[HaraMo]

ok, theme is set and ok now. 

Why does the theme changes after I visit safe mode, Normally save mode doesn' change the theme hé.

 

ok about the boottime. I think that 55 sec in cleanmode and 1m06sec in norma mode is maybe ok , 11 sec more to boot up the antivirus.

 

thanks a lot.

 

clean up the tools?

[Advertisements]

No problem!

 

OK! Well done, your computer is clean again! Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.

4. Click on Change Settings.

5. Select "Install updates automatically (recommended)" from the Important updates drop-down.

6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
4. Antimalware- Preventative
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
 

• Download CryptoPrevent free for home use here following the instructions below.
• Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
• Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
• You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
• You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
• You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
• Click the Apply button to set Default protection.
• You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
• That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 

 

 

 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log

[BrianDrab]

No problem!

 

OK! Well done, your computer is clean again! Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.

4. Click on Change Settings.

5. Select "Install updates automatically (recommended)" from the Important updates drop-down.

6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
4. Antimalware- Preventative
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
 

• Download CryptoPrevent free for home use here following the instructions below.
• Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
• Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
• You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
• You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
• You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
• Click the Apply button to set Default protection.
• You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
• That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 

 

 

 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log

[HaraMo]

# DelFix v1.010 - Logfile created 26/04/2015 at 15:28:14

# Updated 26/04/2015 by Xplode

# Username : transit - TRANSIT-PC

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

~ Activating UAC ... OK

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\RegBackup

Deleted : C:\Users\transit\Desktop\Addition.txt

Deleted : C:\Users\transit\Desktop\adwcleaner_4.201.exe

Deleted : C:\Users\transit\Desktop\aswMBR.exe

Deleted : C:\Users\transit\Desktop\aswMBR.txt

Deleted : C:\Users\transit\Desktop\Fixlog.txt

Deleted : C:\Users\transit\Desktop\FRST.txt

Deleted : C:\Users\transit\Desktop\FRST64.exe

Deleted : C:\Users\transit\Desktop\JRT.exe

Deleted : C:\Users\transit\Desktop\JRT.txt

Deleted : C:\Users\transit\Desktop\MBR.dat

Deleted : C:\Users\transit\Desktop\Search.txt

Deleted : C:\Users\transit\Desktop\SecurityCheck.exe

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #491 [Windows Update | 04/24/2015 22:29:23]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

[BrianDrab]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[HaraMo]

How can I remove  superoptimizer  from the startup list? using autorun? which item(s) I need to delete?

 

When I went to msconfig to change back to normal startup, two things ware in the startuptap: tom tom, (this can stay) and superoptimizer.

 

I don't think I need that.

[BrianDrab]

You can open up Autoruns again and click on the Logon tab. You will see an entry for superoptimizer that you can delete. It will be listed under the Run key or Startup key as designated in the picture below. Let me know if you don't see it.

 

[HaraMo]

can't find it

[HaraMo]

About Windows update

 

it was already set to automatic update.

 

But if I manually start the windows update it says that the windows update service is not active that why it cannot search for updates,  it says to reboot pc, but already did that.

 

If i go to the services list I do see windows update active (started and automatic).

[BrianDrab]

can't find it

 

Let's do it this way. Please provide logs again and then we'll be able to delete it.

 

Step#1 - FRST Scan
 1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

About Windows update

 

it was already set to automatic update.

 

But if I manually start the windows update it says that the windows update service is not active that why it cannot search for updates,  it says to reboot pc, but already did that.

 

If i go to the services list I do see windows update active (started and automatic).

 

 

Let's check your services out.

 

Step#2 - Services Check
1. Please download Farbar Service Scanner to your desktop.
2. Make sure that ALL the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.

 

 

Items for your next post.

1. FRST and Addition log

2. FSS log

[HaraMo]

About Secunia psi

 

One app needs to be updated,  (microsoft XML Core Services (MSXML) 4.x ) If I click on it, i get a error message that the link couldn't be opened with the standard browser (which is IE) , then the question 'Do I want to use IE? I click OK, then a microsoft page open

 

microsoft Core XML Services (MSXML) 6.0

select language: English (no Dutch possible).

 

If I click download I can choose 4 different versions, I selected the first one: msxml6.msi (1.5MB). I run the msi file.  I checked secunia psi, but the 4.x version was still there to be updated, no I'm not sure if I rebooted the pc and/or re scanned secunia psi.

 

then to be sure I  rebooted pc, let secunia psi scan again , but it keep scanning now for more then a half hour, this is to long.

 

ADDED: I stopped the scanning, reopend secunia psi, rescanned this time the scan finishes after a while, but the msxml 4.x is still mentioned to be updated.

Edited by HaraMo, 26 April 2015 - 03:21 PM.

[HaraMo]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015

Ran by transit (administrator) on TRANSIT-PC on 26-04-2015 22:59:55

Running from C:\Users\transit\Desktop\stappen\01 - scan analyse

Loaded Profiles: transit & UpdatusUser (Available profiles: transit & UpdatusUser & DefaultAppPool)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)

Internet Explorer Version 9 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\CISVC.EXE

(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: ** <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION

HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\intelli-studio\iupdate.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\intelli-studio\iupdate.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\intelli-studio\iupdate.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\intelli-studio\iupdate.exe <====== ATTENTION

HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1904520 2015-04-24] (TomTom)

HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\RunOnce: [Uninstall C:\Users\transit\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\transit\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"

HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\Run: [Driver Whiz] => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false

HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()

HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs

HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\MountPoints2: {1767b950-20e8-11e1-ab1a-8c89a57d6dd6} - I:\iStudio.exe

HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> 

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-04-26]

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll [2015-03-20] (Kaspersky Lab ZAO)

ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll [2015-03-20] (Kaspersky Lab ZAO)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...q={searchTerms}

SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = 

SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {2077B4E2-3ADF-4315-BC05-B46E93073FAA} URL = 

SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 

SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = 

SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {F47F85FE-AF0F-4C1F-8EB8-EFFDEAA53904} URL = 

BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)

BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)

BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23] (Oracle Corporation)

BHO-x32: Aanmeldhulp voor Microsoft-account -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23] (Oracle Corporation)

BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)

DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()

FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-08-12] (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-23] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-23] (Oracle Corporation)

FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20] ()

FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20] ()

FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20] ()

FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-08-12] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-24] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-24] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)

FF Extension: Belgium eID - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-05-31]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]

FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]

FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20]

 

Chrome: 

=======

CHR StartupUrls: Default -> "https://www.google.be/"

CHR Profile: C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-24]

CHR Extension: (Google Docs) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-24]

CHR Extension: (Google Drive) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-24]

CHR Extension: (YouTube) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-24]

CHR Extension: (Google Search) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-24]

CHR Extension: (Google Sheets) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-24]

CHR Extension: (Bookmark Manager) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]

CHR Extension: (Google Wallet) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-24]

CHR Extension: (Gmail) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-24]

CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)

S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2012-12-26] () [File not signed]

R2 EFS; C:\Windows\System32\lsass.exe [31232 2015-03-06] (Microsoft Corporation) [File not signed]

R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2015-03-06] (Microsoft Corporation) [File not signed]

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2015-03-06] (Microsoft Corporation) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2015-03-06] (Microsoft Corporation) [File not signed]

R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)

R2 SamSs; C:\Windows\system32\lsass.exe [31232 2015-03-06] (Microsoft Corporation) [File not signed]

S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)

R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)

S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)

S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2015-03-06] (Microsoft Corporation) [File not signed]

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AVFSFilter; No ImagePath

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)

S3 IntcAzAudAddService; No ImagePath

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)

R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)

R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-03-20] (Kaspersky Lab ZAO)

R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-20] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)

R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-03-20] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)

S0 nvpciflt; No ImagePath

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)

S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [169992 2015-04-02] (Windows ® Win 7 DDK provider)

S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)

S3 cpuz134; \??\C:\Users\transit\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-04-26 22:59 - 2015-04-26 22:59 - 00001313 _____ () C:\Users\transit\Desktop\FRST64.exe - Snelkoppeling.lnk

2015-04-26 22:59 - 2015-04-26 22:59 - 00000000 ____D () C:\FRST

2015-04-26 22:19 - 2015-04-26 22:19 - 01528320 _____ () C:\Users\transit\Desktop\msxml6.msi

2015-04-26 21:43 - 2015-04-24 22:05 - 00671904 _____ (Sysinternals - www.sysinternals.com) C:\Users\transit\Desktop\autoruns.exe

2015-04-26 18:42 - 2015-04-26 18:42 - 00001541 _____ () C:\Users\transit\Desktop\Internet Explorer.lnk

2015-04-26 18:01 - 2015-04-26 18:01 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

2015-04-26 18:01 - 2015-04-26 18:01 - 00000000 ____D () C:\Users\transit\AppData\Local\Secunia PSI

2015-04-26 18:01 - 2015-04-26 18:01 - 00000000 ____D () C:\Program Files (x86)\Secunia

2015-04-26 16:02 - 2015-04-26 16:02 - 00053248 _____ () C:\Windows\SysWOW64\zlib.dll

2015-04-26 16:02 - 2015-04-26 16:02 - 00001220 _____ () C:\Users\Public\Desktop\CryptoPrevent.lnk

2015-04-26 16:02 - 2015-04-26 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT

2015-04-26 16:02 - 2015-04-26 16:02 - 00000000 ____D () C:\ProgramData\Foolish IT

2015-04-26 16:02 - 2015-04-26 16:02 - 00000000 ____D () C:\Program Files (x86)\Foolish IT

2015-04-26 15:28 - 2015-04-26 15:28 - 00001234 _____ () C:\DelFix.txt

2015-04-26 15:28 - 2015-04-26 15:28 - 00000000 ____D () C:\Windows\ERUNT

2015-04-26 13:55 - 2015-04-26 13:55 - 00001405 _____ () C:\Users\transit\Desktop\Internet Explorer (64-bit).lnk

2015-04-24 22:05 - 2015-04-24 22:05 - 00671904 _____ (Sysinternals - www.sysinternals.com) C:\Users\transit\Downloads\autoruns.exe

2015-04-24 18:06 - 2015-04-24 18:06 - 23308656 _____ (TomTom International B.V.) C:\Users\transit\Downloads\InstallMyDriveConnect_4_0_1_2117.exe

2015-04-24 09:12 - 2015-04-24 09:12 - 11198509 _____ () C:\Windows\system32\boot_BASE+CSWITCH_1.cab

2015-04-24 09:12 - 2015-04-24 09:12 - 106954752 _____ () C:\Windows\system32\boot_BASE+CSWITCH_1.etl

2015-04-24 09:08 - 2015-04-24 09:08 - 105906176 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_6.etl

2015-04-24 09:08 - 2015-04-24 09:08 - 10552856 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_6.cab

2015-04-24 09:05 - 2015-04-24 09:05 - 09632989 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_5.cab

2015-04-24 09:04 - 2015-04-24 09:04 - 103809024 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_5.etl

2015-04-24 09:01 - 2015-04-24 09:01 - 102760448 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_4.etl

2015-04-24 09:01 - 2015-04-24 09:01 - 08106547 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_4.cab

2015-04-24 08:58 - 2015-04-24 08:58 - 06592173 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_3.cab

2015-04-24 08:57 - 2015-04-24 08:57 - 98566144 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_3.etl

2015-04-24 08:46 - 2015-04-24 08:46 - 99614720 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_2.etl

2015-04-24 08:46 - 2015-04-24 08:46 - 04939683 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_2.cab

2015-04-24 08:43 - 2015-04-24 08:43 - 03336576 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_1.cab

2015-04-24 08:42 - 2015-04-24 08:42 - 103809024 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_1.etl

2015-04-24 08:38 - 2015-04-24 09:12 - 00013201 _____ () C:\Windows\system32\xbootmgr.log

2015-04-24 08:30 - 2015-04-24 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits

2015-04-24 08:30 - 2015-04-24 08:30 - 00000000 ____D () C:\Program Files (x86)\Windows Kits

2015-04-24 08:29 - 2015-04-24 08:30 - 00000000 ____D () C:\ProgramData\Package Cache

2015-04-24 08:24 - 2015-04-24 08:24 - 00991536 _____ (Microsoft Corporation) C:\Users\transit\Downloads\sdksetup.exe

2015-04-24 06:35 - 2015-04-26 22:40 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-24 06:35 - 2015-04-26 22:29 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-24 06:35 - 2015-04-24 06:35 - 00004054 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-04-24 06:35 - 2015-04-24 06:35 - 00003802 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-04-24 06:35 - 2015-04-24 06:35 - 00002283 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-04-24 06:35 - 2015-04-24 06:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-04-23 22:14 - 2015-04-23 22:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2015-04-23 22:09 - 2015-04-23 22:09 - 00000000 ____D () C:\Windows\Sun

2015-04-23 22:08 - 2015-04-23 22:08 - 00000000 ____D () C:\ProgramData\Sun

2015-04-22 21:23 - 2015-04-22 21:23 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-04-22 21:23 - 2015-04-22 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-04-22 14:08 - 2015-04-22 14:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TRANSIT-PC-Windows-7-Home-Premium-(64-bit).dat

2015-04-22 12:11 - 2015-04-22 12:11 - 00000000 ____D () C:\Users\transit\Documents\Reflect

2015-04-22 12:06 - 2015-04-22 12:06 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk

2015-04-22 12:06 - 2015-04-22 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium

2015-04-22 12:06 - 2015-04-22 12:06 - 00000000 ____D () C:\Program Files\Macrium

2015-04-22 12:05 - 2015-04-22 12:06 - 00377892 _____ () C:\Reflect_Install.log

2015-04-22 12:03 - 2015-04-22 12:04 - 00000000 ____D () C:\Users\transit\Downloads\Macrium

2015-04-22 12:03 - 2015-04-22 12:04 - 00000000 ____D () C:\ProgramData\Macrium

2015-04-20 00:16 - 2015-03-10 02:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-04-20 00:16 - 2015-03-10 02:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-04-20 00:16 - 2015-03-10 02:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-04-20 00:16 - 2015-03-10 02:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-04-20 00:16 - 2015-03-10 02:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-04-20 00:16 - 2015-03-10 02:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-04-20 00:16 - 2015-03-10 02:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-04-20 00:16 - 2015-03-10 02:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-04-20 00:16 - 2015-03-10 02:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-04-20 00:16 - 2015-03-10 02:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-04-20 00:16 - 2015-03-10 02:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-04-20 00:16 - 2015-03-10 02:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-04-20 00:16 - 2015-03-10 02:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-04-20 00:16 - 2015-03-10 02:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-04-20 00:16 - 2015-03-10 02:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-04-20 00:16 - 2015-03-10 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-04-20 00:16 - 2015-03-10 02:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-04-20 00:16 - 2015-03-10 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-04-20 00:16 - 2015-03-10 02:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-04-20 00:16 - 2015-03-10 02:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-04-20 00:16 - 2015-03-10 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-04-20 00:16 - 2015-03-10 02:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-04-20 00:16 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-04-20 00:16 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-04-20 00:16 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-04-20 00:16 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-04-20 00:16 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-04-20 00:16 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-04-20 00:16 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-04-20 00:16 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-04-20 00:16 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-04-20 00:16 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-04-20 00:16 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2015-04-20 00:16 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-04-20 00:16 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-04-20 00:16 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-04-20 00:16 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-04-20 00:16 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-04-20 00:16 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-04-20 00:16 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-04-20 00:16 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-04-20 00:16 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2015-04-20 00:16 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2015-04-20 00:16 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2015-04-18 23:53 - 2015-04-26 18:25 - 00000000 ____D () C:\Users\transit\Desktop\stappen

2015-04-18 23:31 - 2015-04-18 23:31 - 00000000 ____D () C:\Users\transit\AppData\Local\TeamViewer

2015-04-18 23:30 - 2015-04-26 16:27 - 00000975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk

2015-04-18 15:04 - 2015-04-26 17:41 - 00000000 ____D () C:\Windows\pss

2015-04-18 11:42 - 2015-04-18 11:42 - 00001405 _____ () C:\Users\transit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2015-04-17 17:13 - 2015-04-22 19:21 - 00000008 __RSH () C:\Users\transit\ntuser.pol

2015-04-17 15:18 - 2015-04-17 15:18 - 00003030 _____ () C:\Windows\System32\Tasks\{50C37B14-2259-4BCD-B52E-783030EF8F71}

2015-04-17 15:16 - 2015-04-17 15:16 - 00003030 _____ () C:\Windows\System32\Tasks\{9514EDF2-1A91-4E9F-A395-CB65BC391C6E}

2015-04-17 15:11 - 2015-04-17 15:12 - 00009988 _____ () C:\Windows\iis7.log

2015-04-17 14:54 - 2015-04-17 14:54 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2015-04-16 22:30 - 2015-04-16 22:30 - 00000169 _____ () C:\Users\transit\Desktop\Google.url

2015-04-15 16:49 - 2015-04-15 16:50 - 00000000 ____D () C:\Program Files (x86)\Select Search

2015-04-15 16:24 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-04-15 16:24 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-04-15 16:24 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi(72).dll

2015-04-15 16:24 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-04-15 16:24 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-04-15 16:24 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-04-15 16:24 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2(73).dll

2015-04-15 16:24 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-04-15 16:24 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-04-15 16:24 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-04-15 16:24 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-04-15 16:24 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-04-15 16:24 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-04-15 16:24 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-04-15 16:24 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-04-15 16:24 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-04-15 16:24 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-04-15 16:24 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-04-15 16:24 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-04-15 16:24 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-04-15 16:24 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-04-15 16:24 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic(41).dll

2015-04-15 16:24 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-04-15 16:24 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-04-15 16:24 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-04-15 16:24 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-04-15 16:24 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-04-15 16:24 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll(56).dll

2015-04-15 16:24 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win(71).dll

2015-04-15 16:24 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64(69).dll

2015-04-15 16:24 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu(70).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv(50).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32(48).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos(47).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore(60).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase(49).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel(57).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0(52).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt(55).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-04-15 16:24 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv(68).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest(65).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli(61).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss(59).exe

2015-04-15 16:24 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg(63).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv(44).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv(62).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32(58).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp(43).dll

2015-04-15 16:24 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-04-15 16:24 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-04-15 16:24 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-04-15 16:24 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass(51).exe

2015-04-15 16:24 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-04-15 16:24 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema(42).dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-04-15 16:24 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-04-15 16:24 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll(79).dll

2015-04-15 16:24 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-04-15 16:24 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-04-15 16:24 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-04-15 16:24 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-04-15 16:24 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-04-15 16:24 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-04-15 16:24 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-04-15 16:24 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32(80).dll

2015-04-15 16:24 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-04-15 16:24 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32(77).dll

2015-04-15 16:24 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase(78).dll

2015-04-15 16:24 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli(81).dll

2015-04-15 16:24 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-04-15 16:24 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-04-15 16:24 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp(74).dll

2015-04-15 16:24 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-04-15 16:24 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-04-15 16:24 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-04-15 16:24 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-04-15 16:24 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-04-15 16:24 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-04-15 16:24 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil(46).dll

2015-04-15 16:24 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(76).dll

2015-04-15 16:24 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet(67).dll

2015-04-15 16:24 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon(64).dll

2015-04-15 16:24 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet(83).dll

2015-04-15 16:24 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(82).dll

2015-04-15 16:24 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3(53).dll

2015-04-15 16:24 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r(54).dll

2015-04-15 16:24 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-04-15 16:24 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2015-04-15 16:24 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32(45).dll

2015-04-15 16:24 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32(75).dll

2015-04-15 16:24 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

2015-04-15 16:23 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2015-04-15 16:23 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-04-15 16:23 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

2015-04-02 02:26 - 2015-04-02 02:26 - 00169992 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\psmounterex.sys

2015-03-28 10:17 - 2015-03-28 10:17 - 00000000 ____D () C:\Users\transit\AppData\Local\NVIDIA

2015-03-28 10:10 - 2015-04-16 18:05 - 00000000 ___SD () C:\Windows\system32\GWX

2015-03-28 10:10 - 2015-03-28 10:10 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-03-28 10:09 - 2015-03-28 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2015-03-28 10:09 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2015-03-28 09:49 - 2015-03-28 09:49 - 00000998 _____ () C:\Users\transit\Desktop\Apple iPhone - Snelkoppeling.lnk

2015-03-28 09:09 - 2015-03-28 09:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

2015-03-28 09:05 - 2015-03-28 09:05 - 00000382 _____ () C:\Windows\DirectX.log

2015-03-28 09:04 - 2015-03-28 09:04 - 00002210 _____ () C:\Users\transit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-04-26 22:54 - 2012-05-17 09:39 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-26 22:35 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-26 22:35 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-26 22:31 - 2011-12-07 17:27 - 01783937 _____ () C:\Windows\WindowsUpdate.log

2015-04-26 22:29 - 2015-03-20 19:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2015-04-26 22:29 - 2015-03-20 15:15 - 00009769 _____ () C:\Windows\setupact.log

2015-04-26 22:29 - 2011-09-06 00:24 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-04-26 22:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-26 18:38 - 2009-07-14 07:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-04-26 18:26 - 2014-05-05 17:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-26 18:01 - 2012-05-17 11:43 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

2015-04-26 15:24 - 2012-05-15 20:12 - 00000000 ____D () C:\Users\transit\AppData\Roaming\TeamViewer

2015-04-26 14:35 - 2014-01-26 21:36 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{401E2AD1-3D61-4E10-AEA2-12D09233DAF5}

2015-04-26 13:27 - 2011-05-16 16:47 - 00854064 _____ () C:\Windows\system32\perfh013.dat

2015-04-26 13:27 - 2011-05-16 16:47 - 00192888 _____ () C:\Windows\system32\perfc013.dat

2015-04-26 13:27 - 2009-07-14 07:13 - 01943218 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-04-24 23:43 - 2015-03-24 16:22 - 00002012 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk

2015-04-24 18:07 - 2014-01-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom

2015-04-24 18:07 - 2014-01-22 09:47 - 00000000 ____D () C:\Program Files (x86)\MyDrive Connect

2015-04-24 08:31 - 2015-03-20 15:14 - 00015296 _____ () C:\Windows\PFRO.log

2015-04-24 06:35 - 2012-04-27 12:53 - 00000000 ____D () C:\Users\transit\AppData\Local\Deployment

2015-04-24 06:35 - 2011-12-07 17:47 - 00000000 ____D () C:\Users\transit\AppData\Local\Google

2015-04-24 06:35 - 2011-12-07 17:28 - 00000000 ____D () C:\Program Files (x86)\Google

2015-04-23 22:15 - 2011-12-15 11:06 - 00000000 ____D () C:\Users\transit\AppData\Local\Adobe

2015-04-23 22:14 - 2015-01-04 18:48 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2015-04-23 22:14 - 2011-07-18 23:06 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-04-23 22:09 - 2014-03-25 15:03 - 00000000 ____D () C:\ProgramData\Oracle

2015-04-23 22:08 - 2014-03-25 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-04-22 21:46 - 2014-05-05 17:27 - 00000000 ____D () C:\Windows\hpojj4500

2015-04-22 21:23 - 2014-05-05 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-04-22 19:21 - 2011-12-07 17:33 - 00000000 ____D () C:\Users\transit

2015-04-22 18:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2015-04-22 14:18 - 2015-01-09 15:33 - 00000000 ____D () C:\Windows\system32\log

2015-04-19 13:02 - 2009-07-14 06:45 - 00358224 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-04-18 23:34 - 2011-12-07 17:34 - 00088536 _____ () C:\Users\transit\AppData\Local\GDIPFONTCACHEV1.DAT

2015-04-18 15:01 - 2014-10-04 13:34 - 00000000 ____D () C:\Users\transit\AppData\Local\Unity

2015-04-18 13:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2015-04-18 12:38 - 2012-01-25 15:36 - 01916950 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR

2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI

2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR

2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sl-SI

2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-04-18 10:09 - 2015-03-23 19:57 - 00001829 _____ () C:\Windows\system32\ScanResults.xml

2015-04-18 10:04 - 2015-03-23 19:55 - 00000464 _____ () C:\Windows\system32\ScannerSettings

2015-04-17 15:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-04-17 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar

2015-04-17 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker

2015-04-17 15:07 - 2011-04-12 10:28 - 00000000 ___RD () C:\Users\Public\Recorded TV

2015-04-17 15:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv

2015-04-17 15:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv

2015-04-17 14:54 - 2012-05-17 09:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-17 14:54 - 2012-05-17 09:39 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-04-17 14:54 - 2011-08-10 21:09 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-17 14:18 - 2015-03-02 15:33 - 00000000 ____D () C:\Users\DefaultAppPool

2015-04-17 14:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

2015-04-16 19:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2015-04-16 18:06 - 2014-12-11 04:23 - 00000000 ____D () C:\Windows\system32\appraiser

2015-04-16 18:06 - 2014-04-30 15:07 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-04-16 18:05 - 2014-03-25 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-04-16 18:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2015-04-16 03:13 - 2013-08-15 08:48 - 00000000 ____D () C:\Windows\system32\MRT

2015-04-16 03:05 - 2011-07-18 22:31 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-04-15 16:50 - 2015-03-10 14:26 - 00000000 ____D () C:\ProgramData\5786049068603124795

2015-04-14 09:37 - 2014-05-05 17:19 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-04-14 09:37 - 2014-05-05 17:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-04-14 09:37 - 2014-05-05 17:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-28 10:09 - 2014-05-02 17:27 - 00000000 ____D () C:\temp

2015-03-28 10:09 - 2011-08-11 23:24 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2015-03-28 10:09 - 2011-08-11 23:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2015-03-28 09:10 - 2011-07-18 22:51 - 00000000 ____D () C:\Program Files (x86)\Windows Live

 

==================== Files in the root of some directories =======

 

2012-05-15 16:33 - 2012-05-15 16:33 - 0002116 _____ () C:\Program Files (x86)\INSTALL.LOG

2011-12-07 20:25 - 2011-12-07 20:25 - 0020816 _____ () C:\Users\transit\AppData\Roaming\UserTile.png

2013-12-19 14:17 - 2014-10-09 13:17 - 0000167 _____ () C:\Users\transit\AppData\Roaming\WB.CFG

2014-05-05 19:19 - 2014-05-05 19:19 - 0000057 _____ () C:\ProgramData\Ament.ini

2012-01-08 23:52 - 2012-01-08 23:52 - 0000000 _____ () C:\ProgramData\cmn_upld.log

2012-01-09 00:09 - 2012-01-09 00:09 - 0000252 _____ () C:\ProgramData\FastPics.log

2014-05-04 19:58 - 2014-05-05 19:15 - 0015205 _____ () C:\ProgramData\hpzinstall.log

2014-05-02 19:33 - 2014-05-02 19:33 - 0000256 _____ () C:\ProgramData\lxee.log

2012-01-09 00:13 - 2012-02-14 10:43 - 0046798 _____ () C:\ProgramData\lxeeJSW.log

2012-01-08 23:57 - 2014-05-02 19:33 - 0109051 _____ () C:\ProgramData\lxeescan.log

2012-01-08 23:52 - 2012-01-08 23:52 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log

2012-01-08 23:52 - 2012-01-08 23:52 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

 

Some content of TEMP:

====================

C:\Users\transit\AppData\Local\Temp\jre-8u45-windows-au.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-04-24 06:55

 

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015

Ran by transit at 2015-04-26 23:00:30

Running from C:\Users\transit\Desktop\stappen\01 - scan analyse

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)

Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)

Belgium e-ID middleware 4.0.5 (build 7363) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207363}) (Version: 4.0.7363 - Belgian Government)

bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden

CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden

CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)

CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden

CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)

CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DealPly (HKU\.DEFAULT\...\DealPly) (Version:  - ) <==== ATTENTION

DJ2540FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden

Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

FoxTab PDF Creator (HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\FoxTab PDF Creator) (Version:  - ) <==== ATTENTION

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

HP Deskjet 2540 series Basissoftware van het apparaat (HKLM\...\{A7F14256-6DC6-458A-A92D-B5EEF79429AB}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Deskjet 2540 series Help (HKLM-x32\...\{50467ECF-F6A9-40EC-A649-67EB6FAD9894}) (Version: 30.0.0 - Hewlett Packard)

HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden

HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)

Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden

Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden

Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)

Macrium Reflect Free Edition (Version: 5.3.7299 - Paramount Software (UK) Ltd.) Hidden

Malwarebytes Anti-Malware versie 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Klik-en-Klaar 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - Nederlands (HKLM-x32\...\{90140011-0066-0413-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0413-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Windows Debugging Symbols (HKLM-x32\...\{C6DB958A-50CC-481B-9ED8-3BAD236F7B49}) (Version: 7601 - Microsoft)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyDriveConnect 4.0.0.2117 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.0.2117 - TomTom)

NVIDIA 3D Vision stuurprogramma 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)

NVIDIA Grafisch stuurprogramma 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)

NVIDIA HD Audio-stuurprogramma 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)

NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Poczta usługi Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Pošta Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Productverbeteringsonderzoek voor HP Deskjet 2540 series (HKLM\...\{08FB88A2-3FB6-4E82-AD55-393EBAD0E967}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)

SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version:  - )

Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)

Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Stuurprogrammapakket voor Windows - Fedict SmartCard  (10/04/2011 4.0.0.5) (HKLM\...\3FE3642036A0F4AEC17772437CE14BB1E67006AA) (Version: 10/04/2011 4.0.0.5 - Fedict)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)

Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)

WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden

WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden

Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\transit\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\transit\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

26-04-2015 15:28:18 End of disinfection

26-04-2015 18:29:26 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {004A59DD-0CD0-48FE-AD8E-50037D0B5211} - System32\Tasks\{81C5B759-FF0B-46CE-84A8-89D669780F07} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {07511566-5EFA-44D8-B54A-96A839FB4940} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)

Task: {08AD675C-78E2-4C28-A195-03D5E3092C32} - System32\Tasks\{ED19E1C3-8C8E-4068-ABBB-3F14C0916900} => C:\digosoft\digo.exe [2012-05-21] ()

Task: {0EF33F4E-247B-4A59-8ECC-AF1CD752B9A3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {1151529D-38AE-46EC-A02B-1363A1A8D351} - System32\Tasks\{97043C5F-54E3-4B29-90E1-55167C3C6216} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {126D4E91-3891-4847-BAC8-47720DEE87F7} - System32\Tasks\{A80688EE-9AEB-414D-AC41-9BCEF6B0A689} => C:\Users\transit\Desktop\POLAX\polax\Polax.exe

Task: {1CCC9F0E-4523-4FF0-8190-DCABF2C96743} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {1E8A395B-EA24-4F17-A9B9-5DCBC117B411} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {1FDB7AF3-6786-4302-8BCD-5E78A5EB1322} - System32\Tasks\{87DCE43B-5D3C-4981-81B8-CEB1BB2F98AE} => pcalua.exe -a C:\Users\transit\Desktop\windows-live-messenger.exe -d C:\Users\transit\Desktop

Task: {2915B59A-96C8-413C-A63A-7B77B25EEE95} - System32\Tasks\{E6B6C12B-5E62-46A2-8B7B-01F892CD7BA3} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {2D5904E5-E1C4-4A0F-AACA-053FA1F77000} - System32\Tasks\{BECA6EBB-F09F-40F9-999B-6BEACA975A2F} => C:\Users\transit\Desktop\POLAX\polax\Polax.exe

Task: {2F30E610-459D-4D12-BD13-0ABB00195095} - System32\Tasks\{476E3058-9339-41F6-8093-F6DAEF21E489} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {3F6AF2EE-DC50-42CD-B263-93F949D28BA8} - System32\Tasks\{27219742-9C26-4399-988F-BEC36EBA342D} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {451ED1C6-E3C9-493D-9153-E7A4C10FBB45} - System32\Tasks\{A524AE01-64F6-4CF1-B185-84C161D68BE2} => C:\digosoft\digo.exe [2012-05-21] ()

Task: {4CDD61AC-272E-4E8F-BBE7-A5393D517E81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-24] (Google Inc.)

Task: {5C676637-9DF8-4509-90A0-6E757725816D} - System32\Tasks\{50C37B14-2259-4BCD-B52E-783030EF8F71} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe [2014-08-30] (Kaspersky Lab ZAO)

Task: {6CF08229-C3E1-464D-9312-FF1BF08D0168} - System32\Tasks\{D01BDC77-7FD7-4F19-906D-BEBBA2C8913B} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {7226CC10-B3A4-459C-92A5-8C0B954CF9AC} - System32\Tasks\{1E44404E-8B72-452D-8498-10DBE60EBF0C} => C:\digosoft\digo.exe [2012-05-21] ()

Task: {790CA437-1925-47B9-BBF9-AF4335C11EB7} - System32\Tasks\{A02B6ABC-C50D-4680-8DE7-FE0BDDBE7928} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {7A4E990B-41D0-4B85-ACC0-A704048BF869} - System32\Tasks\{3A580740-5F12-4B2B-8145-B4F2CE15A9E3} => pcalua.exe -a "C:\Users\transit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYUPHMOW\pure9.1.0.124nl.exe" -d C:\Users\transit\Desktop

Task: {808A239B-CB70-4D90-AB08-AB860F7264F8} - System32\Tasks\{F00A7E00-4D5B-4D15-BFF3-9B4AAB175A3D} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {9F41D46B-DAA2-4CDC-A46D-623B99643A20} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)

Task: {A6CC5361-E4B6-4588-9DFF-9052C8B45294} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {A939B57B-4C43-48E4-8DAE-6DEFE4B00EAD} - System32\Tasks\{2B42464D-0E58-47A4-BDC6-382E841EBACE} => C:\digosoft\digo.exe [2012-05-21] ()

Task: {AA04715B-CD3D-4F3C-B269-FEE890575CDB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {B322BBB8-3653-4A4E-985A-4D968C505D33} - System32\Tasks\{9514EDF2-1A91-4E9F-A395-CB65BC391C6E} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe [2014-08-30] (Kaspersky Lab ZAO)

Task: {B4B832A9-9CF0-4976-AE45-B9914FBF119F} - System32\Tasks\{49A2827B-1E9E-4142-91E3-550C21B01A4D} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {C2F93822-6370-4737-9FED-70C4EDDC985B} - System32\Tasks\{0E904838-A6D6-49E6-94C9-9148A50BB3EE} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {C536211A-2615-4B22-95BC-9D101DC8BE33} - System32\Tasks\{F6EA5C37-FEF5-467C-ABDE-771B8D998DCB} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {C6164765-A807-4382-806E-5CA51469142A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)

Task: {CA1E189F-5F29-4FC4-8EEA-DEF423E7D23B} - System32\Tasks\{17EFE308-059E-46D6-8B1C-70226613F8D6} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {DCF6A5C4-1955-415D-9FCB-28D6E13E67E7} - System32\Tasks\{7D4AD985-F398-41DA-A952-F9C1266F2381} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {DDF08966-2A52-4923-8C81-EF4A0BEAE5FA} - System32\Tasks\{A1E12A37-0C30-495B-8528-02D0F981C87C} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {E030BAE9-671C-4B06-B532-01D38F6263C8} - System32\Tasks\{687B5129-7122-4341-80E4-56FEE542F839} => C:\POLAX\Polax.exe [2001-12-27] ()

Task: {E212C79A-5141-40D2-AEB5-18D833D0336C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {F974BBCB-2D4D-44FD-87E2-01CD6FE2EA96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-24] (Google Inc.)

Task: {FAEAA3EA-2394-4704-9FA8-E0E353FA964C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2012-01-09 00:18 - 2009-05-18 09:40 - 00053760 _____ () C:\Windows\System32\LXEEPMON.DLL

2012-01-09 00:18 - 2009-01-13 15:15 - 04485120 _____ () C:\Windows\System32\LXEEOEM.DLL

2012-01-08 23:58 - 2009-11-04 15:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll

2014-05-05 20:56 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll

2015-04-24 09:12 - 2015-04-24 09:12 - 00140288 _____ () C:\Program Files (x86)\MyDrive Connect\quazip.dll

2014-09-11 17:06 - 2014-09-11 17:06 - 00878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll

2014-09-11 17:06 - 2014-09-11 17:06 - 00038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll

2014-09-11 17:05 - 2014-09-11 17:05 - 00204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll

2014-09-11 17:08 - 2014-09-11 17:08 - 00015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll

2014-09-11 17:14 - 2014-09-11 17:14 - 00015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll

2014-09-11 17:15 - 2014-09-11 17:15 - 00252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\transit\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg

DNS Servers: 192.168.1.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Users^transit^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperOptimizer.lnk => C:\Windows\pss\SuperOptimizer.lnk.Startup

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3839137701-2974941544-2065132041-500 - Administrator - Disabled)

Gast (S-1-5-21-3839137701-2974941544-2065132041-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3839137701-2974941544-2065132041-1010 - Limited - Enabled)

transit (S-1-5-21-3839137701-2974941544-2065132041-1002 - Administrator - Enabled) => C:\Users\transit

UpdatusUser (S-1-5-21-3839137701-2974941544-2065132041-1007 - Limited - Enabled) => C:\Users\UpdatusUser

 

==================== Faulty Device Manager Devices =============

 

Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter

Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Realtek Semiconductor Corp.

Service: RTL8192su

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/26/2015 10:34:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Naam van toepassing met fout: PSIA.exe, versie: 3.0.0.10004, tijdstempel: 0x54784a82

Naam van module met fout: PSIA.exe, versie: 3.0.0.10004, tijdstempel: 0x54784a82

Uitzonderingscode: 0x40000015

Foutoffset: 0x00093534

Id van proces met fout: 0xa48

Starttijd van toepassing met fout: 0xPSIA.exe0

Pad naar toepassing met fout: PSIA.exe1

Pad naar module met fout: PSIA.exe2

Rapport-id: PSIA.exe3

 

Error: (04/26/2015 10:23:58 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Naam van toepassing met fout: PSIA.exe, versie: 3.0.0.10004, tijdstempel: 0x54784a82

Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000

Uitzonderingscode: 0xc0000005

Foutoffset: 0x0025ff90

Id van proces met fout: 0xa2c

Starttijd van toepassing met fout: 0xPSIA.exe0

Pad naar toepassing met fout: PSIA.exe1

Pad naar module met fout: PSIA.exe2

Rapport-id: PSIA.exe3

 

Error: (04/26/2015 10:03:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Naam van toepassing met fout: PSIA.exe, versie: 3.0.0.10004, tijdstempel: 0x54784a82

Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000

Uitzonderingscode: 0xc0000005

Foutoffset: 0xeeffee01

Id van proces met fout: 0x888

Starttijd van toepassing met fout: 0xPSIA.exe0

Pad naar toepassing met fout: PSIA.exe1

Pad naar module met fout: PSIA.exe2

Rapport-id: PSIA.exe3

 

Error: (04/24/2015 06:13:14 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Naam van toepassing met fout: digo.exe, versie: 0.0.0.0, tijdstempel: 0x41bdebae

Naam van module met fout: VFP9r.dll, versie: 9.0.0.7423, tijdstempel: 0x49a31c32

Uitzonderingscode: 0xc0000005

Foutoffset: 0x00029842

Id van proces met fout: 0x1334

Starttijd van toepassing met fout: 0xdigo.exe0

Pad naar toepassing met fout: digo.exe1

Pad naar module met fout: digo.exe2

Rapport-id: digo.exe3

 

Error: (04/24/2015 05:37:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7601.17567, tijdstempel: 0x4d672ee4

Naam van module met fout: wwanapi.dll, versie: 6.1.7600.16385, tijdstempel: 0x4a5be0a8

Uitzonderingscode: 0xc0000005

Foutoffset: 0x00000000000333eb

Id van proces met fout: 0x24c

Starttijd van toepassing met fout: 0xExplorer.EXE0

Pad naar toepassing met fout: Explorer.EXE1

Pad naar module met fout: Explorer.EXE2

Rapport-id: Explorer.EXE3

 

Error: (04/23/2015 09:58:32 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.

.

Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.

 

 

Bewerking:

   Schrijvergegevens verzamelen

 

Context:

   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}

   Naam van schrijver: System Writer

   Instantie-id van schrijver: {c43fcb9c-f1cf-469a-8bd8-5318e5f13078}

 

Error: (04/23/2015 06:45:22 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.

.

Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.

 

 

Bewerking:

   Schrijvergegevens verzamelen

 

Context:

   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}

   Naam van schrijver: System Writer

   Instantie-id van schrijver: {0c7e9f5c-af52-43b9-a546-987fbf35d1a7}

 

Error: (04/23/2015 06:41:44 AM) (Source: VSS) (EventID: 8194) (User: )

Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.

.

Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.

 

 

Bewerking:

   Schrijvergegevens verzamelen

 

Context:

   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}

   Naam van schrijver: System Writer

   Instantie-id van schrijver: {e8fca787-d916-43a1-8128-09e9346faff3}

 

 

System errors:

=============

Error: (04/26/2015 10:34:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: De Secunia PSI Agent-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

 

Error: (04/26/2015 10:24:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: De Secunia PSI Agent-service is onverwacht beëindigd. Dit is nu 2 keer gebeurd.

 

Error: (04/26/2015 10:03:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: De Secunia PSI Agent-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

 

Error: (04/26/2015 06:40:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de IKE and AuthIP IPsec Keying Modules-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt: 

%%1056

 

Error: (04/26/2015 06:40:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de User Profile Service-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt: 

%%1056

 

Error: (04/26/2015 06:40:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de Windows Management Instrumentation-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt: 

%%1056

 

Error: (04/26/2015 06:39:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de Server-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt: 

%%1056

 

Error: (04/26/2015 06:38:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: De Windows Management Instrumentation-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 120000 milliseconden worden uitgevoerd: Service opnieuw starten.

 

Error: (04/26/2015 06:38:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: De Themes-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd: Service opnieuw starten.

 

Error: (04/26/2015 06:38:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: De Shell Hardware Detection-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd: Service opnieuw starten.

 

 

Microsoft Office Sessions:

=========================

Error: (04/26/2015 10:34:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534a4801d0805fb66dd6d2C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeaf852374-ec53-11e4-a761-8c89a57d6dd6

 

Error: (04/26/2015 10:23:58 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c00000050025ff90a2c01d0805de30ed3f9C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown2aeaadc5-ec52-11e4-8a69-8c89a57d6dd6

 

Error: (04/26/2015 10:03:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005eeffee0188801d0805a83c5d39dC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown48fb07ec-ec4f-11e4-8a69-8c89a57d6dd6

 

Error: (04/24/2015 06:13:14 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: digo.exe0.0.0.041bdebaeVFP9r.dll9.0.0.742349a31c32c000000500029842133401d07ea90537c326C:\digosoft\digo.exeC:\Program Files (x86)\Common Files\microsoft shared\VFP\VFP9r.dllcecb6e61-ea9c-11e4-9697-8c89a57d6dd6

 

Error: (04/24/2015 05:37:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Explorer.EXE6.1.7601.175674d672ee4wwanapi.dll6.1.7600.163854a5be0a8c000000500000000000333eb24c01d07ea469b2b629C:\Windows\Explorer.EXEC:\Windows\system32\wwanapi.dlld3263667-ea97-11e4-9620-8c89a57d6dd6

 

Error: (04/23/2015 09:58:32 PM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Toegang geweigerd.

 

 

Bewerking:

   Schrijvergegevens verzamelen

 

Context:

   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}

   Naam van schrijver: System Writer

   Instantie-id van schrijver: {c43fcb9c-f1cf-469a-8bd8-5318e5f13078}

 

Error: (04/23/2015 06:45:22 PM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Toegang geweigerd.

 

 

Bewerking:

   Schrijvergegevens verzamelen

 

Context:

   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}

   Naam van schrijver: System Writer

   Instantie-id van schrijver: {0c7e9f5c-af52-43b9-a546-987fbf35d1a7}

 

Error: (04/23/2015 06:41:44 AM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Toegang geweigerd.

 

 

Bewerking:

   Schrijvergegevens verzamelen

 

Context:

   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}

   Naam van schrijver: System Writer

   Instantie-id van schrijver: {e8fca787-d916-43a1-8128-09e9346faff3}

 

 

CodeIntegrity Errors:

===================================

  Date: 2012-04-26 10:59:24.325

  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\Users\transit\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

 

  Date: 2012-04-26 10:59:24.315

  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\Users\transit\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz

Percentage of memory in use: 32%

Total physical RAM: 4077.64 MB

Available physical RAM: 2732.7 MB

Total Pagefile: 8153.47 MB

Available Pagefile: 6599.03 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1754.25 GB) NTFS

Drive d: (Recover) (Fixed) (Total:50 GB) (Free:46.46 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 1863 GB) (Disk ID: 2BD2C32A)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

 

==================== End Of Log ============================

 

 

Farbar Service Scanner Version: 17-01-2015

Ran by transit (administrator) on 26-04-2015 at 23:04:24

Running from "C:\Users\transit\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

 

 

System Restore:

============

 

System Restore Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

[BrianDrab]

One app needs to be updated,  (microsoft XML Core Services (MSXML) 4.x ) If I click on it, i get a error message that the link couldn't be opened with the standard browser (which is IE) , then the question 'Do I want to use IE? I click OK, then a microsoft page open

 

microsoft Core XML Services (MSXML) 6.0

select language: English (no Dutch possible).

 

If I click download I can choose 4 different versions, I selected the first one: msxml6.msi (1.5MB). I run the msi file.  I checked secunia psi, but the 4.x version was still there to be updated, no I'm not sure if I rebooted the pc and/or re scanned secunia psi.

 

then to be sure I  rebooted pc, let secunia psi scan again , but it keep scanning now for more then a half hour, this is to long.

 

ADDED: I stopped the scanning, reopend secunia psi, rescanned this time the scan finishes after a while, but the msxml 4.x is still mentioned to be updated.

 

 

This is a false positive. Basically Secunia is just telling you that the program is no longer supported and no longer receiving updates. You can ignore this. See here if interested. Also here.

[BrianDrab]

It doesn't appear that you had your system set to Normal setup before running the FRST logs.

 

 

Let's do the following instead.

 

Step#1 - FRST Registry Search
 
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the words DealPly;FoxTab PDF Creator;SuperOptimizer into the Search box and click the Search Registry button.
   
 
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
    saved on your desktop named Search.txt.

 

Step#2 - Update Internet Explorer

You currently have IE9. Although you don't use IE as your default browser, leaving it outdated exposes you to vulnerabilities. Please download and install IE11 from here.

http://windows.micro...dwide-languages

[HaraMo]

Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01

Ran by transit at 2015-04-27 18:39:52

Running from C:\Users\transit\Desktop

Boot Mode: Normal

 

================== Search Registry: "DealPly;FoxTab PDF Creator;SuperOptimizer" ===========

 

 

===================== Search result for "DealPly" ==========

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]

"DisplayName"="DealPly"

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]

"DisplayName"="DealPly"

 

 

===================== Search result for "FoxTab PDF Creator" ==========

 

[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Creator]

 

====== End Of Search ======

[BrianDrab]

Please run the following fix and let me know if IE11 installed successfully. After this make sure you are set to a normal startup as well (through msconfig).

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   486bytes   145 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.