Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer slow [Solved]


  • This topic is locked This topic is locked

#16
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by transit at 2015-04-22 18:19:30 Run:1
Running from C:\Users\transit\Desktop
Loaded Profiles: transit (Available profiles: transit & UpdatusUser & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
Task: {6EE7B04C-350B-4608-BC4E-A60B80BC1693} - System32\Tasks\{6D87EEA5-1509-4B98-A666-FA989574B84C} => C:\Users\transit\AppData\Local\iLivid\iLivid.exe
Task: {76D3377E-7B04-4FC4-8EAD-045851B5482F} - System32\Tasks\{C7ADE54A-98C4-4561-B488-F4AECB96FC7D} => C:\Users\transit\AppData\Local\iLivid\iLivid.exe
Task: {AB9B3EB5-4971-4F7A-9C0E-19135FFA8618} - System32\Tasks\{BBE38C98-3012-450E-8C92-66E8326EBD74} => C:\Users\transit\AppData\Local\iLivid\iLivid.exe
Task: {F6EB4723-55C9-44DE-9544-7C020D42DA2F} - System32\Tasks\{C1C9685A-AA10-481D-A3F6-DD2993E52B97} => pcalua.exe -a "C:\Program Files (x86)\WinZipper\eUninstall.exe" <==== ATTENTION
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Cmd: wevtutil cl application
Cmd: wevtutil cl system
Cmd: wevtutil cl security
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\MountPoints2: {1767b950-20e8-11e1-ab1a-8c89a57d6dd6} - I:\iStudio.exe
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\Run: [Driver Whiz] => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\MountPoints2: {1767b950-20e8-11e1-ab1a-8c89a57d6dd6} - I:\iStudio.exe
GroupPolicyUsers\S-1-5-21-3839137701-2974941544-2065132041-1007\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/we...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> 528CB8441A254254BF9CDE1F824F96E2 URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/we...q={searchTerms}
BHO: cheAp4alL -> {6157f868-f12f-4ba9-804a-09533fccf080} -> C:\Program Files (x86)\cheAp4alL\V7eWClGiRZNClM.x64.dll [2015-04-15] ()
BHO: Louwpriocees -> {a1c8fa6f-f886-4e2c-a175-0e59314e7bd1} -> C:\Program Files (x86)\Louwpriocees\q5bxY2zF9OCIQL.x64.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected]
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=1424876756&from=cmi&uid=ST2000DL003-9VT166_6YD18AWHXXXX6YD18AWH"
EmptyTemp:
*****************
 
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EE7B04C-350B-4608-BC4E-A60B80BC1693}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EE7B04C-350B-4608-BC4E-A60B80BC1693}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6D87EEA5-1509-4B98-A666-FA989574B84C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6D87EEA5-1509-4B98-A666-FA989574B84C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76D3377E-7B04-4FC4-8EAD-045851B5482F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76D3377E-7B04-4FC4-8EAD-045851B5482F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C7ADE54A-98C4-4561-B488-F4AECB96FC7D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C7ADE54A-98C4-4561-B488-F4AECB96FC7D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB9B3EB5-4971-4F7A-9C0E-19135FFA8618}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB9B3EB5-4971-4F7A-9C0E-19135FFA8618}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BBE38C98-3012-450E-8C92-66E8326EBD74} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BBE38C98-3012-450E-8C92-66E8326EBD74}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6EB4723-55C9-44DE-9544-7C020D42DA2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6EB4723-55C9-44DE-9544-7C020D42DA2F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C1C9685A-AA10-481D-A3F6-DD2993E52B97} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C1C9685A-AA10-481D-A3F6-DD2993E52B97}" => Key deleted successfully.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
=========  wevtutil cl application =========
 
 
========= End of CMD: =========
 
 
=========  wevtutil cl system =========
 
 
========= End of CMD: =========
 
 
=========  wevtutil cl security =========
 
 
========= End of CMD: =========
 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value deleted successfully.
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value deleted successfully.
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => value deleted successfully.
"HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1767b950-20e8-11e1-ab1a-8c89a57d6dd6}" => Key deleted successfully.
HKCR\CLSID\{1767b950-20e8-11e1-ab1a-8c89a57d6dd6} => Key not found. 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Whiz => Value not found.
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKCU => Value not found.
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Screensaver => Value not found.
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1767b950-20e8-11e1-ab1a-8c89a57d6dd6} => Key not found. 
HKCR\CLSID\{1767b950-20e8-11e1-ab1a-8c89a57d6dd6} => Key not found. 
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3839137701-2974941544-2065132041-1007\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value.
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\528CB8441A254254BF9CDE1F824F96E2 => Key not found. 
HKCR\CLSID\528CB8441A254254BF9CDE1F824F96E2 => Key not found. 
"HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => Key deleted successfully.
HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6157f868-f12f-4ba9-804a-09533fccf080}" => Key deleted successfully.
"HKCR\CLSID\{6157f868-f12f-4ba9-804a-09533fccf080}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1c8fa6f-f886-4e2c-a175-0e59314e7bd1}" => Key deleted successfully.
"HKCR\CLSID\{a1c8fa6f-f886-4e2c-a175-0e59314e7bd1}" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
Chrome StartupUrls deleted successfully.
EmptyTemp: => Removed 10.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:22:10 ====

  • 0

Advertisements


#17
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-04-22 19:32:18
-----------------------------
19:32:18.752    OS Version: Windows x64 6.1.7601 Service Pack 1
19:32:18.752    Number of processors: 4 586 0x2A07
19:32:18.752    ComputerName: TRANSIT-PC  UserName: transit
19:32:26.146    Initialize success
19:32:26.178    VM: initialized successfully
19:32:26.178    VM: Intel CPU supported 
19:32:30.499    VM: supported disk I/O ataport.SYS
19:34:01.790    AVAST engine defs: 15042201
19:34:47.186    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:34:47.186    Disk 0 Vendor: ST2000DL003-9VT166 CC45 Size: 1907729MB BusType: 11
19:34:47.280    VM: Disk 0 MBR read successfully
19:34:47.280    Disk 0 MBR scan
19:34:47.295    Disk 0 unknown MBR code
19:34:47.295    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:34:47.311    Disk 0 default boot code
19:34:47.327    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1855403 MB offset 206848
19:34:47.358    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        51200 MB offset 3800072192
19:34:47.358    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 3904929792
19:34:47.405    Disk 0 scanning C:\Windows\system32\drivers
19:34:57.482    Service scanning
19:35:18.183    Modules scanning
19:35:18.183    Disk 0 trace - called modules:
19:35:18.199    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
19:35:18.199    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d8e060]
19:35:18.199    3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> [0xfffffa800464e520]
19:35:18.215    5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046c71f0]
19:35:21.350    AVAST engine scan C:\Windows
19:35:25.859    AVAST engine scan C:\Windows\system32
19:37:58.084    AVAST engine scan C:\Windows\system32\drivers
19:38:13.481    AVAST engine scan C:\Users\transit
19:43:07.323    AVAST engine scan C:\ProgramData
19:46:24.726    File: C:\ProgramData\TweakBit\PCCleaner\1.x\Downloads\ASPackage.exe  **INFECTED** Win32:Dropper-gen [Drp]
19:46:27.737    Disk 0 statistics 5228488/0/26 @ 4,79 MB/s
19:46:27.737    Scan finished successfully
20:09:08.184    Disk 0 MBR has been saved successfully to "C:\Users\transit\Desktop\MBR.dat"
20:09:08.184    The log file has been saved successfully to "C:\Users\transit\Desktop\aswMBR.txt"

  • 0

#18
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the information. Let's do another scan and get some logs.

 

Step#1 - FRST Registry Search
 1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the word
Chrome into the Search box and click the Search Registry button.
    Search.JPG
 
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
    saved on your desktop named Search.txt.

 

Step#2 - Malwarebytes Scan

  • Download Malwarebytes to your desktop from here. I had you uninstall this program as you had an older version. This will be the newest.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#3 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 

 

Items for your next post

1. FRST Search log

2. Malwarebytes Log

 


  • 0

#19
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by transit at 2015-04-22 21:21:02
Running from C:\Users\transit\Desktop
Boot Mode: Normal
 
================== Search Registry: "Chrome" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Google Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn]
"SBOEM0"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\content\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\en\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\fr\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\nl\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\skin\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\content\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\en\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\fr\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\nl\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\skin\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\content\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\en\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\fr\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\nl\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\skin\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04C7CF509A130595D8ABB8DFD467F0CC]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\en\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A23A95710AAE2F5998B27350F571F21]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\nl\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E443B6C10B26565E8E6EB13FB83057E]
"65241F7A6CD6A8549AD25BEE7F4992BA"="C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPGoogleChromeLauncher.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\379EBF092025DD056A6ADCE39B6455F7]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\fr\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\612DFF6FFF37A165A84A19C8D123C086]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\skin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\669CC6AE9C5539653BE5381D2595AE2D]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F7E96EAB4AB8CA5DB5D8D16E74E7C10]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9536CA6F1E24ACD59A0265F1F641AD89]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\fr\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A17CD4701DDC59353A1609EC6839CEDC]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\content\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A7FCECFBF0D576D5797DBB2C6A51217B]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\online_bankin[email protected]\chrome\locales\nl\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C33B51D129C165D8B52DB68219E249]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\skin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4AD1EF6CDDD8B35CA900257107B9512]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\en\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBB5AB797F2A58752B3DCBF568E2F1E9]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\en\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD7181B5FABF8253837AEF2B6C19E9D]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\content\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA5D76A87302B2D5CBCF6203DD4934C3]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\skin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3398967EFC839850AD2EC9121A9FC16]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\fr\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E23E6BC016A56A757A765E97157CD7C0]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\content\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E313F56509D10715E8DBC9B99E590C36]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\nl\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F91FE78DBE69D3358809962EDA2BD940]
"DBE70DE8DA22A5147BE11CDA6868C2E2"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]\chrome\locales\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\babylon.ocr.chrome.extension]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Common\Partner\MDNE\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Google Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\No Chrome Offer Until]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap"="-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap"="2.0-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\TBDEn]
"SBOEM0"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D\GameConfigs\Chrome]
[HKEY_USERS\.DEFAULT\Software\Classes\.htm]
""="ChromeHTML"
[HKEY_USERS\.DEFAULT\Software\Classes\.html]
""="ChromeHTML"
[HKEY_USERS\.DEFAULT\Software\Classes\.shtml]
""="ChromeHTML"
[HKEY_USERS\.DEFAULT\Software\Classes\.xht]
""="ChromeHTML"
[HKEY_USERS\.DEFAULT\Software\Classes\.xhtml]
""="ChromeHTML"
[HKEY_USERS\.DEFAULT\Software\Classes\ftp\DefaultIcon]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\.DEFAULT\Software\Classes\ftp\shell\open\command]
""=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\http\DefaultIcon]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\.DEFAULT\Software\Classes\http\shell\open\command]
""=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\https\DefaultIcon]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\.DEFAULT\Software\Classes\https\shell\open\command]
""=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Clients\StartmenuInternet\Google Chrome]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Google\Chrome]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\MostRecentApplication]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\MostRecentApplication]
"Id"="CHROME.EXE54D1CB7F000CDF48"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8e593f76_0]
""="{0.0.0.00000000}.{e7d6a3c0-d591-40e6-9017-1b5fb1aff878}|\Device\HarddiskVolume2\Users\transit\AppData\Local\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a546249a_0]
""="{0.0.0.00000000}.{eed550b8-ae3a-4ccc-90b8-5ad880ca452c}|\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bf6f0ae9_0]
""="{0.0.0.00000000}.{eed550b8-ae3a-4ccc-90b8-5ad880ca452c}|\Device\HarddiskVolume2\Users\transit\AppData\Local\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList]
"c"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList]
"c"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids]
"ChromeHTML"=""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids]
"ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"=""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids]
"ChromeHTML"=""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids]
"ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"=""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pps\OpenWithList]
"c"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithList]
"e"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids]
"ChromeHTML"=""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids]
"ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"=""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"Progid"="ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithList]
"c"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\irc\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\mailto\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\news\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\nntp\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\sms\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\smsto\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\tel\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\urn\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\webcal\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\transit\Downloads\chromeinstall-7u51 (2).exe"="1"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\transit\Downloads\chromeinstall-7u51.exe"="1"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Opera Software]
"Previous Default Browser"=""C:\Users\transit\AppData\Local\Google\Chrome\Application\chrome.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\TeamViewer]
"Buddy_QuickPresExclusions"="chrome.exe
devenv.exe
mediamonkey.exe
msnmsgr.exe
opera.exe
psr.exe
super.exe
wlmail.exe
wlxphotogallery.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Wow6432Node\Google\Chrome]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\MostRecentApplication]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\MostRecentApplication]
"Id"="CHROME.EXE54D1CB7F000CDF48"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a546249a_0]
""="{0.0.0.00000000}.{eed550b8-ae3a-4ccc-90b8-5ad880ca452c}|\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bf6f0ae9_0]
""="{0.0.0.00000000}.{eed550b8-ae3a-4ccc-90b8-5ad880ca452c}|\Device\HarddiskVolume2\Users\transit\AppData\Local\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
""="C:\Users\UpdatusUser\AppData\Local\Google\Chrome\Application\chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
"Path"="C:\Users\UpdatusUser\AppData\Local\Google\Chrome\Application"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList]
"c"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList]
"c"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids]
"ChromeHTML"=""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids]
"ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"=""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids]
"ChromeHTML"=""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids]
"ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"=""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pps\OpenWithList]
"c"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithList]
"e"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids]
"ChromeHTML"=""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids]
"ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"=""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"Progid"="ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"Progid"="ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"Progid"="ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithList]
"c"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayName"="Google Chrome"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"UninstallString"=""C:\Users\transit\AppData\Local\Google\Chrome\Application\40.0.2214.115\Installer\setup.exe" --uninstall --multi-install --chrome"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"InstallLocation"="C:\Users\UpdatusUser\AppData\Local\Google\Chrome\Application"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
"DisplayIcon"="C:\Users\UpdatusUser\AppData\Local\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\irc\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\mailto\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\mms\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\news\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\nntp\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\sms\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\smsto\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\tel\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\urn\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\webcal\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\transit\Downloads\chromeinstall-7u51 (2).exe"="1"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\transit\Downloads\chromeinstall-7u51.exe"="1"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
""=""C:\Users\transit\AppData\Local\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"ServerExecutable"="C:\Users\UpdatusUser\AppData\Local\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007_Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
""=""C:\Users\transit\AppData\Local\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe""
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007_Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"ServerExecutable"="C:\Users\UpdatusUser\AppData\Local\Google\Chrome\Application\40.0.2214.115\delegate_execute.exe"
[HKEY_USERS\S-1-5-18\Software\Classes\.htm]
""="ChromeHTML"
[HKEY_USERS\S-1-5-18\Software\Classes\.html]
""="ChromeHTML"
[HKEY_USERS\S-1-5-18\Software\Classes\.shtml]
""="ChromeHTML"
[HKEY_USERS\S-1-5-18\Software\Classes\.xht]
""="ChromeHTML"
[HKEY_USERS\S-1-5-18\Software\Classes\.xhtml]
""="ChromeHTML"
[HKEY_USERS\S-1-5-18\Software\Classes\ftp\DefaultIcon]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-18\Software\Classes\ftp\shell\open\command]
""=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\http\DefaultIcon]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-18\Software\Classes\http\shell\open\command]
""=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\https\DefaultIcon]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-18\Software\Classes\https\shell\open\command]
""=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"Progid"="ChromeHTML"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"Progid"="ChromeHTML"
 
====== End Of Search ======

  • 0

#20
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".

doesnt get this option.

 

after malwarebytes starts,it mentions that the free tryversion has expired, 

 

and in the right bottom corner it says : licence expired, an two options: my account and renew license.

 

I did download the free version.

 

updated: I updated the malware byte and now it mentions free and green smiley, so ok now. will start scan


Edited by HaraMo, 22 April 2015 - 01:28 PM.

  • 0

#21
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scandatum: 22/04/2015
Scantijd: 21:30:04
Logbestand: 
Beheerder: Ja
 
Versie: 2.01.6.1022
Malware Gegevensbestand: v2015.04.22.05
Rootkit Gegevensbestand: v2015.04.21.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Zelfbescherming: Uitgeschakeld
 
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: transit
 
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 433546
Verstreken Tijd: 12 m, 4 s
 
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Ingeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
 
Processen: 0
(Geen kwaadaardige items gedetecteerd)
 
Modules: 0
(Geen kwaadaardige items gedetecteerd)
 
Registersleutels: 5
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, In Quarantaine, [afee1e5152383afcd4ae2e938d76e31d], 
PUP.Optional.PalMall.A, HKU\S-1-5-18\SOFTWARE\PalMall-nv, In Quarantaine, [aaf3254acfbb3cfa1cdc68616e95f20e], 
PUP.Optional.PalMall.A, HKU\S-1-5-18\SOFTWARE\PalMall-nv-ie, In Quarantaine, [a7f6b9b6701a43f3cb2dccfd9d6651af], 
PUP.Optional.PalMall.A, HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\SOFTWARE\PalMall-nv-ie, In Quarantaine, [0c910b643159de58b642dced8e7515eb], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\13641, In Quarantaine, [dfbe0a65ff8b91a50b91b82a23e0f20e], 
 
Registerwaardes: 2
PUP.Optional.SearchYa.A, HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F47F85FE-AF0F-4C1F-8EB8-EFFDEAA53904}|DisplayName, SearchYa!, In Quarantaine, [762775fa8901e84e68b10354c24311ef]
PUP.Optional.SearchYa.A, HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F47F85FE-AF0F-4C1F-8EB8-EFFDEAA53904}|FaviconURL, http://searchya.com/favicon.ico, In Quarantaine, [0b92006f4b3fd95d7c9d4512b74e28d8]
 
Registerdata: 1
 
Mappen: 5
PUP.Optional.MultiPlug.A, C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjoilhmjjhfpeflkmlhejiaadbgfkgn\242, In Quarantaine, [1489086759318ea8018b15408085b050], 
PUP.Optional.MultiPlug.A, C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjoilhmjjhfpeflkmlhejiaadbgfkgn, In Quarantaine, [1489086759318ea8018b15408085b050], 
PUP.Optional.MultiPlug.A, C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgamelhnfokapndfdodnmfiningckjia\132, In Quarantaine, [d4c97df2a3e755e11a7283d2966f3ec2], 
PUP.Optional.MultiPlug.A, C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgamelhnfokapndfdodnmfiningckjia, In Quarantaine, [d4c97df2a3e755e11a7283d2966f3ec2], 
PUP.Optional.Cheap4all.A, C:\Program Files (x86)\cheAp4alL, In Quarantaine, [54496b04f8922f0773831c3af70e01ff], 
 
Bestanden: 14
PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinstMK_01009.Wdf, Verwijder-bij-Herstart, , 
PUP.Optional.MultiPlug.Uns, C:\ProgramData\salesale\salesale.exe, In Quarantaine, [5845a5ca7317171f28e551eb7c874cb4], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\cheAp4alL\V7eWClGiRZNClM.dll, In Quarantaine, [9607dd92e3a7b87eedbd0939ce34e818], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\cheAp4alL\V7eWClGiRZNClM.x64.dll, In Quarantaine, [c6d7343b3c4efd3923882a188e740cf4], 
PUP.Optional.MultiPlug.A, C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjoilhmjjhfpeflkmlhejiaadbgfkgn\242\lsdb.js, In Quarantaine, [1489086759318ea8018b15408085b050], 
PUP.Optional.MultiPlug.A, C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjoilhmjjhfpeflkmlhejiaadbgfkgn\242\background.html, In Quarantaine, [1489086759318ea8018b15408085b050], 
PUP.Optional.MultiPlug.A, C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjoilhmjjhfpeflkmlhejiaadbgfkgn\242\content.js, In Quarantaine, [1489086759318ea8018b15408085b050], 
PUP.Optional.MultiPlug.A, C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjoilhmjjhfpeflkmlhejiaadbgfkgn\242\manifest.json, In Quarantaine, [1489086759318ea8018b15408085b050], 
PUP.Optional.MultiPlug.A, C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgamelhnfokapndfdodnmfiningckjia\132\lsdb.js, In Quarantaine, [d4c97df2a3e755e11a7283d2966f3ec2], 
PUP.Optional.MultiPlug.A, C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgamelhnfokapndfdodnmfiningckjia\132\background.html, In Quarantaine, [d4c97df2a3e755e11a7283d2966f3ec2], 
PUP.Optional.MultiPlug.A, C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgamelhnfokapndfdodnmfiningckjia\132\content.js, In Quarantaine, [d4c97df2a3e755e11a7283d2966f3ec2], 
PUP.Optional.MultiPlug.A, C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgamelhnfokapndfdodnmfiningckjia\132\manifest.json, In Quarantaine, [d4c97df2a3e755e11a7283d2966f3ec2], 
PUP.Optional.Cheap4all.A, C:\Program Files (x86)\cheAp4alL\V7eWClGiRZNClM.tlb, In Quarantaine, [54496b04f8922f0773831c3af70e01ff], 
PUP.Optional.Cheap4all.A, C:\Program Files (x86)\cheAp4alL\V7eWClGiRZNClM.dat, In Quarantaine, [54496b04f8922f0773831c3af70e01ff], 
 
Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)
 
 
(end)

  • 0

#22
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   8.71KB   229 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 

Step#3 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post
1. FRST Fix Log

2. FRST and Addition log

3. ESET Results

 


  • 0

#23
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by transit at 2015-04-23 06:41:40 Run:2
Running from C:\Users\transit\Desktop
Loaded Profiles: transit & UpdatusUser (Available profiles: transit & UpdatusUser & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google]]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\chrome.exe]
reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn" /v "SBOEM0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google]
reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\TBDEn" /v "SBOEM0"
[HKEY_USERS\.DEFAULT\Software\Classes\.htm]
[HKEY_USERS\.DEFAULT\Software\Classes\.html]
[HKEY_USERS\.DEFAULT\Software\Classes\.shtml]
[HKEY_USERS\.DEFAULT\Software\Classes\.xht]
[HKEY_USERS\.DEFAULT\Software\Classes\.xhtml]
[HKEY_USERS\.DEFAULT\Software\Classes\ftp]
[HKEY_USERS\.DEFAULT\Software\Classes\http]
[HKEY_USERS\.DEFAULT\Software\Classes\https]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Clients\StartmenuInternet\Google Chrome]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Google]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0] 
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8e593f76_0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a546249a_0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bf6f0ae9_0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList]
reg: reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids" /v "ChromeHTML"
reg: reg query "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids" /v "htmlfile"
reg: reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids" /v "ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList]
reg: reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids" /v "ChromeHTML"
reg: reg query "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids" /v "htmlfile"
reg: reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids" /v "ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"
reg: reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids" /v "ChromeHTML"
reg: reg query "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids" /v "shtmlfile"
reg: reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids " /v "ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Wow6432Node\Google]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a546249a_0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bf6f0ae9_0]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
reg: reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids" /v "ChromeHTML"
reg: reg query "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids" /v "htmlfile"
reg: reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids" /v "ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"
reg: reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids" /v "ChromeHTML"
reg: reg query "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids" /v "htmlfile"
reg: reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids" /v "ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"
reg: reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids" /v "ChromeHTML"
reg: reg query "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids" /v "shtmlfile"
reg: reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids" /v "ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA"
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007_Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
[HKEY_USERS\S-1-5-18\Software\Classes\ftp]
[HKEY_USERS\S-1-5-18\Software\Classes\http]
[HKEY_USERS\S-1-5-18\Software\Classes\https]
C:\ProgramData\TweakBit\PCCleaner\1.x\Downloads\ASPackage.exe
EmptyTemp:
*****************
 
Restore point was successfully created.
[HKEY_LOCAL_MACHINE\SOFTWARE\Google]] => Error: No automatic fix found for this entry.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\chrome.exe] => Error: No automatic fix found for this entry.
 
========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TBDEn" /v "SBOEM0" =========
 
Wilt u de registerwaarde SBOEM0 verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google] => Error: No automatic fix found for this entry.
 
========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\TBDEn" /v "SBOEM0" =========
 
Wilt u de registerwaarde SBOEM0 verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
[HKEY_USERS\.DEFAULT\Software\Classes\.htm] => Error: No automatic fix found for this entry.
[HKEY_USERS\.DEFAULT\Software\Classes\.html] => Error: No automatic fix found for this entry.
[HKEY_USERS\.DEFAULT\Software\Classes\.shtml] => Error: No automatic fix found for this entry.
[HKEY_USERS\.DEFAULT\Software\Classes\.xht] => Error: No automatic fix found for this entry.
[HKEY_USERS\.DEFAULT\Software\Classes\.xhtml] => Error: No automatic fix found for this entry.
[HKEY_USERS\.DEFAULT\Software\Classes\ftp] => Error: No automatic fix found for this entry.
[HKEY_USERS\.DEFAULT\Software\Classes\http] => Error: No automatic fix found for this entry.
[HKEY_USERS\.DEFAULT\Software\Classes\https] => Error: No automatic fix found for this entry.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts] => Error: No automatic fix found for this entry.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice] => Error: No automatic fix found for this entry.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Clients\StartmenuInternet\Google Chrome] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Google] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8e593f76_0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a546249a_0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bf6f0ae9_0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList] => Error: No automatic fix found for this entry.
 
========= reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids" /v "ChromeHTML" =========
 
Wilt u de registerwaarde ChromeHTML verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
========= reg query "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids" /v "htmlfile" =========
 
 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
    htmlfile    REG_NONE    
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids" /v "ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA" =========
 
Wilt u de registerwaarde ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList] => Error: No automatic fix found for this entry.
 
========= reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids" /v "ChromeHTML" =========
 
Wilt u de registerwaarde ChromeHTML verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
========= reg query "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids" /v "htmlfile" =========
 
 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids
    htmlfile    REG_NONE    
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids" /v "ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA" =========
 
Wilt u de registerwaarde ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids" /v "ChromeHTML" =========
 
Wilt u de registerwaarde ChromeHTML verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
========= reg query "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids" /v "shtmlfile" =========
 
 
 
Fout: Het systeem kan de opgegeven registersleutel of -waarde niet vinden.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids " /v "ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA" =========
 
Wilt u de registerwaarde ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Wow6432Node\Google] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a546249a_0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bf6f0ae9_0] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe] => Error: No automatic fix found for this entry.
 
========= reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids" /v "ChromeHTML" =========
 
Wilt u de registerwaarde ChromeHTML verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
========= reg query "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids" /v "htmlfile" =========
 
 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
    htmlfile    REG_NONE    
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids" /v "ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA" =========
 
Wilt u de registerwaarde ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids" /v "ChromeHTML" =========
 
Wilt u de registerwaarde ChromeHTML verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
========= reg query "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids" /v "htmlfile" =========
 
 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids
    htmlfile    REG_NONE    
 
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids" /v "ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA" =========
 
Wilt u de registerwaarde ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids" /v "ChromeHTML" =========
 
Wilt u de registerwaarde ChromeHTML verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
 
========= reg query "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids" /v "shtmlfile" =========
 
 
 
Fout: Het systeem kan de opgegeven registersleutel of -waarde niet vinden.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids" /v "ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA" =========
 
Wilt u de registerwaarde ChromeHTML.SYLQD67C4W5BGEQQ6EZQHFDITA verwijderen (Ja/Nee)? De bewerking is voltooid. 
 
========= End of Reg: =========
 
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007_Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-18\Software\Classes\ftp] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-18\Software\Classes\http] => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-18\Software\Classes\https] => Error: No automatic fix found for this entry.
C:\ProgramData\TweakBit\PCCleaner\1.x\Downloads\ASPackage.exe => Moved successfully.
EmptyTemp: => Removed 183.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 06:42:08 ====

  • 0

#24
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by transit (administrator) on TRANSIT-PC on 23-04-2015 06:45:32
Running from C:\Users\transit\Desktop
Loaded Profiles: transit (Available profiles: transit & UpdatusUser & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-03-11] (NVIDIA Corporation)
HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\RunOnce: [Uninstall C:\Users\transit\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\transit\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll [2015-03-20] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll [2015-03-20] (Kaspersky Lab ZAO)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-03-18] (Oracle Corporation)
BHO-x32: Aanmeldhulp voor Microsoft-account -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-03-18] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-08-12] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-03-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-03-18] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-08-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Belgium eID - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-05-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=1424876756&from=cmi&uid=ST2000DL003-9VT166_6YD18AWHXXXX6YD18AWH"
CHR Profile: C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-14]
CHR Extension: (Google Docs) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-14]
CHR Extension: (Google Drive) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-14]
CHR Extension: (YouTube) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-14]
CHR Extension: (Adblock Plus) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-27]
CHR Extension: (Google Search) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-14]
CHR Extension: (Google Sheets) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-14]
CHR Extension: (Google Wallet) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-14]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-12-03]
CHR Extension: (Gmail) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-14]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2012-12-26] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\transit\AppData\Local\Temp\7zS36B0\hpslpsvc64.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVFSFilter; No ImagePath
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 IntcAzAudAddService; No ImagePath
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-03-20] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-03-20] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S0 nvpciflt; No ImagePath
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [169992 2015-04-02] (Windows ® Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
S3 cpuz134; \??\C:\Users\transit\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-22 21:23 - 2015-04-22 21:23 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-22 21:23 - 2015-04-22 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-22 21:21 - 2015-04-22 21:21 - 00035955 _____ () C:\Users\transit\Desktop\Search.txt
2015-04-22 20:09 - 2015-04-22 20:09 - 00002504 _____ () C:\Users\transit\Desktop\aswMBR.txt
2015-04-22 20:09 - 2015-04-22 20:09 - 00000512 _____ () C:\Users\transit\Desktop\MBR.dat
2015-04-22 18:20 - 2015-04-22 18:20 - 05198336 _____ (AVAST Software) C:\Users\transit\Desktop\aswMBR.exe
2015-04-22 14:15 - 2015-04-22 14:18 - 00000000 ____D () C:\AdwCleaner
2015-04-22 14:15 - 2015-04-22 12:24 - 02217984 _____ () C:\Users\transit\Desktop\adwcleaner_4.201.exe
2015-04-22 14:09 - 2015-04-22 14:09 - 00061551 _____ () C:\Users\transit\Desktop\JRT.txt
2015-04-22 14:08 - 2015-04-22 14:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TRANSIT-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-22 14:08 - 2015-04-22 14:08 - 00000000 ____D () C:\RegBackup
2015-04-22 14:07 - 2015-04-22 12:22 - 02685507 _____ (Thisisu) C:\Users\transit\Desktop\JRT.exe
2015-04-22 12:11 - 2015-04-22 12:11 - 00000000 ____D () C:\Users\transit\Documents\Reflect
2015-04-22 12:06 - 2015-04-22 12:06 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2015-04-22 12:06 - 2015-04-22 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2015-04-22 12:06 - 2015-04-22 12:06 - 00000000 ____D () C:\Program Files\Macrium
2015-04-22 12:05 - 2015-04-22 12:06 - 00377892 _____ () C:\Reflect_Install.log
2015-04-22 12:03 - 2015-04-22 12:04 - 00000000 ____D () C:\Users\transit\Downloads\Macrium
2015-04-22 12:03 - 2015-04-22 12:04 - 00000000 ____D () C:\ProgramData\Macrium
2015-04-22 12:02 - 2015-04-22 12:00 - 03545552 _____ (Paramount Software UK Ltd) C:\Users\transit\Desktop\ReflectDL.exe
2015-04-20 00:16 - 2015-03-10 02:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-20 00:16 - 2015-03-10 02:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-20 00:16 - 2015-03-10 02:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-20 00:16 - 2015-03-10 02:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-20 00:16 - 2015-03-10 02:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-20 00:16 - 2015-03-10 02:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-20 00:16 - 2015-03-10 02:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-20 00:16 - 2015-03-10 02:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-20 00:16 - 2015-03-10 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-20 00:16 - 2015-03-10 02:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-20 00:16 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-20 00:16 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-20 00:16 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-20 00:16 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-20 00:16 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-20 00:16 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-20 00:16 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-20 00:16 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-20 00:16 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-20 00:16 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-18 23:57 - 2015-04-22 14:29 - 00037651 _____ () C:\Users\transit\Desktop\Addition.txt
2015-04-18 23:56 - 2015-04-23 06:45 - 00016193 _____ () C:\Users\transit\Desktop\FRST.txt
2015-04-18 23:56 - 2015-04-23 06:45 - 00000000 ____D () C:\FRST
2015-04-18 23:53 - 2015-04-23 06:40 - 00000000 ____D () C:\Users\transit\Desktop\stappen
2015-04-18 23:53 - 2015-04-22 14:28 - 02099712 _____ (Farbar) C:\Users\transit\Desktop\FRST64.exe
2015-04-18 23:31 - 2015-04-18 23:31 - 00000000 ____D () C:\Users\transit\AppData\Local\TeamViewer
2015-04-18 23:30 - 2015-04-18 23:30 - 00000975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-18 15:04 - 2015-04-18 15:04 - 00000000 ____D () C:\Windows\pss
2015-04-18 11:42 - 2015-04-18 11:42 - 00001405 _____ () C:\Users\transit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-17 17:13 - 2015-04-22 19:21 - 00000008 __RSH () C:\Users\transit\ntuser.pol
2015-04-17 15:18 - 2015-04-17 15:18 - 00003030 _____ () C:\Windows\System32\Tasks\{50C37B14-2259-4BCD-B52E-783030EF8F71}
2015-04-17 15:16 - 2015-04-17 15:16 - 00003030 _____ () C:\Windows\System32\Tasks\{9514EDF2-1A91-4E9F-A395-CB65BC391C6E}
2015-04-17 15:11 - 2015-04-17 15:12 - 00009988 _____ () C:\Windows\iis7.log
2015-04-17 14:54 - 2015-04-17 14:54 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-16 22:30 - 2015-04-16 22:30 - 00000169 _____ () C:\Users\transit\Desktop\Google.url
2015-04-15 16:49 - 2015-04-15 16:50 - 00000000 ____D () C:\Program Files (x86)\Select Search
2015-04-15 16:24 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi(72).dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2(73).dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 16:24 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 16:24 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 16:24 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 16:24 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 16:24 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 16:24 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 16:24 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 16:24 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 16:24 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 16:24 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic(41).dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 16:24 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 16:24 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 16:24 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 16:24 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 16:24 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll(56).dll
2015-04-15 16:24 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win(71).dll
2015-04-15 16:24 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64(69).dll
2015-04-15 16:24 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu(70).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv(50).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32(48).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos(47).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore(60).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase(49).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel(57).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0(52).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt(55).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 16:24 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv(68).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest(65).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli(61).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss(59).exe
2015-04-15 16:24 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg(63).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv(44).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv(62).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32(58).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp(43).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 16:24 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 16:24 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 16:24 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass(51).exe
2015-04-15 16:24 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 16:24 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema(42).dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 16:24 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 16:24 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll(79).dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32(80).dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 16:24 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32(77).dll
2015-04-15 16:24 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase(78).dll
2015-04-15 16:24 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli(81).dll
2015-04-15 16:24 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 16:24 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 16:24 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp(74).dll
2015-04-15 16:24 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 16:24 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 16:24 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 16:24 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 16:24 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:24 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil(46).dll
2015-04-15 16:24 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(76).dll
2015-04-15 16:24 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet(67).dll
2015-04-15 16:24 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon(64).dll
2015-04-15 16:24 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet(83).dll
2015-04-15 16:24 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(82).dll
2015-04-15 16:24 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3(53).dll
2015-04-15 16:24 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r(54).dll
2015-04-15 16:24 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 16:24 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 16:24 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32(45).dll
2015-04-15 16:24 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32(75).dll
2015-04-15 16:24 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 16:23 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 16:23 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 16:23 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-02 02:26 - 2015-04-02 02:26 - 00169992 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\psmounterex.sys
2015-03-28 10:17 - 2015-03-28 10:17 - 00000000 ____D () C:\Users\transit\AppData\Local\NVIDIA
2015-03-28 10:10 - 2015-04-16 18:05 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-28 10:10 - 2015-03-28 10:10 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-28 10:09 - 2015-03-28 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-28 10:09 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-28 09:49 - 2015-03-28 09:49 - 00000998 _____ () C:\Users\transit\Desktop\Apple iPhone - Snelkoppeling.lnk
2015-03-28 09:09 - 2015-03-28 09:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-03-28 09:05 - 2015-03-28 09:05 - 00000382 _____ () C:\Windows\DirectX.log
2015-03-28 09:04 - 2015-03-28 09:04 - 00002210 _____ () C:\Users\transit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-25 11:15 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 16:22 - 2015-03-25 14:51 - 00002012 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 06:43 - 2015-03-20 15:15 - 00007551 _____ () C:\Windows\setupact.log
2015-04-23 06:43 - 2015-03-20 15:14 - 00013992 _____ () C:\Windows\PFRO.log
2015-04-23 06:43 - 2011-09-06 00:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-23 06:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 06:42 - 2011-12-07 17:27 - 01405191 _____ () C:\Windows\WindowsUpdate.log
2015-04-23 06:33 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 06:33 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-22 21:54 - 2012-05-17 09:39 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-22 21:49 - 2014-05-05 17:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-22 21:46 - 2014-05-05 17:27 - 00000000 ____D () C:\Windows\hpojj4500
2015-04-22 21:45 - 2015-03-17 02:14 - 00000000 ____D () C:\ProgramData\salesale
2015-04-22 21:23 - 2014-05-05 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-22 19:21 - 2011-12-07 17:33 - 00000000 ____D () C:\Users\transit
2015-04-22 18:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-22 14:30 - 2012-05-17 11:43 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-22 14:18 - 2015-01-09 15:33 - 00000000 ____D () C:\Windows\system32\log
2015-04-22 12:12 - 2015-03-20 19:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-22 12:10 - 2011-05-16 16:47 - 00854064 _____ () C:\Windows\system32\perfh013.dat
2015-04-22 12:10 - 2011-05-16 16:47 - 00192888 _____ () C:\Windows\system32\perfc013.dat
2015-04-22 12:10 - 2009-07-14 07:13 - 01943218 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-22 11:49 - 2014-01-26 21:36 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{401E2AD1-3D61-4E10-AEA2-12D09233DAF5}
2015-04-19 13:02 - 2009-07-14 06:45 - 00358224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-18 23:34 - 2011-12-07 17:34 - 00088536 _____ () C:\Users\transit\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-18 23:31 - 2012-05-15 20:12 - 00000000 ____D () C:\Users\transit\AppData\Roaming\TeamViewer
2015-04-18 15:01 - 2014-10-04 13:34 - 00000000 ____D () C:\Users\transit\AppData\Local\Unity
2015-04-18 13:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-18 12:38 - 2012-01-25 15:36 - 01916950 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-18 10:09 - 2015-03-23 19:57 - 00001829 _____ () C:\Windows\system32\ScanResults.xml
2015-04-18 10:04 - 2015-03-23 19:55 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-04-17 15:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-17 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-04-17 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-04-17 15:07 - 2011-04-12 10:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-17 15:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-04-17 15:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-04-17 14:54 - 2012-05-17 09:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 14:54 - 2012-05-17 09:39 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-17 14:54 - 2011-08-10 21:09 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 14:18 - 2015-03-02 15:33 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-17 14:18 - 2015-02-25 16:22 - 00000000 ____D () C:\ProgramData\{73ae9642-a57e-1a36-73ae-e9642a57590a}
2015-04-17 14:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-16 19:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 18:06 - 2014-12-11 04:23 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 18:06 - 2014-04-30 15:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 18:05 - 2014-03-25 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-16 18:05 - 2011-12-07 17:28 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-16 18:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-16 18:02 - 2011-12-07 17:47 - 00000000 ____D () C:\Users\transit\AppData\Local\Google
2015-04-16 03:13 - 2013-08-15 08:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 03:05 - 2011-07-18 22:31 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 16:50 - 2015-03-10 14:26 - 00000000 ____D () C:\ProgramData\5786049068603124795
2015-04-14 09:37 - 2014-05-05 17:19 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-05-05 17:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-05-05 17:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-28 10:09 - 2014-05-02 17:27 - 00000000 ____D () C:\temp
2015-03-28 10:09 - 2011-08-11 23:24 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-28 10:09 - 2011-08-11 23:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-28 09:10 - 2011-07-18 22:51 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-03-26 11:35 - 2014-05-05 19:20 - 00000000 ____D () C:\Users\transit\AppData\Roaming\HpUpdate
2015-03-24 16:15 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
 
==================== Files in the root of some directories =======
 
2012-05-15 16:33 - 2012-05-15 16:33 - 0002116 _____ () C:\Program Files (x86)\INSTALL.LOG
2011-12-07 20:25 - 2011-12-07 20:25 - 0020816 _____ () C:\Users\transit\AppData\Roaming\UserTile.png
2013-12-19 14:17 - 2014-10-09 13:17 - 0000167 _____ () C:\Users\transit\AppData\Roaming\WB.CFG
2014-05-05 19:19 - 2014-05-05 19:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-08 23:52 - 2012-01-08 23:52 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-01-09 00:09 - 2012-01-09 00:09 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-05-04 19:58 - 2014-05-05 19:15 - 0015205 _____ () C:\ProgramData\hpzinstall.log
2014-05-02 19:33 - 2014-05-02 19:33 - 0000256 _____ () C:\ProgramData\lxee.log
2012-01-09 00:13 - 2012-02-14 10:43 - 0046798 _____ () C:\ProgramData\lxeeJSW.log
2012-01-08 23:57 - 2014-05-02 19:33 - 0109051 _____ () C:\ProgramData\lxeescan.log
2012-01-08 23:52 - 2012-01-08 23:52 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-01-08 23:52 - 2012-01-08 23:52 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-16 19:21
 
==================== End Of Log ============================

  • 0

#25
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by transit at 2015-04-23 06:46:25
Running from C:\Users\transit\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
Belgium e-ID middleware 4.0.5 (build 7363) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207363}) (Version: 4.0.7363 - Belgian Government)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DealPly (HKU\.DEFAULT\...\DealPly) (Version:  - ) <==== ATTENTION
DJ2540FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
HP Deskjet 2540 series Basissoftware van het apparaat (HKLM\...\{A7F14256-6DC6-458A-A92D-B5EEF79429AB}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{50467ECF-F6A9-40EC-A649-67EB6FAD9894}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7299 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware versie 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klik-en-Klaar 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Nederlands (HKLM-x32\...\{90140011-0066-0413-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0413-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{C6DB958A-50CC-481B-9ED8-3BAD236F7B49}) (Version: 7601 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
NVIDIA 3D Vision stuurprogramma 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Grafisch stuurprogramma 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Productverbeteringsonderzoek voor HP Deskjet 2540 series (HKLM\...\{08FB88A2-3FB6-4E82-AD55-393EBAD0E967}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version:  - )
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stuurprogrammapakket voor Windows - Fedict SmartCard  (10/04/2011 4.0.0.5) (HKLM\...\3FE3642036A0F4AEC17772437CE14BB1E67006AA) (Version: 10/04/2011 4.0.0.5 - Fedict)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\transit\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\transit\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
17-04-2015 14:59:26 Removed Adobe Reader XI (11.0.10) - Nederlands.
17-04-2015 15:01:06 Removed Adobe Reader XI (11.0.10) - Nederlands.
17-04-2015 15:30:35 Installatieprogramma voor Windows-modules
17-04-2015 16:27:26 Installed SLOW-PCfighter.
17-04-2015 16:30:32 Fighters Backup
17-04-2015 17:18:39 exploter
18-04-2015 10:25:51 Installatieprogramma voor Windows-modules
18-04-2015 11:02:50 Herstelbewerking
18-04-2015 11:22:43 Installatieprogramma voor Windows-modules
18-04-2015 12:33:46 Removed Java 7 Update 76 (64-bit)
18-04-2015 12:36:53 Windows Update
20-04-2015 00:17:31 Windows Update
22-04-2015 12:05:39 Installed Macrium Reflect Free Edition
22-04-2015 18:14:07 Installed Microsoft Fix it 50906
22-04-2015 18:19:41 Restore Point Created by FRST
23-04-2015 06:41:45 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {004A59DD-0CD0-48FE-AD8E-50037D0B5211} - System32\Tasks\{81C5B759-FF0B-46CE-84A8-89D669780F07} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {07511566-5EFA-44D8-B54A-96A839FB4940} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {08AD675C-78E2-4C28-A195-03D5E3092C32} - System32\Tasks\{ED19E1C3-8C8E-4068-ABBB-3F14C0916900} => C:\digosoft\digo.exe [2012-05-21] ()
Task: {0EF33F4E-247B-4A59-8ECC-AF1CD752B9A3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {1151529D-38AE-46EC-A02B-1363A1A8D351} - System32\Tasks\{97043C5F-54E3-4B29-90E1-55167C3C6216} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {126D4E91-3891-4847-BAC8-47720DEE87F7} - System32\Tasks\{A80688EE-9AEB-414D-AC41-9BCEF6B0A689} => C:\Users\transit\Desktop\POLAX\polax\Polax.exe
Task: {1CCC9F0E-4523-4FF0-8190-DCABF2C96743} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1E8A395B-EA24-4F17-A9B9-5DCBC117B411} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1FDB7AF3-6786-4302-8BCD-5E78A5EB1322} - System32\Tasks\{87DCE43B-5D3C-4981-81B8-CEB1BB2F98AE} => pcalua.exe -a C:\Users\transit\Desktop\windows-live-messenger.exe -d C:\Users\transit\Desktop
Task: {2915B59A-96C8-413C-A63A-7B77B25EEE95} - System32\Tasks\{E6B6C12B-5E62-46A2-8B7B-01F892CD7BA3} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {2A21520C-26AF-4116-830A-5CF06BBFDF92} - System32\Tasks\{0B90DE2A-AFE4-4574-963D-5387DCAACE9E} => C:\Users\transit\AppData\Local\iLivid\iLivid.exe
Task: {2D5904E5-E1C4-4A0F-AACA-053FA1F77000} - System32\Tasks\{BECA6EBB-F09F-40F9-999B-6BEACA975A2F} => C:\Users\transit\Desktop\POLAX\polax\Polax.exe
Task: {2F30E610-459D-4D12-BD13-0ABB00195095} - System32\Tasks\{476E3058-9339-41F6-8093-F6DAEF21E489} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {3F6AF2EE-DC50-42CD-B263-93F949D28BA8} - System32\Tasks\{27219742-9C26-4399-988F-BEC36EBA342D} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {451ED1C6-E3C9-493D-9153-E7A4C10FBB45} - System32\Tasks\{A524AE01-64F6-4CF1-B185-84C161D68BE2} => C:\digosoft\digo.exe [2012-05-21] ()
Task: {5C676637-9DF8-4509-90A0-6E757725816D} - System32\Tasks\{50C37B14-2259-4BCD-B52E-783030EF8F71} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe [2014-08-30] (Kaspersky Lab ZAO)
Task: {6BAF0B69-9610-4F68-9B26-CEB692D234C0} - System32\Tasks\{D24854C4-754C-4629-BD4B-4E64A4182239} => Chrome.exe 
Task: {6CF08229-C3E1-464D-9312-FF1BF08D0168} - System32\Tasks\{D01BDC77-7FD7-4F19-906D-BEBBA2C8913B} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {7226CC10-B3A4-459C-92A5-8C0B954CF9AC} - System32\Tasks\{1E44404E-8B72-452D-8498-10DBE60EBF0C} => C:\digosoft\digo.exe [2012-05-21] ()
Task: {790CA437-1925-47B9-BBF9-AF4335C11EB7} - System32\Tasks\{A02B6ABC-C50D-4680-8DE7-FE0BDDBE7928} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {7A4E990B-41D0-4B85-ACC0-A704048BF869} - System32\Tasks\{3A580740-5F12-4B2B-8145-B4F2CE15A9E3} => pcalua.exe -a "C:\Users\transit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYUPHMOW\pure9.1.0.124nl.exe" -d C:\Users\transit\Desktop
Task: {808A239B-CB70-4D90-AB08-AB860F7264F8} - System32\Tasks\{F00A7E00-4D5B-4D15-BFF3-9B4AAB175A3D} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {86F8AE53-DF9F-4C53-96D3-179E0C50B287} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9F41D46B-DAA2-4CDC-A46D-623B99643A20} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {A6CC5361-E4B6-4588-9DFF-9052C8B45294} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A939B57B-4C43-48E4-8DAE-6DEFE4B00EAD} - System32\Tasks\{2B42464D-0E58-47A4-BDC6-382E841EBACE} => C:\digosoft\digo.exe [2012-05-21] ()
Task: {AA04715B-CD3D-4F3C-B269-FEE890575CDB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {AF2A9AB9-97D3-4EA9-B3AE-DA5FD740A58B} - System32\Tasks\{E3B9F4CA-63AA-40C4-812A-881CB1B4DF80} => Chrome.exe 
Task: {B322BBB8-3653-4A4E-985A-4D968C505D33} - System32\Tasks\{9514EDF2-1A91-4E9F-A395-CB65BC391C6E} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe [2014-08-30] (Kaspersky Lab ZAO)
Task: {B4B832A9-9CF0-4976-AE45-B9914FBF119F} - System32\Tasks\{49A2827B-1E9E-4142-91E3-550C21B01A4D} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {C2F93822-6370-4737-9FED-70C4EDDC985B} - System32\Tasks\{0E904838-A6D6-49E6-94C9-9148A50BB3EE} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {C536211A-2615-4B22-95BC-9D101DC8BE33} - System32\Tasks\{F6EA5C37-FEF5-467C-ABDE-771B8D998DCB} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {CA1E189F-5F29-4FC4-8EEA-DEF423E7D23B} - System32\Tasks\{17EFE308-059E-46D6-8B1C-70226613F8D6} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {D2093C2A-9D5E-43AF-9CEE-8CB05D511518} - System32\Tasks\{B6273C86-F98D-47D9-90F5-220E9D9E406A} => Chrome.exe 
Task: {DCF6A5C4-1955-415D-9FCB-28D6E13E67E7} - System32\Tasks\{7D4AD985-F398-41DA-A952-F9C1266F2381} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {DDF08966-2A52-4923-8C81-EF4A0BEAE5FA} - System32\Tasks\{A1E12A37-0C30-495B-8528-02D0F981C87C} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {E030BAE9-671C-4B06-B532-01D38F6263C8} - System32\Tasks\{687B5129-7122-4341-80E4-56FEE542F839} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {E212C79A-5141-40D2-AEB5-18D833D0336C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {FAEAA3EA-2394-4704-9FA8-E0E353FA964C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-05-05 20:56 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-09 00:18 - 2009-05-18 09:40 - 00053760 _____ () C:\Windows\System32\LXEEPMON.DLL
2012-01-09 00:18 - 2009-01-13 15:15 - 04485120 _____ () C:\Windows\System32\LXEEOEM.DLL
2012-01-08 23:58 - 2009-11-04 15:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\transit\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^transit^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperOptimizer.lnk => C:\Windows\pss\SuperOptimizer.lnk.Startup
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3839137701-2974941544-2065132041-500 - Administrator - Disabled)
Gast (S-1-5-21-3839137701-2974941544-2065132041-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3839137701-2974941544-2065132041-1010 - Limited - Enabled)
transit (S-1-5-21-3839137701-2974941544-2065132041-1002 - Administrator - Enabled) => C:\Users\transit
UpdatusUser (S-1-5-21-3839137701-2974941544-2065132041-1007 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/23/2015 06:41:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {e8fca787-d916-43a1-8128-09e9346faff3}
 
 
System errors:
=============
Error: (04/23/2015 06:27:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De HP Network Devices Support-service is gestopt met de volgende foutcode: 
%%126.
 
Error: (04/23/2015 06:24:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Function Discovery Resource Publication-service is gestopt met de volgende foutcode: 
%%-2147014847.
 
Error: (04/22/2015 09:56:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De HP Network Devices Support-service is gestopt met de volgende foutcode: 
%%126.
 
Error: (04/22/2015 09:49:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De HP Network Devices Support-service is gestopt met de volgende foutcode: 
%%126.
 
Error: (04/22/2015 07:24:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De HP Network Devices Support-service is gestopt met de volgende foutcode: 
%%126.
 
Error: (04/22/2015 07:21:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Function Discovery Resource Publication-service is gestopt met de volgende foutcode: 
%%-2147014847.
 
 
Microsoft Office Sessions:
=========================
Error: (04/23/2015 06:41:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Toegang geweigerd.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {e8fca787-d916-43a1-8128-09e9346faff3}
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-04-26 10:59:24.325
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\Users\transit\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2012-04-26 10:59:24.315
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\Users\transit\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 28%
Total physical RAM: 4077.64 MB
Available physical RAM: 2919.01 MB
Total Pagefile: 8153.47 MB
Available Pagefile: 6949.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1722.7 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:45.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
 
==================== End Of Log ============================

  • 0

Advertisements


#26
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
C:\$RECYCLE.BIN\S-1-5-21-3839137701-2974941544-2065132041-1002\$RIQG7KB\DJ2540_188.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Express\LanguageSelect.exe.vir Win32/ReImageRepair.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Express\ReimageExpress.exe.vir Win32/ReImageRepair.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Louwpriocees\q5bxY2zF9OCIQL.dll.vir a variant of Win32/Adware.MultiPlug.FL application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Louwpriocees\q5bxY2zF9OCIQL.x64.dll.vir a variant of Win64/Adware.MultiPlug.G application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir Win32/DealPly.B potentially unwanted application
C:\b582f1fe-aaf5-4fad-9aaa-b2cf00ffc9d3\InstallerHelper.dll a variant of Win32/Bundlore.Q potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\TweakBit\PCCleaner\1.x\Downloads\ASPackage.exe.xBAD Win32/VOPackage.BW potentially unwanted application
C:\ProgramData\TweakBit\PCCleaner\1.x\Rescue\PCCleaner\150302121410678.rsc a variant of Win32/ReImageRepair.E potentially unwanted application
C:\ProgramData\TweakBit\PCCleaner\1.x\Rescue\PCCleaner\150317152126582.rsc Win32/ReImageRepair.F potentially unwanted application
C:\ProgramData\TweakBit\PCCleaner\1.x\Rescue\PCCleaner\150318091551958.rsc Win32/ReImageRepair.F potentially unwanted application
C:\ProgramData\TweakBit\PCCleaner\1.x\Rescue\PCCleaner\150318164649950.rsc a variant of Win32/AdGazelle.D potentially unwanted application
C:\ProgramData\TweakBit\PCCleaner\1.x\Rescue\PCCleaner\150320102858044.rsc Win32/ReImageRepair.F potentially unwanted application
C:\ProgramData\{73ae9642-a57e-1a36-73ae-e9642a57590a}\SuperOptimizer.exe Win32/Adware.SpeedingUpMyPC.Y application
C:\Users\All Users\TweakBit\PCCleaner\1.x\Rescue\PCCleaner\150302121410678.rsc a variant of Win32/ReImageRepair.E potentially unwanted application
C:\Users\All Users\TweakBit\PCCleaner\1.x\Rescue\PCCleaner\150317152126582.rsc Win32/ReImageRepair.F potentially unwanted application
C:\Users\All Users\TweakBit\PCCleaner\1.x\Rescue\PCCleaner\150318091551958.rsc Win32/ReImageRepair.F potentially unwanted application
C:\Users\All Users\TweakBit\PCCleaner\1.x\Rescue\PCCleaner\150318164649950.rsc a variant of Win32/AdGazelle.D potentially unwanted application
C:\Users\All Users\TweakBit\PCCleaner\1.x\Rescue\PCCleaner\150320102858044.rsc Win32/ReImageRepair.F potentially unwanted application
C:\Users\All Users\{73ae9642-a57e-1a36-73ae-e9642a57590a}\SuperOptimizer.exe Win32/Adware.SpeedingUpMyPC.Y application
C:\Windows\Installer\{2EAA4D9D-6711-4F31-9961-6A7906480399}\faq_8A71AEBB623B46A0B934103F1A762800.exe a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{2EAA4D9D-6711-4F31-9961-6A7906480399}\LicenseShortcut_303A72A482D54D67B5D168C047EE3E11.exe a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{2EAA4D9D-6711-4F31-9961-6A7906480399}\LogFilesCollectorS_95204E1E4B3B4767821B1FAD987C2D2D.exe a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{2EAA4D9D-6711-4F31-9961-6A7906480399}\MainExe32Shortcut1_8A7FE1F5DFFF4F28A38F8DECA8F9F72A.exe a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{2EAA4D9D-6711-4F31-9961-6A7906480399}\MainExe32Shortcut_B53671B5D9A445549437680533116875.exe a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{2EAA4D9D-6711-4F31-9961-6A7906480399}\NewShortcut10_87735DA8B8974C24BDFBDDE8F2D2DF1A.exe a variant of Win32/SlowPCfighter.A potentially unwanted application
C:\Windows\Installer\{2EAA4D9D-6711-4F31-9961-6A7906480399}\UninstallIcon.exe a variant of Win32/SlowPCfighter.A potentially unwanted application
D:\Tools\MEDION MediaPack 2\Setup.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application

  • 0

#27
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you for the info. How is your machine doing? I made a mistake in my previous fix so I'd like you to run one more. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   5.68KB   115 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.

 

Step#3 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
 
 
Items for your next post

1. FRST Fix log
2. FRST and Addition logs

3. Security Check log


  • 0

#28
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
ALL logs are here to find: computer is running better, only the browser IE seems to behave strange, if i enter google.be i don't see the google image, is this normal?
 
if i shutdown the pc, before the screen 'is closing' appears , for a second a white screen appears, same at startup, before the desktop appears a white screen (complete screen) appears for a second.
 
internet connection takes time to connect after startup: you see the blue circle on the networkicon at the bottom but this circle is not moving, but after some minutes internet connection works ok.
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by transit at 2015-04-23 18:45:17 Run:3
Running from C:\Users\transit\Desktop
Loaded Profiles: transit & UpdatusUser (Available profiles: transit & UpdatusUser & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google]]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\chrome.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google]
[-HKEY_USERS\.DEFAULT\Software\Classes\.htm]
[-HKEY_USERS\.DEFAULT\Software\Classes\.html]
[-HKEY_USERS\.DEFAULT\Software\Classes\.shtml]
[-HKEY_USERS\.DEFAULT\Software\Classes\.xht]
[-HKEY_USERS\.DEFAULT\Software\Classes\.xhtml]
[-HKEY_USERS\.DEFAULT\Software\Classes\ftp]
[-HKEY_USERS\.DEFAULT\Software\Classes\http]
[-HKEY_USERS\.DEFAULT\Software\Classes\https]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Clients\StartmenuInternet\Google Chrome]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Google]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8e593f76_0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a546249a_0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bf6f0ae9_0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Wow6432Node\Google]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a546249a_0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bf6f0ae9_0]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
[-HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007_Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}]
[-HKEY_USERS\S-1-5-18\Software\Classes\ftp]
[-HKEY_USERS\S-1-5-18\Software\Classes\http]
[-HKEY_USERS\S-1-5-18\Software\Classes\https]
C:\ProgramData\TweakBit
C:\ProgramData\{73ae9642-a57e-1a36-73ae-e9642a57590a}
C:\Users\All Users\TweakBit
C:\Users\All Users\{73ae9642-a57e-1a36-73ae-e9642a57590a}
C:\Windows\Installer\{2EAA4D9D-6711-4F31-9961-6A7906480399}
D:\Tools\MEDION MediaPack 2\Setup.exe
EmptyTemp:
*****************
 
Restore point was successfully created.
HKEY_LOCAL_MACHINE\SOFTWARE\Google] => Key not found. 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\chrome.exe => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google => Key Deleted Successfully.
HKEY_USERS\.DEFAULT\Software\Classes\.htm => Key Deleted successfully.
HKEY_USERS\.DEFAULT\Software\Classes\.html => Key Deleted successfully.
HKEY_USERS\.DEFAULT\Software\Classes\.shtml => Key Deleted successfully.
HKEY_USERS\.DEFAULT\Software\Classes\.xht => Key Deleted successfully.
HKEY_USERS\.DEFAULT\Software\Classes\.xhtml => Key Deleted successfully.
HKEY_USERS\.DEFAULT\Software\Classes\ftp => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\.DEFAULT\Software\Classes\ftp => Key Deleted Successfully.
HKEY_USERS\.DEFAULT\Software\Classes\http => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\.DEFAULT\Software\Classes\http => Key Deleted Successfully.
HKEY_USERS\.DEFAULT\Software\Classes\https => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\.DEFAULT\Software\Classes\https => Key Deleted Successfully.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts => Key Deleted Successfully.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice => Key Deleted successfully.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Shell => Key Deleted Successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Clients\StartmenuInternet\Google Chrome => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Clients\StartmenuInternet\Google Chrome => Key Deleted Successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Google => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Google => Key Deleted Successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0 => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0 => Key not found. 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0 => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0 => Key not found. 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0 => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0 => Key not found. 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48 => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48 => Key not found. 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8e593f76_0 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8e593f76_0 => Key Deleted Successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a546249a_0 => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bf6f0ae9_0 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bf6f0ae9_0 => Key Deleted Successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Wow6432Node\Google => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Wow6432Node\Google => Key Deleted Successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0 => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51E03646000CE9D0 => Key not found. 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0 => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0 => Key not found. 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0 => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0 => Key not found. 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0 => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE5237A3C2000CA7D0 => Key not found. 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48 => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\DirectInput\CHROME.EXE54D1CB7F000CDF48 => Key not found. 
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a546249a_0 => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bf6f0ae9_0 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\bf6f0ae9_0 => Key Deleted Successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome => Key Deleted successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B} => Key Deleted Successfully.
HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007_Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B} => Key not found. 
HKEY_USERS\S-1-5-18\Software\Classes\ftp => Key not found. 
HKEY_USERS\S-1-5-18\Software\Classes\http => Key not found. 
HKEY_USERS\S-1-5-18\Software\Classes\https => Key not found. 
C:\ProgramData\TweakBit => Moved successfully.
C:\ProgramData\{73ae9642-a57e-1a36-73ae-e9642a57590a} => Moved successfully.
"C:\Users\All Users\TweakBit" => File/Directory not found.
"C:\Users\All Users\{73ae9642-a57e-1a36-73ae-e9642a57590a}" => File/Directory not found.
C:\Windows\Installer\{2EAA4D9D-6711-4F31-9961-6A7906480399} => Moved successfully.
D:\Tools\MEDION MediaPack 2\Setup.exe => Moved successfully.
EmptyTemp: => Removed 11.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:47:03 ====
 
 
 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by transit (administrator) on TRANSIT-PC on 23-04-2015 19:01:12
Running from C:\Users\transit\Desktop
Loaded Profiles: transit & UpdatusUser (Available profiles: transit & UpdatusUser & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-03-11] (NVIDIA Corporation)
HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\RunOnce: [Uninstall C:\Users\transit\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\transit\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\Run: [Driver Whiz] => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\MountPoints2: {1767b950-20e8-11e1-ab1a-8c89a57d6dd6} - I:\iStudio.exe
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll [2015-03-20] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll [2015-03-20] (Kaspersky Lab ZAO)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> 528CB8441A254254BF9CDE1F824F96E2 URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {2077B4E2-3ADF-4315-BC05-B46E93073FAA} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {F47F85FE-AF0F-4C1F-8EB8-EFFDEAA53904} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-03-18] (Oracle Corporation)
BHO-x32: Aanmeldhulp voor Microsoft-account -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-03-18] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-08-12] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-03-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-03-18] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-08-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Belgium eID - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-05-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hppp&ts=1424876756&from=cmi&uid=ST2000DL003-9VT166_6YD18AWHXXXX6YD18AWH"
CHR Profile: C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-14]
CHR Extension: (Google Docs) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-14]
CHR Extension: (Google Drive) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-14]
CHR Extension: (YouTube) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-14]
CHR Extension: (Adblock Plus) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-27]
CHR Extension: (Google Search) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-14]
CHR Extension: (Google Sheets) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-14]
CHR Extension: (Google Wallet) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-14]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-12-03]
CHR Extension: (Gmail) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-14]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2012-12-26] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\transit\AppData\Local\Temp\7zS36B0\hpslpsvc64.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVFSFilter; No ImagePath
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 IntcAzAudAddService; No ImagePath
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-03-20] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-03-20] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S0 nvpciflt; No ImagePath
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [169992 2015-04-02] (Windows ® Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
S3 cpuz134; \??\C:\Users\transit\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 18:45 - 2015-04-23 18:45 - 00852616 _____ () C:\Users\transit\Desktop\SecurityCheck.exe
2015-04-22 21:23 - 2015-04-22 21:23 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-22 21:23 - 2015-04-22 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-22 21:21 - 2015-04-22 21:21 - 00035955 _____ () C:\Users\transit\Desktop\Search.txt
2015-04-22 20:09 - 2015-04-22 20:09 - 00002504 _____ () C:\Users\transit\Desktop\aswMBR.txt
2015-04-22 20:09 - 2015-04-22 20:09 - 00000512 _____ () C:\Users\transit\Desktop\MBR.dat
2015-04-22 18:20 - 2015-04-22 18:20 - 05198336 _____ (AVAST Software) C:\Users\transit\Desktop\aswMBR.exe
2015-04-22 14:15 - 2015-04-22 14:18 - 00000000 ____D () C:\AdwCleaner
2015-04-22 14:15 - 2015-04-22 12:24 - 02217984 _____ () C:\Users\transit\Desktop\adwcleaner_4.201.exe
2015-04-22 14:09 - 2015-04-22 14:09 - 00061551 _____ () C:\Users\transit\Desktop\JRT.txt
2015-04-22 14:08 - 2015-04-22 14:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TRANSIT-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-22 14:08 - 2015-04-22 14:08 - 00000000 ____D () C:\RegBackup
2015-04-22 14:07 - 2015-04-22 12:22 - 02685507 _____ (Thisisu) C:\Users\transit\Desktop\JRT.exe
2015-04-22 12:11 - 2015-04-22 12:11 - 00000000 ____D () C:\Users\transit\Documents\Reflect
2015-04-22 12:06 - 2015-04-22 12:06 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2015-04-22 12:06 - 2015-04-22 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2015-04-22 12:06 - 2015-04-22 12:06 - 00000000 ____D () C:\Program Files\Macrium
2015-04-22 12:05 - 2015-04-22 12:06 - 00377892 _____ () C:\Reflect_Install.log
2015-04-22 12:03 - 2015-04-22 12:04 - 00000000 ____D () C:\Users\transit\Downloads\Macrium
2015-04-22 12:03 - 2015-04-22 12:04 - 00000000 ____D () C:\ProgramData\Macrium
2015-04-22 12:02 - 2015-04-22 12:00 - 03545552 _____ (Paramount Software UK Ltd) C:\Users\transit\Desktop\ReflectDL.exe
2015-04-20 00:16 - 2015-03-10 02:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-20 00:16 - 2015-03-10 02:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-20 00:16 - 2015-03-10 02:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-20 00:16 - 2015-03-10 02:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-20 00:16 - 2015-03-10 02:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-20 00:16 - 2015-03-10 02:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-20 00:16 - 2015-03-10 02:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-20 00:16 - 2015-03-10 02:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-20 00:16 - 2015-03-10 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-20 00:16 - 2015-03-10 02:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-20 00:16 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-20 00:16 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-20 00:16 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-20 00:16 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-20 00:16 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-20 00:16 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-20 00:16 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-20 00:16 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-20 00:16 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-20 00:16 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-18 23:57 - 2015-04-23 06:46 - 00028155 _____ () C:\Users\transit\Desktop\Addition.txt
2015-04-18 23:56 - 2015-04-23 19:01 - 00018223 _____ () C:\Users\transit\Desktop\FRST.txt
2015-04-18 23:56 - 2015-04-23 19:01 - 00000000 ____D () C:\FRST
2015-04-18 23:53 - 2015-04-23 19:01 - 00000000 ____D () C:\Users\transit\Desktop\stappen
2015-04-18 23:53 - 2015-04-22 14:28 - 02099712 _____ (Farbar) C:\Users\transit\Desktop\FRST64.exe
2015-04-18 23:31 - 2015-04-18 23:31 - 00000000 ____D () C:\Users\transit\AppData\Local\TeamViewer
2015-04-18 23:30 - 2015-04-18 23:30 - 00000975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-18 15:04 - 2015-04-18 15:04 - 00000000 ____D () C:\Windows\pss
2015-04-18 11:42 - 2015-04-18 11:42 - 00001405 _____ () C:\Users\transit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-17 17:13 - 2015-04-22 19:21 - 00000008 __RSH () C:\Users\transit\ntuser.pol
2015-04-17 15:18 - 2015-04-17 15:18 - 00003030 _____ () C:\Windows\System32\Tasks\{50C37B14-2259-4BCD-B52E-783030EF8F71}
2015-04-17 15:16 - 2015-04-17 15:16 - 00003030 _____ () C:\Windows\System32\Tasks\{9514EDF2-1A91-4E9F-A395-CB65BC391C6E}
2015-04-17 15:11 - 2015-04-17 15:12 - 00009988 _____ () C:\Windows\iis7.log
2015-04-17 14:54 - 2015-04-17 14:54 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-16 22:30 - 2015-04-16 22:30 - 00000169 _____ () C:\Users\transit\Desktop\Google.url
2015-04-15 16:49 - 2015-04-15 16:50 - 00000000 ____D () C:\Program Files (x86)\Select Search
2015-04-15 16:24 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi(72).dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2(73).dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 16:24 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 16:24 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 16:24 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 16:24 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 16:24 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 16:24 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 16:24 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 16:24 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 16:24 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 16:24 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic(41).dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 16:24 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 16:24 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 16:24 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 16:24 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 16:24 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll(56).dll
2015-04-15 16:24 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win(71).dll
2015-04-15 16:24 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64(69).dll
2015-04-15 16:24 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu(70).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv(50).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32(48).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos(47).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore(60).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase(49).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel(57).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0(52).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt(55).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 16:24 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv(68).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest(65).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli(61).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss(59).exe
2015-04-15 16:24 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg(63).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv(44).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv(62).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32(58).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp(43).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 16:24 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 16:24 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 16:24 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass(51).exe
2015-04-15 16:24 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 16:24 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema(42).dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 16:24 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 16:24 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll(79).dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32(80).dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 16:24 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32(77).dll
2015-04-15 16:24 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase(78).dll
2015-04-15 16:24 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli(81).dll
2015-04-15 16:24 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 16:24 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 16:24 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp(74).dll
2015-04-15 16:24 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 16:24 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 16:24 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 16:24 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 16:24 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:24 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil(46).dll
2015-04-15 16:24 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(76).dll
2015-04-15 16:24 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet(67).dll
2015-04-15 16:24 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon(64).dll
2015-04-15 16:24 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet(83).dll
2015-04-15 16:24 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(82).dll
2015-04-15 16:24 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3(53).dll
2015-04-15 16:24 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r(54).dll
2015-04-15 16:24 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 16:24 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 16:24 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32(45).dll
2015-04-15 16:24 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32(75).dll
2015-04-15 16:24 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 16:23 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 16:23 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 16:23 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-02 02:26 - 2015-04-02 02:26 - 00169992 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\psmounterex.sys
2015-03-28 10:17 - 2015-03-28 10:17 - 00000000 ____D () C:\Users\transit\AppData\Local\NVIDIA
2015-03-28 10:10 - 2015-04-16 18:05 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-28 10:10 - 2015-03-28 10:10 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-28 10:09 - 2015-03-28 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-28 10:09 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-28 09:49 - 2015-03-28 09:49 - 00000998 _____ () C:\Users\transit\Desktop\Apple iPhone - Snelkoppeling.lnk
2015-03-28 09:09 - 2015-03-28 09:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-03-28 09:05 - 2015-03-28 09:05 - 00000382 _____ () C:\Windows\DirectX.log
2015-03-28 09:04 - 2015-03-28 09:04 - 00002210 _____ () C:\Users\transit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-25 11:15 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 16:22 - 2015-03-25 14:51 - 00002012 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 18:57 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 18:57 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 18:54 - 2012-05-17 09:39 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-23 18:53 - 2011-12-07 17:27 - 01438733 _____ () C:\Windows\WindowsUpdate.log
2015-04-23 18:48 - 2015-03-20 15:15 - 00007663 _____ () C:\Windows\setupact.log
2015-04-23 18:48 - 2011-09-06 00:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-23 18:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 18:42 - 2012-05-17 11:43 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-23 12:31 - 2014-01-26 21:36 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{401E2AD1-3D61-4E10-AEA2-12D09233DAF5}
2015-04-23 06:43 - 2015-03-20 15:14 - 00013992 _____ () C:\Windows\PFRO.log
2015-04-22 21:49 - 2014-05-05 17:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-22 21:46 - 2014-05-05 17:27 - 00000000 ____D () C:\Windows\hpojj4500
2015-04-22 21:45 - 2015-03-17 02:14 - 00000000 ____D () C:\ProgramData\salesale
2015-04-22 21:23 - 2014-05-05 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-22 19:21 - 2011-12-07 17:33 - 00000000 ____D () C:\Users\transit
2015-04-22 18:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-22 14:18 - 2015-01-09 15:33 - 00000000 ____D () C:\Windows\system32\log
2015-04-22 12:12 - 2015-03-20 19:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-22 12:10 - 2011-05-16 16:47 - 00854064 _____ () C:\Windows\system32\perfh013.dat
2015-04-22 12:10 - 2011-05-16 16:47 - 00192888 _____ () C:\Windows\system32\perfc013.dat
2015-04-22 12:10 - 2009-07-14 07:13 - 01943218 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 13:02 - 2009-07-14 06:45 - 00358224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-18 23:34 - 2011-12-07 17:34 - 00088536 _____ () C:\Users\transit\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-18 23:31 - 2012-05-15 20:12 - 00000000 ____D () C:\Users\transit\AppData\Roaming\TeamViewer
2015-04-18 15:01 - 2014-10-04 13:34 - 00000000 ____D () C:\Users\transit\AppData\Local\Unity
2015-04-18 13:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-18 12:38 - 2012-01-25 15:36 - 01916950 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-18 10:09 - 2015-03-23 19:57 - 00001829 _____ () C:\Windows\system32\ScanResults.xml
2015-04-18 10:04 - 2015-03-23 19:55 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-04-17 15:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-17 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-04-17 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-04-17 15:07 - 2011-04-12 10:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-17 15:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-04-17 15:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-04-17 14:54 - 2012-05-17 09:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 14:54 - 2012-05-17 09:39 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-17 14:54 - 2011-08-10 21:09 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 14:18 - 2015-03-02 15:33 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-17 14:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-16 19:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 18:06 - 2014-12-11 04:23 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 18:06 - 2014-04-30 15:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 18:05 - 2014-03-25 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-16 18:05 - 2011-12-07 17:28 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-16 18:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-16 18:02 - 2011-12-07 17:47 - 00000000 ____D () C:\Users\transit\AppData\Local\Google
2015-04-16 03:13 - 2013-08-15 08:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 03:05 - 2011-07-18 22:31 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 16:50 - 2015-03-10 14:26 - 00000000 ____D () C:\ProgramData\5786049068603124795
2015-04-14 09:37 - 2014-05-05 17:19 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-05-05 17:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-05-05 17:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-28 10:09 - 2014-05-02 17:27 - 00000000 ____D () C:\temp
2015-03-28 10:09 - 2011-08-11 23:24 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-28 10:09 - 2011-08-11 23:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-28 09:10 - 2011-07-18 22:51 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-03-26 11:35 - 2014-05-05 19:20 - 00000000 ____D () C:\Users\transit\AppData\Roaming\HpUpdate
2015-03-24 16:15 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
 
==================== Files in the root of some directories =======
 
2012-05-15 16:33 - 2012-05-15 16:33 - 0002116 _____ () C:\Program Files (x86)\INSTALL.LOG
2011-12-07 20:25 - 2011-12-07 20:25 - 0020816 _____ () C:\Users\transit\AppData\Roaming\UserTile.png
2013-12-19 14:17 - 2014-10-09 13:17 - 0000167 _____ () C:\Users\transit\AppData\Roaming\WB.CFG
2014-05-05 19:19 - 2014-05-05 19:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-08 23:52 - 2012-01-08 23:52 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-01-09 00:09 - 2012-01-09 00:09 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-05-04 19:58 - 2014-05-05 19:15 - 0015205 _____ () C:\ProgramData\hpzinstall.log
2014-05-02 19:33 - 2014-05-02 19:33 - 0000256 _____ () C:\ProgramData\lxee.log
2012-01-09 00:13 - 2012-02-14 10:43 - 0046798 _____ () C:\ProgramData\lxeeJSW.log
2012-01-08 23:57 - 2014-05-02 19:33 - 0109051 _____ () C:\ProgramData\lxeescan.log
2012-01-08 23:52 - 2012-01-08 23:52 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-01-08 23:52 - 2012-01-08 23:52 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-16 19:21
 
==================== End Of Log ============================
 
 
 
 
 
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by transit at 2015-04-23 19:01:41
Running from C:\Users\transit\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
Belgium e-ID middleware 4.0.5 (build 7363) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207363}) (Version: 4.0.7363 - Belgian Government)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DealPly (HKU\.DEFAULT\...\DealPly) (Version:  - ) <==== ATTENTION
DJ2540FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FoxTab PDF Creator (HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\FoxTab PDF Creator) (Version:  - ) <==== ATTENTION
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
HP Deskjet 2540 series Basissoftware van het apparaat (HKLM\...\{A7F14256-6DC6-458A-A92D-B5EEF79429AB}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{50467ECF-F6A9-40EC-A649-67EB6FAD9894}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7299 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware versie 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klik-en-Klaar 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Nederlands (HKLM-x32\...\{90140011-0066-0413-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0413-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{C6DB958A-50CC-481B-9ED8-3BAD236F7B49}) (Version: 7601 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
NVIDIA 3D Vision stuurprogramma 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Grafisch stuurprogramma 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Productverbeteringsonderzoek voor HP Deskjet 2540 series (HKLM\...\{08FB88A2-3FB6-4E82-AD55-393EBAD0E967}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version:  - )
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stuurprogrammapakket voor Windows - Fedict SmartCard  (10/04/2011 4.0.0.5) (HKLM\...\3FE3642036A0F4AEC17772437CE14BB1E67006AA) (Version: 10/04/2011 4.0.0.5 - Fedict)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\transit\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\transit\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
17-04-2015 14:59:26 Removed Adobe Reader XI (11.0.10) - Nederlands.
17-04-2015 15:01:06 Removed Adobe Reader XI (11.0.10) - Nederlands.
17-04-2015 15:30:35 Installatieprogramma voor Windows-modules
17-04-2015 16:27:26 Installed SLOW-PCfighter.
17-04-2015 16:30:32 Fighters Backup
17-04-2015 17:18:39 exploter
18-04-2015 10:25:51 Installatieprogramma voor Windows-modules
18-04-2015 11:02:50 Herstelbewerking
18-04-2015 11:22:43 Installatieprogramma voor Windows-modules
18-04-2015 12:33:46 Removed Java 7 Update 76 (64-bit)
18-04-2015 12:36:53 Windows Update
20-04-2015 00:17:31 Windows Update
22-04-2015 12:05:39 Installed Macrium Reflect Free Edition
22-04-2015 18:14:07 Installed Microsoft Fix it 50906
22-04-2015 18:19:41 Restore Point Created by FRST
23-04-2015 06:41:45 Restore Point Created by FRST
23-04-2015 18:45:27 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {004A59DD-0CD0-48FE-AD8E-50037D0B5211} - System32\Tasks\{81C5B759-FF0B-46CE-84A8-89D669780F07} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {07511566-5EFA-44D8-B54A-96A839FB4940} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {08AD675C-78E2-4C28-A195-03D5E3092C32} - System32\Tasks\{ED19E1C3-8C8E-4068-ABBB-3F14C0916900} => C:\digosoft\digo.exe [2012-05-21] ()
Task: {0EF33F4E-247B-4A59-8ECC-AF1CD752B9A3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {1151529D-38AE-46EC-A02B-1363A1A8D351} - System32\Tasks\{97043C5F-54E3-4B29-90E1-55167C3C6216} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {126D4E91-3891-4847-BAC8-47720DEE87F7} - System32\Tasks\{A80688EE-9AEB-414D-AC41-9BCEF6B0A689} => C:\Users\transit\Desktop\POLAX\polax\Polax.exe
Task: {1CCC9F0E-4523-4FF0-8190-DCABF2C96743} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1E8A395B-EA24-4F17-A9B9-5DCBC117B411} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1FDB7AF3-6786-4302-8BCD-5E78A5EB1322} - System32\Tasks\{87DCE43B-5D3C-4981-81B8-CEB1BB2F98AE} => pcalua.exe -a C:\Users\transit\Desktop\windows-live-messenger.exe -d C:\Users\transit\Desktop
Task: {2915B59A-96C8-413C-A63A-7B77B25EEE95} - System32\Tasks\{E6B6C12B-5E62-46A2-8B7B-01F892CD7BA3} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {2A21520C-26AF-4116-830A-5CF06BBFDF92} - System32\Tasks\{0B90DE2A-AFE4-4574-963D-5387DCAACE9E} => C:\Users\transit\AppData\Local\iLivid\iLivid.exe
Task: {2D5904E5-E1C4-4A0F-AACA-053FA1F77000} - System32\Tasks\{BECA6EBB-F09F-40F9-999B-6BEACA975A2F} => C:\Users\transit\Desktop\POLAX\polax\Polax.exe
Task: {2F30E610-459D-4D12-BD13-0ABB00195095} - System32\Tasks\{476E3058-9339-41F6-8093-F6DAEF21E489} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {3F6AF2EE-DC50-42CD-B263-93F949D28BA8} - System32\Tasks\{27219742-9C26-4399-988F-BEC36EBA342D} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {451ED1C6-E3C9-493D-9153-E7A4C10FBB45} - System32\Tasks\{A524AE01-64F6-4CF1-B185-84C161D68BE2} => C:\digosoft\digo.exe [2012-05-21] ()
Task: {5C676637-9DF8-4509-90A0-6E757725816D} - System32\Tasks\{50C37B14-2259-4BCD-B52E-783030EF8F71} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe [2014-08-30] (Kaspersky Lab ZAO)
Task: {6BAF0B69-9610-4F68-9B26-CEB692D234C0} - System32\Tasks\{D24854C4-754C-4629-BD4B-4E64A4182239} => Chrome.exe 
Task: {6CF08229-C3E1-464D-9312-FF1BF08D0168} - System32\Tasks\{D01BDC77-7FD7-4F19-906D-BEBBA2C8913B} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {7226CC10-B3A4-459C-92A5-8C0B954CF9AC} - System32\Tasks\{1E44404E-8B72-452D-8498-10DBE60EBF0C} => C:\digosoft\digo.exe [2012-05-21] ()
Task: {790CA437-1925-47B9-BBF9-AF4335C11EB7} - System32\Tasks\{A02B6ABC-C50D-4680-8DE7-FE0BDDBE7928} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {7A4E990B-41D0-4B85-ACC0-A704048BF869} - System32\Tasks\{3A580740-5F12-4B2B-8145-B4F2CE15A9E3} => pcalua.exe -a "C:\Users\transit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYUPHMOW\pure9.1.0.124nl.exe" -d C:\Users\transit\Desktop
Task: {808A239B-CB70-4D90-AB08-AB860F7264F8} - System32\Tasks\{F00A7E00-4D5B-4D15-BFF3-9B4AAB175A3D} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {86F8AE53-DF9F-4C53-96D3-179E0C50B287} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9F41D46B-DAA2-4CDC-A46D-623B99643A20} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {A6CC5361-E4B6-4588-9DFF-9052C8B45294} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A939B57B-4C43-48E4-8DAE-6DEFE4B00EAD} - System32\Tasks\{2B42464D-0E58-47A4-BDC6-382E841EBACE} => C:\digosoft\digo.exe [2012-05-21] ()
Task: {AA04715B-CD3D-4F3C-B269-FEE890575CDB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {AF2A9AB9-97D3-4EA9-B3AE-DA5FD740A58B} - System32\Tasks\{E3B9F4CA-63AA-40C4-812A-881CB1B4DF80} => Chrome.exe 
Task: {B322BBB8-3653-4A4E-985A-4D968C505D33} - System32\Tasks\{9514EDF2-1A91-4E9F-A395-CB65BC391C6E} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe [2014-08-30] (Kaspersky Lab ZAO)
Task: {B4B832A9-9CF0-4976-AE45-B9914FBF119F} - System32\Tasks\{49A2827B-1E9E-4142-91E3-550C21B01A4D} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {C2F93822-6370-4737-9FED-70C4EDDC985B} - System32\Tasks\{0E904838-A6D6-49E6-94C9-9148A50BB3EE} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {C536211A-2615-4B22-95BC-9D101DC8BE33} - System32\Tasks\{F6EA5C37-FEF5-467C-ABDE-771B8D998DCB} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {CA1E189F-5F29-4FC4-8EEA-DEF423E7D23B} - System32\Tasks\{17EFE308-059E-46D6-8B1C-70226613F8D6} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {D2093C2A-9D5E-43AF-9CEE-8CB05D511518} - System32\Tasks\{B6273C86-F98D-47D9-90F5-220E9D9E406A} => Chrome.exe 
Task: {DCF6A5C4-1955-415D-9FCB-28D6E13E67E7} - System32\Tasks\{7D4AD985-F398-41DA-A952-F9C1266F2381} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {DDF08966-2A52-4923-8C81-EF4A0BEAE5FA} - System32\Tasks\{A1E12A37-0C30-495B-8528-02D0F981C87C} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {E030BAE9-671C-4B06-B532-01D38F6263C8} - System32\Tasks\{687B5129-7122-4341-80E4-56FEE542F839} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {E212C79A-5141-40D2-AEB5-18D833D0336C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {FAEAA3EA-2394-4704-9FA8-E0E353FA964C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-01-09 00:18 - 2009-05-18 09:40 - 00053760 _____ () C:\Windows\System32\LXEEPMON.DLL
2012-01-09 00:18 - 2009-01-13 15:15 - 04485120 _____ () C:\Windows\System32\LXEEOEM.DLL
2012-01-08 23:58 - 2009-11-04 15:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll
2014-05-05 20:56 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\transit\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^transit^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperOptimizer.lnk => C:\Windows\pss\SuperOptimizer.lnk.Startup
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3839137701-2974941544-2065132041-500 - Administrator - Disabled)
Gast (S-1-5-21-3839137701-2974941544-2065132041-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3839137701-2974941544-2065132041-1010 - Limited - Enabled)
transit (S-1-5-21-3839137701-2974941544-2065132041-1002 - Administrator - Enabled) => C:\Users\transit
UpdatusUser (S-1-5-21-3839137701-2974941544-2065132041-1007 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/23/2015 06:45:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {0c7e9f5c-af52-43b9-a546-987fbf35d1a7}
 
Error: (04/23/2015 06:41:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {e8fca787-d916-43a1-8128-09e9346faff3}
 
 
System errors:
=============
Error: (04/23/2015 06:51:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De HP Network Devices Support-service is gestopt met de volgende foutcode: 
%%126.
 
Error: (04/23/2015 06:44:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De HP Network Devices Support-service is gestopt met de volgende foutcode: 
%%126.
 
Error: (04/23/2015 06:40:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Function Discovery Resource Publication-service is gestopt met de volgende foutcode: 
%%-2147014847.
 
Error: (04/23/2015 06:40:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 14:54:32 op ‎23/‎04/‎2015 is onverwacht gebeurd.
 
Error: (04/23/2015 06:46:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De HP Network Devices Support-service is gestopt met de volgende foutcode: 
%%126.
 
Error: (04/23/2015 06:27:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De HP Network Devices Support-service is gestopt met de volgende foutcode: 
%%126.
 
Error: (04/23/2015 06:24:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Function Discovery Resource Publication-service is gestopt met de volgende foutcode: 
%%-2147014847.
 
Error: (04/22/2015 09:56:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De HP Network Devices Support-service is gestopt met de volgende foutcode: 
%%126.
 
Error: (04/22/2015 09:49:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De HP Network Devices Support-service is gestopt met de volgende foutcode: 
%%126.
 
Error: (04/22/2015 07:24:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De HP Network Devices Support-service is gestopt met de volgende foutcode: 
%%126.
 
 
Microsoft Office Sessions:
=========================
Error: (04/23/2015 06:45:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Toegang geweigerd.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {0c7e9f5c-af52-43b9-a546-987fbf35d1a7}
 
Error: (04/23/2015 06:41:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Toegang geweigerd.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {e8fca787-d916-43a1-8128-09e9346faff3}
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-04-26 10:59:24.325
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\Users\transit\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2012-04-26 10:59:24.315
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\Users\transit\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 31%
Total physical RAM: 4077.64 MB
Available physical RAM: 2781.59 MB
Total Pagefile: 8153.47 MB
Available Pagefile: 6862.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1721.46 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:45.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
 
==================== End Of Log ============================
 

 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Total Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 

  • 0

#29
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

if i enter google.be i don't see the google image, is this normal?

No, that's not normal. Let's see if this next fix helps with that.
 
Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   1.07KB   80 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
Step#2 - Uninstalls
I see that DealPly and FoxTab PDF Creator are still in your Add/Remove programs. Are you having trouble removing?
 
Step#3 -  Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
Note: If you don't use Java or don't know if you need it I would uninstall it.
 
If you wish to keep it please follow the instructions below to update to the newest version.
1. Click the Start button
2. Type Java
3. Click on Configure Java in the search results
4. Click the Update tab
5. Click the Update Now button and allow the update to download/install. 
 
Step#4 - Keep Adobe Reader Updated
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.
NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

 
Lastly, I noticed that your Kaspersky antivirus is disabled. Please ensure you enable it after our steps or you will be left unprotected!!

 

 

 

Items for your next post

1. FRST Fix

2. Any trouble with Uninstalls?


  • 0

#30
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

see here my answer I gafe in nr 14 about trying to remove the programms you told me to remove :

 

FoxTab PDF Creator: an error occured while removing foxtab pdf creator. it is possible it was removed earler.

I clicked yes so the programm will be removed from the program list.

 

malwarebytes anti-malwarae:

 

file c:\ program files(x86)\malwarebytes .... \unins000.dat doesn't exist, cannot remove the program.

 

 

 

dealply not in the program list.

 

windows side bar not active on dekstop but I will run the fix it


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP