 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 09:57 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 09:57 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 09:57 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 09:57 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 09:57 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 09:57 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 09:57 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 09:57 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 09:57 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 09:57 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 09:57 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 09:57 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 09:57 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 09:57 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 09:57 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 09:57 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 09:57 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 09:57 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 09:57 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 09:57 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 09:57 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 09:57 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 09:57 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 09:57 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 09:57 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 09:57 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 09:57 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 09:57 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 09:57 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 09:57 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 09:57 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 09:57 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 09:57 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 09:57 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 09:57 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 09:57 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 09:57 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 09:57 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 09:57 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 09:57 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 09:57 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 09:57 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 09:57 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 09:57 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 09:57 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 09:53 - 2014-11-16 08:18 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForGisele.job
2014-11-12 09:53 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:53 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 09:45 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:45 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 09:44 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:44 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 09:44 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:44 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:44 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:44 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:44 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:44 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 09:44 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 17:54 - 2014-11-16 07:47 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8CF9FF90-B28E-455B-B6CC-0DC6874004A8}
2014-11-11 16:22 - 2014-11-11 16:22 - 00000000 _____ () C:\vcredist.bmp
2014-11-11 16:03 - 2014-11-11 16:03 - 00000314 _____ () C:\Users\Gisele\Desktop\Google Maps.url
2014-11-11 15:23 - 2014-11-12 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HERMA Label Designer plus 1.1 NL
2014-11-11 15:23 - 2014-11-12 18:27 - 00000000 ____D () C:\Program Files (x86)\HERMA
2014-11-11 15:23 - 2014-11-11 15:22 - 00397312 _____ () C:\Windows\iwexec.exe
2014-11-11 14:50 - 2014-11-11 14:50 - 00001999 _____ () C:\Users\Gisele\Desktop\HP Photosmart 5520 series.lnk
2014-11-11 14:32 - 2014-11-11 14:32 - 00001564 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk
2014-11-11 14:32 - 2014-11-11 14:32 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\LibreOffice
2014-11-11 14:32 - 2014-11-11 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-11-11 14:31 - 2014-11-11 14:32 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-11-11 14:23 - 2014-11-11 14:23 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2014-11-11 14:14 - 2014-11-11 14:14 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-11 14:14 - 2014-11-11 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-11 13:49 - 2014-11-11 13:49 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Hemera
2014-11-11 13:12 - 2014-11-11 13:12 - 00001224 _____ () C:\Users\Gisele\Desktop\Revo Uninstaller.lnk
2014-11-11 13:09 - 2014-11-11 13:09 - 00000696 _____ () C:\Users\Gisele\Desktop\Downloads.lnk
2014-11-11 12:54 - 2014-11-11 12:54 - 00000172 _____ () C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-11-11 12:21 - 2014-11-11 12:21 - 00001399 _____ () C:\Users\Gisele\Desktop\MP3Gain.lnk
2014-11-11 12:08 - 2014-11-11 12:08 - 00001061 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2014-11-11 12:08 - 2014-11-11 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2014-11-11 11:53 - 2014-11-11 11:53 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-11 11:48 - 2014-11-11 11:48 - 00000488 _____ () C:\Users\Gisele\Desktop\Lokale schijf ©.lnk
2014-11-11 11:16 - 2014-11-14 12:31 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\GemistDownloader
2014-11-11 11:16 - 2014-11-11 11:16 - 00001079 _____ () C:\Users\Gisele\Desktop\GemistDownloader.lnk
2014-11-11 11:16 - 2014-11-11 11:16 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GemistDownloader
2014-11-11 11:12 - 2014-11-11 11:13 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-11-11 11:12 - 2014-11-11 11:12 - 00001848 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-11-11 11:12 - 2014-11-11 11:12 - 00000380 _____ () C:\Windows\Tasks\GarminUpdaterTask.job
2014-11-11 11:12 - 2014-11-11 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-11-11 11:07 - 2014-11-11 14:25 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-11-11 11:07 - 2014-11-11 11:07 - 00001322 _____ () C:\Users\Public\Desktop\Freemake Video Downloader.lnk
2014-11-11 10:58 - 2014-11-11 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-11-11 10:58 - 2014-11-11 10:58 - 00000000 ____D () C:\Program Files\DivX
2014-11-11 10:48 - 2014-11-11 10:48 - 00001192 _____ () C:\Users\Public\Desktop\eID Viewer.lnk
2014-11-11 10:48 - 2014-11-11 10:48 - 00000000 ____D () C:\Windows\SysWOW64\siscardplugins
2014-11-11 10:48 - 2014-11-11 10:48 - 00000000 ____D () C:\Program Files\log
2014-11-11 09:59 - 2014-11-11 09:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-11-11 08:42 - 2014-11-11 08:42 - 00002058 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-11-11 08:42 - 2014-11-11 08:42 - 00001401 _____ () C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-11 08:42 - 2014-11-11 08:42 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-10 19:53 - 2014-11-10 19:53 - 00000000 _____ () C:\autoexec.bat
2014-11-10 18:58 - 2014-11-10 18:58 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGisele
2014-11-10 18:13 - 2014-11-10 18:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-10 18:08 - 2014-11-11 17:38 - 00001371 _____ () C:\Users\Gisele\Desktop\Internet Explorer.lnk
2014-11-10 16:35 - 2014-11-10 17:07 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-11-10 16:34 - 2014-11-10 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2014-11-10 16:34 - 2012-11-21 20:16 - 01184984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc1dmod.dll
2014-11-10 16:34 - 2012-11-21 20:16 - 00626688 _____ (On2.com) C:\Windows\SysWOW64\vp7vfw.dll
2014-11-10 16:27 - 2014-11-10 16:27 - 00001113 _____ () C:\Users\Gisele\Desktop\Documenten.lnk
2014-11-09 16:01 - 2014-11-11 11:11 - 00000000 ____D () C:\Users\Gisele\AppData\Local\Garmin
2014-11-09 11:32 - 2014-11-11 11:12 - 00000000 ____D () C:\ProgramData\Garmin
2014-11-09 11:31 - 2014-11-11 11:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-09 11:27 - 2014-11-09 11:27 - 00000000 ____D () C:\Program Files\Garmin GPS Plugin
2014-11-09 11:27 - 2014-11-09 11:27 - 00000000 ____D () C:\Program Files (x86)\Garmin GPS Plugin
2014-11-09 11:26 - 2014-11-09 11:33 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Garmin
2014-11-06 04:58 - 2014-11-06 04:58 - 00000320 _____ () C:\Windows\Tasks\1114avUpdateInfo.job
2014-11-06 04:58 - 2014-11-06 04:58 - 00000000 ____D () C:\ProgramData\Avg_Update_1114av
2014-10-29 21:35 - 2014-10-29 21:35 - 00263960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-10-23 03:49 - 2014-11-16 09:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfee6bf72142fd.job
2014-10-19 17:01 - 2014-10-19 17:01 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\AVG2015
2014-10-19 16:57 - 2014-10-19 17:00 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-19 16:56 - 2014-11-10 18:12 - 00000000 ____D () C:\Users\Gisele\AppData\Local\Avg2015
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-16 09:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 09:23 - 2012-10-03 17:47 - 01480252 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 09:19 - 2012-10-09 20:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-16 08:53 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-16 08:53 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-16 08:52 - 2012-02-10 15:33 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-16 07:55 - 2013-01-17 10:02 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-16 07:55 - 2012-10-04 10:17 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-16 07:47 - 2012-10-04 05:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-15 17:54 - 2012-02-10 23:38 - 00745998 _____ () C:\Windows\system32\perfh013.dat
2014-11-15 17:54 - 2012-02-10 23:38 - 00153918 _____ () C:\Windows\system32\perfc013.dat
2014-11-15 17:54 - 2009-07-14 06:13 - 01671080 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 17:43 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-15 17:42 - 2009-07-14 03:34 - 71041024 _____ () C:\Windows\system32\config\software.bak
2014-11-15 17:42 - 2009-07-14 03:34 - 21495808 _____ () C:\Windows\system32\config\system.bak
2014-11-15 17:42 - 2009-07-14 03:34 - 00720896 _____ () C:\Windows\system32\config\default.bak
2014-11-15 17:42 - 2009-07-14 03:34 - 00057344 _____ () C:\Windows\system32\config\sam.bak
2014-11-15 17:42 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-11-14 21:07 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-14 21:00 - 2009-07-14 05:45 - 00424496 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 20:40 - 2012-10-05 18:40 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\uTorrent
2014-11-14 20:37 - 2012-10-05 11:40 - 00114648 _____ () C:\Users\Gisele\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-14 14:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 12:28 - 2014-02-20 09:36 - 00000000 ___RD () C:\Users\Gisele\Documents\Freemake
2014-11-14 12:26 - 2013-03-11 14:22 - 00000000 ____D () C:\ProgramData\Freemake
2014-11-14 12:25 - 2013-04-28 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-11-14 12:25 - 2013-03-11 14:21 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-11-14 12:06 - 2012-10-05 19:44 - 00000000 ____D () C:\Users\Gisele\AppData\Local\CrashDumps
2014-11-14 11:49 - 2012-10-05 18:16 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\vlc
2014-11-14 11:48 - 2014-05-30 15:37 - 00000000 ____D () C:\Users\Gisele\Documents\62 TENORS HITS
2014-11-14 11:48 - 2014-01-10 19:59 - 00000000 ____D () C:\Users\Gisele\Documents\34 HOLLANDSE HITS
2014-11-14 11:48 - 2014-01-10 19:55 - 00000000 ____D () C:\Users\Gisele\Documents\HOLLANDS
2014-11-14 10:29 - 2013-12-02 20:39 - 00000000 ____D () C:\Users\Gisele\AppData\Local\Easy Computing
2014-11-14 10:22 - 2012-02-10 16:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-14 05:12 - 2013-12-05 11:45 - 00000000 ___DC () C:\Users\Gisele\AppData\Local\MigWiz
2014-11-14 05:12 - 2007-01-02 02:25 - 00000000 ____D () C:\Windows\Panther
2014-11-14 05:11 - 2014-04-02 10:29 - 00000000 ____D () C:\ProgramData\MAGIX
2014-11-14 05:11 - 2014-04-02 10:24 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\MAGIX
2014-11-13 13:11 - 2014-02-20 12:53 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\MediaMonkey
2014-11-13 12:37 - 2012-10-09 20:23 - 00000000 ____D () C:\Users\Gisele\AppData\Local\Google
2014-11-13 12:37 - 2012-10-09 20:23 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-13 12:14 - 2012-10-09 20:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 19:09 - 2014-01-13 13:09 - 00000000 ____D () C:\Users\Gisele\Tracing
2014-11-12 16:39 - 2013-12-09 21:23 - 00000000 ___RD () C:\Users\Gisele\Documents\DRIVERs & SLEUTELS1
2014-11-12 11:27 - 2012-10-03 17:47 - 00000000 ____D () C:\Users\Gisele
2014-11-12 10:16 - 2014-04-23 03:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 10:11 - 2013-08-17 09:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 10:04 - 2012-10-10 09:56 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 09:35 - 2012-12-25 19:42 - 00000000 ____D () C:\$AVG
2014-11-12 04:52 - 2012-02-10 15:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 04:52 - 2012-02-10 15:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 04:52 - 2012-02-10 15:33 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 17:11 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-11 14:59 - 2014-02-20 11:34 - 00000856 _____ () C:\Windows\ODBCINST.INI
2014-11-11 14:23 - 2012-10-05 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2014-11-11 14:23 - 2012-10-05 18:29 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2014-11-11 14:13 - 2012-10-05 18:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-11 13:49 - 2012-10-03 17:48 - 00000000 ____D () C:\Users\Gisele\AppData\Local\VirtualStore
2014-11-11 12:08 - 2014-04-09 12:53 - 00000228 _____ () C:\Windows\Tasks\elbyExecuteWithUAC.job
2014-11-11 12:02 - 2014-02-21 12:09 - 00000000 ____D () C:\ProgramData\Uninstall
2014-11-11 12:00 - 2014-02-21 12:00 - 00000000 ____D () C:\ProgramData\Roxio
2014-11-11 11:53 - 2012-10-05 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-11 11:16 - 2014-06-30 15:08 - 00000000 ____D () C:\Program Files (x86)\GemistDownloader
2014-11-11 11:11 - 2014-01-01 09:41 - 00000000 ___RD () C:\Users\Gisele\Documents\GARMIN
2014-11-11 10:59 - 2014-05-11 10:13 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-11-11 10:59 - 2014-05-11 10:12 - 00000000 ____D () C:\ProgramData\DivX
2014-11-11 10:48 - 2012-10-05 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belgium - eID
2014-11-11 10:48 - 2012-10-05 19:31 - 00000000 ____D () C:\Program Files (x86)\Belgium Identity Card
2014-11-11 10:48 - 2011-06-28 11:18 - 00000970 _____ () C:\Windows\beidgui.conf
2014-11-11 08:35 - 2014-02-09 14:28 - 00000000 ___RD () C:\Users\Gisele\Documents\HP
2014-11-10 17:07 - 2012-12-25 19:56 - 00000000 ____D () C:\Program Files (x86)\VSO
2014-11-10 17:07 - 2012-11-01 16:33 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\dvdcss
2014-11-10 17:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-10 16:34 - 2012-12-25 19:56 - 00099384 _____ () C:\Users\Gisele\AppData\Roaming\inst.exe
2014-11-10 16:34 - 2012-12-25 19:56 - 00082816 _____ (VSO Software) C:\Users\Gisele\AppData\Roaming\pcouffin.sys
2014-11-10 16:34 - 2012-12-25 19:56 - 00007859 _____ () C:\Users\Gisele\AppData\Roaming\pcouffin.cat
2014-11-10 16:34 - 2012-12-25 19:56 - 00000055 _____ () C:\Users\Gisele\AppData\Roaming\pcouffin.log
2014-11-10 16:34 - 2012-12-25 19:56 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\Vso
2014-11-10 16:08 - 2014-03-04 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-10 16:08 - 2014-02-06 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-11-10 16:08 - 2014-01-15 10:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-11-10 16:08 - 2013-04-10 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-10 16:08 - 2012-10-05 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SubMagic
2014-11-10 16:08 - 2012-10-05 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BearShare
2014-11-10 16:08 - 2012-06-01 01:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-11-10 16:08 - 2012-02-10 15:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-11-10 16:08 - 2012-02-10 15:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-11-10 16:08 - 2012-02-10 15:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-11-10 16:08 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-10 16:08 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-10 16:08 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-10 15:53 - 2013-12-28 17:41 - 00017962 _____ () C:\Users\Gisele\Documents\dvd fims nieuw.odt
2014-11-10 11:13 - 2014-04-20 22:18 - 00000000 ___RD () C:\Users\Gisele\Documents\FIRMA
2014-11-04 12:19 - 2014-01-01 10:07 - 00000000 ____D () C:\Users\Gisele\Documents\DVD COVERS
2014-11-01 13:10 - 2014-07-17 12:18 - 00000000 ____D () C:\Users\Gisele\Documents\UGANDA
2014-11-01 12:22 - 2014-02-06 12:10 - 00000000 ____D () C:\Users\Gisele\Documents\SANTANDER
2014-10-31 18:07 - 2012-10-05 20:06 - 00000123 ___SH () C:\ProgramData\.zreglib
2014-10-30 12:30 - 2014-03-19 18:57 - 00692736 _____ () C:\Users\Gisele\AppData\Local\rx_audio.Cache
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 19:50 - 2014-02-21 14:12 - 13783216 _____ () C:\Users\Gisele\AppData\Local\rx_image32.Cache
2014-10-29 17:53 - 2014-01-10 19:58 - 00000000 ____D () C:\Users\Gisele\Documents\50 VLAAMSE HITS
2014-10-29 17:26 - 2013-11-17 14:12 - 00000000 ___RD () C:\Users\Gisele\Documents\HANDLEIDINGEN
2014-10-28 17:39 - 2014-06-29 14:50 - 00000000 ____D () C:\ProgramData\Apple
2014-10-28 17:36 - 2014-09-29 09:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-28 17:19 - 2014-02-21 12:13 - 00000000 ____D () C:\Users\Gisele\AppData\Local\Corel_Corporation
2014-10-24 10:46 - 2014-08-22 07:21 - 00000000 ____D () C:\Users\Gisele\AppData\Local\Adobe
2014-10-23 03:49 - 2014-06-18 03:40 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8a9ea7de147b.job
2014-10-20 11:53 - 2014-02-16 14:51 - 00000000 ___RD () C:\Users\Gisele\Documents\75 Great tenor performances
2014-10-19 17:00 - 2013-10-06 10:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-19 16:57 - 2012-10-04 05:10 - 00000000 ____D () C:\Program Files (x86)\AVG
 
Files to move or delete:
====================
C:\Windows\Tasks\{8BE261E3-B96D-4439-BA1F-AAD83FF4FAE1}.job
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-15 00:52
 
==================== End Of Log ============================

  • 0

#28
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by Gisele at 2014-11-16 09:27:25
Running from C:\Users\Gisele\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.3.0 - SlySoft)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4213 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Belgium e-ID middleware 4.0.7 (build 7453) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207453}) (Version: 4.0.7453 - Belgian Government)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.140 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.3300 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Easy Computing - PC Drukkerij CD's & DVD's versie 6 (HKLM-x32\...\{E15CA073-CE07-4A33-8381-D4906C6173A7}) (Version: 4.1 - )
Elevated Installer (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{045320b6-c340-4960-aefd-57bf08a9b425}) (Version: 3.2.21.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.21.0 - Garmin Ltd or its subsidiaries) Hidden
GemistDownloader (HKLM-x32\...\GemistDownloader) (Version: 2.8.1.8 - Wietze Beukema (HelpdeskWeb.nl))
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version:  - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{8A9B16F0-A84E-4EC5-BDA7-0ACCE79FB043}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP Photosmart 5520 series Basissoftware van het apparaat (HKLM\...\{D2FFE8A1-980E-4CF9-A48F-453D767BA661}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Productverbeteringsonderzoek (HKLM\...\{ABDD5DC4-E37C-40E1-AB1C-601AA7F7D383}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
LibreOffice 4.2 Help Pack (Dutch) (HKLM-x32\...\{B9953A9A-27B6-43C6-A65E-BCE875E9F1BF}) (Version: 4.2.3.3 - The Document Foundation)
LibreOffice 4.2.3.3 (HKLM-x32\...\{4117DF3C-6677-4A22-90B7-FF06923417E9}) (Version: 4.2.3.3 - The Document Foundation)
Macromedia Flash Player 8 (HKLM-x32\...\{6815FCDD-401D-481E-BA88-31B4754C2B46}) (Version: 8.0.22.0 - Macromedia)
MAGIX MP3 deluxe MX (HKLM-x32\...\MX.{84230203-26A9-4D3D-84FD-53B8EDF61087}) (Version: 18.0.3.115 - MAGIX Software GmbH)
MAGIX MP3 deluxe MX (Version: 18.0.3.115 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (Version: 7.0.1.29 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware versie 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0413-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 nl) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 nl)) (Version: 24.6.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version:  - )
Stuurprogrammapakket voor Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Stuurprogrammapakket voor Windows - Fedict SmartCard  (03/25/2014 4.0.7.4) (HKLM\...\B02255EDA75F867B4D85C5A5D23E13D9EF71E8AE) (Version: 03/25/2014 4.0.7.4 - Fedict)
Stuurprogrammapakket voor Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.33 - VSO-Software SARL)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-774167087-3708585068-1396899783-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-774167087-3708585068-1396899783-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-774167087-3708585068-1396899783-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-774167087-3708585068-1396899783-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-774167087-3708585068-1396899783-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-774167087-3708585068-1396899783-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
 
==================== Restore Points  =========================
 
12-11-2014 09:26:52 Windows Update
12-11-2014 17:42:54 Geïnstalleerd Easy Computing 15.000 Cliparts
14-11-2014 04:13:00 simplitec Power Suite: Energie besparen (Optimaliseren)
14-11-2014 04:14:57 simplitec Power Suite: Registry opruimen (Fouten verhelpen)
14-11-2014 09:21:06 Geïnstalleerd PC Drukkerij CD's & DVD's versie 6
14-11-2014 09:21:28 Geïnstalleerd Easy Computing - PC Drukkerij CD's & DVD's versie )±
 
15-11-2014 07:15:44 Removed Java 7 Update 7 (64-bit)
16-11-2014 06:57:26 Installed Microsoft Fix it 50692
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2014-11-15 17:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09B2D955-8D46-48DB-81CB-B97804C60739} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {0F9CEDB3-8BBE-4302-B3DA-076C0793AF60} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1F55D593-C44F-4DCE-ABC9-669A390EE296} - System32\Tasks\Softland\FBackup 5\FBackup 5 Tray Agent_Gisele => C:\Program Files (x86)\Softland\FBackup 5\bTray.exe
Task: {28C15568-52AC-4F9E-B8E1-437EF193BF93} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink)
Task: {2F533DB8-0CB7-447F-A55F-5E93BACDD10C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
Task: {3662156F-7604-4060-B28D-562B9F48460F} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {4A1CD95E-D5B6-42FA-AD40-15EC3A9D6302} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {4B5F6003-CB98-46E8-86AA-F780BDF720A8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {50C7D608-2342-47CE-847E-267CE6710DDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
Task: {6632CA4C-9469-40D0-A72D-FBCAEEC5C74F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6634E84D-6931-431F-A2C9-0DF3F1A43B4B} - System32\Tasks\{2683A1CA-06EF-4604-8288-7DA072D4747C} => Iexplore.exe http://ui.skype.com/...tall?page=tsWLM
Task: {6E27E8AA-7D0B-497A-ACC7-1E3080E8E2B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {7E68F999-2C18-4840-9047-F71D2E5BEDA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {82FECA5E-94B7-4AE2-A065-D14BE0F8A0E5} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {BB7EE7DA-CDB1-4147-8ACA-981C37DB5A18} - System32\Tasks\GoogleUpdateTaskMachineCore1cfee6bf72142fd => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-09] (Google Inc.)
Task: {C2438ADD-EA0F-47BC-B92F-F14530AF3AE9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {ED63F08A-521B-483A-B86D-E7925E5901D1} - System32\Tasks\AllmyappsUpdateTask => C:\Users\Gisele\AppData\Roaming\Allmyapps\Allmyapps.exe
Task: {FA1B96D3-E80E-499D-9FC5-430DDC022E81} - System32\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 => C:\Users\Gisele\AppData\Local\Temp\Fixit\DeleteAclKey.bat <==== ATTENTION
Task: {FAA7FCA6-DC14-4FE6-9A8E-3BFCBFF68658} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-09-06] (Microsoft)
Task: C:\Windows\Tasks\0414bUpdateInfo.job => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0814avUpdateInfo.job => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avUpdateInfo.job => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\elbyExecuteWithUAC.job => C:\Program Files (x86)\SlySoft\AnyDVD\ExecuteWithUAC.exe
Task: C:\Windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job => ?
Task: C:\Windows\Tasks\GarminUpdaterTask.job => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8a9ea7de147b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfee6bf72142fd.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGisele.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\{8BE261E3-B96D-4439-BA1F-AAD83FF4FAE1}.job => c:\program files\internet explorer\iexplore.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-10 16:35 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Gisele\Documents\De Kermisklanten - Ik heb eerbied voor jouw grijze haren ( 1970 ).mp3:Roxio EMC Stream
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-774167087-3708585068-1396899783-500 - Administrator - Disabled)
Gast (S-1-5-21-774167087-3708585068-1396899783-501 - Limited - Disabled)
Gisele (S-1-5-21-774167087-3708585068-1396899783-1000 - Administrator - Enabled) => C:\Users\Gisele
HomeGroupUser$ (S-1-5-21-774167087-3708585068-1396899783-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/16/2014 09:25:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/16/2014 08:47:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/16/2014 09:25:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)
 
Error: (11/16/2014 09:25:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (via LRPC)
 
Error: (11/16/2014 09:24:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Microsoft Antimalware Service-service kan vanwege de volgende fout niet worden gestart: 
%%1053
 
Error: (11/16/2014 09:24:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Microsoft Antimalware Service.
 
Error: (11/16/2014 08:47:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (via LRPC)
 
Error: (11/16/2014 08:47:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)
 
Error: (11/16/2014 08:46:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Microsoft Antimalware Service-service kan vanwege de volgende fout niet worden gestart: 
%%1053
 
Error: (11/16/2014 08:46:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Microsoft Antimalware Service.
 
Error: (11/16/2014 08:44:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (11/16/2014 09:25:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/16/2014 08:47:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-15 17:32:45.312
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-11-15 17:32:45.296
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-11-15 17:32:45.265
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-11-15 17:32:45.234
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-11-15 16:41:41.354
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-11-15 16:41:41.339
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-11-15 16:41:41.307
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-11-15 16:41:41.276
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-11-15 14:44:35.518
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2014-11-15 14:44:35.489
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 24%
Total physical RAM: 6040.36 MB
Available physical RAM: 4550.24 MB
Total Pagefile: 12078.9 MB
Available Pagefile: 10557.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.59 GB) (Free:253.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:23.87 GB) (Free:2.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D514C5BB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================

  • 0

#29
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Things are looking better but we still have some work to do. As far as your question on the uninstalls, that was expected so we are OK there. Please follow the instructions below.
 
Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   827bytes   283 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
Step#2 - Re-install/Uninstall the MSE Client
1. Make sure that AVG 2015 in disabled for these steps.
2. Download and install MSE.
3. Once it's installed, reboot even if you are not prompted to.
4. Now go ahead and uninstall MSE from Add/Remove programs.
5. Again reboot even if you are not prompted to.
6. Once again download the MSE removal tool to your desktop. Double-click on the file and simply select Run when prompted and accept the defaults. You may get a message stating that the program wasn't found which is fine. It's important to check that no remnants were identified.
 
 
Step#3 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here.

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG
     
     
  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 

Step#4 - Security Check
 
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

Go ahead and re-enable your AVG 2015 AV to keep yourself protected.

 

 

Items for your next post

1. FRST Fix log
2. Contents of the ESET log file

3. Security Check log

4. How's your machine doing?


  • 0

#30
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 456 posts

FRST fix

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 01
Ran by Gisele at 2014-11-16 14:51:01 Run:2
Running from C:\Users\Gisele\Desktop
Loaded Profile: Gisele (Available profiles: Gisele)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF Plugin HKU\S-1-5-21-774167087-3708585068-1396899783-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
2014-11-12 18:46 - 2014-11-12 18:46 - 00003050 _____ () C:\Windows\System32\Tasks\{10A84920-3E16-4375-9AC1-E08445D4B6BF}
2014-11-14 20:40 - 2012-10-05 18:40 - 00000000 ____D () C:\Users\Gisele\AppData\Roaming\uTorrent
2014-11-10 16:08 - 2012-10-05 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BearShare
Task: {FA1B96D3-E80E-499D-9FC5-430DDC022E81} - System32\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 => C:\Users\Gisele\AppData\Local\Temp\Fixit\DeleteAclKey.bat <==== ATTENTION
Task: C:\Windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job => ?
C:\Windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job
EmptyTemp:

*****************

FF Plugin HKU\S-1-5-21-774167087-3708585068-1396899783-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll No File => Error: No automatic fix found for this entry.
C:\Windows\System32\Tasks\{10A84920-3E16-4375-9AC1-E08445D4B6BF} => Moved successfully.
C:\Users\Gisele\AppData\Roaming\uTorrent => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BearShare => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA1B96D3-E80E-499D-9FC5-430DDC022E81}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA1B96D3-E80E-499D-9FC5-430DDC022E81}" => Key deleted successfully.
C:\Windows\System32\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051" => Key deleted successfully.
C:\Windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job => Moved successfully.
"C:\Windows\Tasks\FixIt_F66956F4-B17B-4115-BBB0-D431EB5C3051.job" => File/Directory not found.
EmptyTemp: => Removed 28.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP