Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer slow [Solved]


  • This topic is locked This topic is locked

#46
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

ok, theme is set and ok now. 

Why does the theme changes after I visit safe mode, Normally save mode doesn' change the theme hé.

 

ok about the boottime. I think that 55 sec in cleanmode and 1m06sec in norma mode is maybe ok , 11 sec more to boot up the antivirus.

 

thanks a lot.

 

clean up the tools?


  • 0

Advertisements


#47
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No problem!

 

OK! Well done, your computer is clean again! :thumbsup: Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG
4. Click on Change Settings.
CheckForUpdates.JPG
5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
WUChangeSettings.JPG
6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
4. Antimalware- Preventative
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
5. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
 


  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
UpdatesV7.4.11.JPG
 

 

 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log


  • 0

#48
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
# DelFix v1.010 - Logfile created 26/04/2015 at 15:28:14
# Updated 26/04/2015 by Xplode
# Username : transit - TRANSIT-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\transit\Desktop\Addition.txt
Deleted : C:\Users\transit\Desktop\adwcleaner_4.201.exe
Deleted : C:\Users\transit\Desktop\aswMBR.exe
Deleted : C:\Users\transit\Desktop\aswMBR.txt
Deleted : C:\Users\transit\Desktop\Fixlog.txt
Deleted : C:\Users\transit\Desktop\FRST.txt
Deleted : C:\Users\transit\Desktop\FRST64.exe
Deleted : C:\Users\transit\Desktop\JRT.exe
Deleted : C:\Users\transit\Desktop\JRT.txt
Deleted : C:\Users\transit\Desktop\MBR.dat
Deleted : C:\Users\transit\Desktop\Search.txt
Deleted : C:\Users\transit\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #491 [Windows Update | 04/24/2015 22:29:23]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#49
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#50
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

How can I remove  superoptimizer  from the startup list? using autorun? which item(s) I need to delete?

 

When I went to msconfig to change back to normal startup, two things ware in the startuptap: tom tom, (this can stay) and superoptimizer.

 

I don't think I need that.


  • 0

#51
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

You can open up Autoruns again and click on the Logon tab. You will see an entry for superoptimizer that you can delete. It will be listed under the Run key or Startup key as designated in the picture below. Let me know if you don't see it.

 

Capture.JPG


  • 0

#52
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

can't find it


  • 0

#53
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

About Windows update

 

it was already set to automatic update.

 

But if I manually start the windows update it says that the windows update service is not active that why it cannot search for updates,  it says to reboot pc, but already did that.

 

If i go to the services list I do see windows update active (started and automatic).


  • 0

#54
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

can't find it

 

Let's do it this way. Please provide logs again and then we'll be able to delete it.

 

Step#1 - FRST Scan
 1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

About Windows update

 

it was already set to automatic update.

 

But if I manually start the windows update it says that the windows update service is not active that why it cannot search for updates,  it says to reboot pc, but already did that.

 

If i go to the services list I do see windows update active (started and automatic).

 

 

Let's check your services out.

 

Step#2 - Services Check
1. Please download Farbar Service Scanner to your desktop.
2. Make sure that ALL the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.

 

 

Items for your next post.

1. FRST and Addition log

2. FSS log


  • 0

#55
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts

About Secunia psi

 

One app needs to be updated,  (microsoft XML Core Services (MSXML) 4.x ) If I click on it, i get a error message that the link couldn't be opened with the standard browser (which is IE) , then the question 'Do I want to use IE? I click OK, then a microsoft page open

 

microsoft Core XML Services (MSXML) 6.0

select language: English (no Dutch possible).

 

If I click download I can choose 4 different versions, I selected the first one: msxml6.msi (1.5MB). I run the msi file.  I checked secunia psi, but the 4.x version was still there to be updated, no I'm not sure if I rebooted the pc and/or re scanned secunia psi.

 

then to be sure I  rebooted pc, let secunia psi scan again , but it keep scanning now for more then a half hour, this is to long.

 

ADDED: I stopped the scanning, reopend secunia psi, rescanned this time the scan finishes after a while, but the msxml 4.x is still mentioned to be updated.


Edited by HaraMo, 26 April 2015 - 03:21 PM.

  • 0

Advertisements


#56
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by transit (administrator) on TRANSIT-PC on 26-04-2015 22:59:55
Running from C:\Users\transit\Desktop\stappen\01 - scan analyse
Loaded Profiles: transit & UpdatusUser (Available profiles: transit & UpdatusUser & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\intelli-studio\iupdate.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\intelli-studio\iupdate.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\intelli-studio\iupdate.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\intelli-studio\iupdate.exe <====== ATTENTION
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1904520 2015-04-24] (TomTom)
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\RunOnce: [Uninstall C:\Users\transit\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\transit\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\Run: [Driver Whiz] => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\RunOnce: [HKCU] => C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\MountPoints2: {1767b950-20e8-11e1-ab1a-8c89a57d6dd6} - I:\iStudio.exe
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-04-26]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\shellex.dll [2015-03-20] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {014F27E2-6D75-4E42-A0E9-2A2C68498AFA} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\shellex.dll [2015-03-20] (Kaspersky Lab ZAO)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {2077B4E2-3ADF-4315-BC05-B46E93073FAA} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = 
SearchScopes: HKU\S-1-5-21-3839137701-2974941544-2065132041-1007 -> {F47F85FE-AF0F-4C1F-8EB8-EFFDEAA53904} URL = 
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-23] (Oracle Corporation)
BHO-x32: Aanmeldhulp voor Microsoft-account -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-23] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\IEExt\ie_plugin.dll [2015-03-20] (Kaspersky Lab ZAO)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-08-12] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-23] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-08-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: Belgium eID - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-05-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\FFExt\[email protected] [2015-03-20]
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.be/"
CHR Profile: C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-24]
CHR Extension: (Google Docs) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-24]
CHR Extension: (Google Drive) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-24]
CHR Extension: (YouTube) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-24]
CHR Extension: (Google Search) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-24]
CHR Extension: (Google Sheets) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-24]
CHR Extension: (Bookmark Manager) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Google Wallet) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-24]
CHR Extension: (Gmail) - C:\Users\transit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-24]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2012-12-26] () [File not signed]
R2 EFS; C:\Windows\System32\lsass.exe [31232 2015-03-06] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2015-03-06] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2015-03-06] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2015-03-06] (Microsoft Corporation) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 SamSs; C:\Windows\system32\lsass.exe [31232 2015-03-06] (Microsoft Corporation) [File not signed]
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2015-03-06] (Microsoft Corporation) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AVFSFilter; No ImagePath
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 IntcAzAudAddService; No ImagePath
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-03-20] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-03-20] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S0 nvpciflt; No ImagePath
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [169992 2015-04-02] (Windows ® Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
S3 cpuz134; \??\C:\Users\transit\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-26 22:59 - 2015-04-26 22:59 - 00001313 _____ () C:\Users\transit\Desktop\FRST64.exe - Snelkoppeling.lnk
2015-04-26 22:59 - 2015-04-26 22:59 - 00000000 ____D () C:\FRST
2015-04-26 22:19 - 2015-04-26 22:19 - 01528320 _____ () C:\Users\transit\Desktop\msxml6.msi
2015-04-26 21:43 - 2015-04-24 22:05 - 00671904 _____ (Sysinternals - www.sysinternals.com) C:\Users\transit\Desktop\autoruns.exe
2015-04-26 18:42 - 2015-04-26 18:42 - 00001541 _____ () C:\Users\transit\Desktop\Internet Explorer.lnk
2015-04-26 18:01 - 2015-04-26 18:01 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-04-26 18:01 - 2015-04-26 18:01 - 00000000 ____D () C:\Users\transit\AppData\Local\Secunia PSI
2015-04-26 18:01 - 2015-04-26 18:01 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-04-26 16:02 - 2015-04-26 16:02 - 00053248 _____ () C:\Windows\SysWOW64\zlib.dll
2015-04-26 16:02 - 2015-04-26 16:02 - 00001220 _____ () C:\Users\Public\Desktop\CryptoPrevent.lnk
2015-04-26 16:02 - 2015-04-26 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-04-26 16:02 - 2015-04-26 16:02 - 00000000 ____D () C:\ProgramData\Foolish IT
2015-04-26 16:02 - 2015-04-26 16:02 - 00000000 ____D () C:\Program Files (x86)\Foolish IT
2015-04-26 15:28 - 2015-04-26 15:28 - 00001234 _____ () C:\DelFix.txt
2015-04-26 15:28 - 2015-04-26 15:28 - 00000000 ____D () C:\Windows\ERUNT
2015-04-26 13:55 - 2015-04-26 13:55 - 00001405 _____ () C:\Users\transit\Desktop\Internet Explorer (64-bit).lnk
2015-04-24 22:05 - 2015-04-24 22:05 - 00671904 _____ (Sysinternals - www.sysinternals.com) C:\Users\transit\Downloads\autoruns.exe
2015-04-24 18:06 - 2015-04-24 18:06 - 23308656 _____ (TomTom International B.V.) C:\Users\transit\Downloads\InstallMyDriveConnect_4_0_1_2117.exe
2015-04-24 09:12 - 2015-04-24 09:12 - 11198509 _____ () C:\Windows\system32\boot_BASE+CSWITCH_1.cab
2015-04-24 09:12 - 2015-04-24 09:12 - 106954752 _____ () C:\Windows\system32\boot_BASE+CSWITCH_1.etl
2015-04-24 09:08 - 2015-04-24 09:08 - 105906176 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_6.etl
2015-04-24 09:08 - 2015-04-24 09:08 - 10552856 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_6.cab
2015-04-24 09:05 - 2015-04-24 09:05 - 09632989 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_5.cab
2015-04-24 09:04 - 2015-04-24 09:04 - 103809024 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_5.etl
2015-04-24 09:01 - 2015-04-24 09:01 - 102760448 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_4.etl
2015-04-24 09:01 - 2015-04-24 09:01 - 08106547 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_4.cab
2015-04-24 08:58 - 2015-04-24 08:58 - 06592173 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_3.cab
2015-04-24 08:57 - 2015-04-24 08:57 - 98566144 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_3.etl
2015-04-24 08:46 - 2015-04-24 08:46 - 99614720 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_2.etl
2015-04-24 08:46 - 2015-04-24 08:46 - 04939683 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_2.cab
2015-04-24 08:43 - 2015-04-24 08:43 - 03336576 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_1.cab
2015-04-24 08:42 - 2015-04-24 08:42 - 103809024 _____ () C:\Windows\system32\bootPrep_BASE+CSWITCH_1.etl
2015-04-24 08:38 - 2015-04-24 09:12 - 00013201 _____ () C:\Windows\system32\xbootmgr.log
2015-04-24 08:30 - 2015-04-24 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-04-24 08:30 - 2015-04-24 08:30 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2015-04-24 08:29 - 2015-04-24 08:30 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-24 08:24 - 2015-04-24 08:24 - 00991536 _____ (Microsoft Corporation) C:\Users\transit\Downloads\sdksetup.exe
2015-04-24 06:35 - 2015-04-26 22:40 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-24 06:35 - 2015-04-26 22:29 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-24 06:35 - 2015-04-24 06:35 - 00004054 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-24 06:35 - 2015-04-24 06:35 - 00003802 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-24 06:35 - 2015-04-24 06:35 - 00002283 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-24 06:35 - 2015-04-24 06:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-23 22:14 - 2015-04-23 22:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-23 22:09 - 2015-04-23 22:09 - 00000000 ____D () C:\Windows\Sun
2015-04-23 22:08 - 2015-04-23 22:08 - 00000000 ____D () C:\ProgramData\Sun
2015-04-22 21:23 - 2015-04-22 21:23 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-22 21:23 - 2015-04-22 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-22 14:08 - 2015-04-22 14:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TRANSIT-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-22 12:11 - 2015-04-22 12:11 - 00000000 ____D () C:\Users\transit\Documents\Reflect
2015-04-22 12:06 - 2015-04-22 12:06 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2015-04-22 12:06 - 2015-04-22 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2015-04-22 12:06 - 2015-04-22 12:06 - 00000000 ____D () C:\Program Files\Macrium
2015-04-22 12:05 - 2015-04-22 12:06 - 00377892 _____ () C:\Reflect_Install.log
2015-04-22 12:03 - 2015-04-22 12:04 - 00000000 ____D () C:\Users\transit\Downloads\Macrium
2015-04-22 12:03 - 2015-04-22 12:04 - 00000000 ____D () C:\ProgramData\Macrium
2015-04-20 00:16 - 2015-03-10 02:31 - 17882112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-20 00:16 - 2015-03-10 02:19 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-20 00:16 - 2015-03-10 02:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-20 00:16 - 2015-03-10 02:18 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-20 00:16 - 2015-03-10 02:14 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-20 00:16 - 2015-03-10 02:14 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-20 00:16 - 2015-03-10 02:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-20 00:16 - 2015-03-10 02:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-20 00:16 - 2015-03-10 02:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-20 00:16 - 2015-03-10 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-20 00:16 - 2015-03-10 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-20 00:16 - 2015-03-10 02:12 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-20 00:16 - 2015-03-10 01:06 - 12377600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-20 00:16 - 2015-03-10 01:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-20 00:16 - 2015-03-10 01:02 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-20 00:16 - 2015-03-10 01:00 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-20 00:16 - 2015-03-10 00:57 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-20 00:16 - 2015-03-10 00:57 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-20 00:16 - 2015-03-10 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-04-20 00:16 - 2015-03-10 00:56 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-20 00:16 - 2015-03-10 00:55 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-20 00:16 - 2015-03-10 00:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-04-20 00:16 - 2015-03-10 00:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-04-20 00:16 - 2015-03-10 00:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-04-18 23:53 - 2015-04-26 18:25 - 00000000 ____D () C:\Users\transit\Desktop\stappen
2015-04-18 23:31 - 2015-04-18 23:31 - 00000000 ____D () C:\Users\transit\AppData\Local\TeamViewer
2015-04-18 23:30 - 2015-04-26 16:27 - 00000975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-18 15:04 - 2015-04-26 17:41 - 00000000 ____D () C:\Windows\pss
2015-04-18 11:42 - 2015-04-18 11:42 - 00001405 _____ () C:\Users\transit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-04-17 17:13 - 2015-04-22 19:21 - 00000008 __RSH () C:\Users\transit\ntuser.pol
2015-04-17 15:18 - 2015-04-17 15:18 - 00003030 _____ () C:\Windows\System32\Tasks\{50C37B14-2259-4BCD-B52E-783030EF8F71}
2015-04-17 15:16 - 2015-04-17 15:16 - 00003030 _____ () C:\Windows\System32\Tasks\{9514EDF2-1A91-4E9F-A395-CB65BC391C6E}
2015-04-17 15:11 - 2015-04-17 15:12 - 00009988 _____ () C:\Windows\iis7.log
2015-04-17 14:54 - 2015-04-17 14:54 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-16 22:30 - 2015-04-16 22:30 - 00000169 _____ () C:\Users\transit\Desktop\Google.url
2015-04-15 16:49 - 2015-04-15 16:50 - 00000000 ____D () C:\Program Files (x86)\Select Search
2015-04-15 16:24 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi(72).dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2(73).dll
2015-04-15 16:24 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 16:24 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 16:24 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 16:24 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 16:24 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 16:24 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 16:24 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 16:24 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 16:24 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 16:24 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 16:24 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic(41).dll
2015-04-15 16:24 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 16:24 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 16:24 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 16:24 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 16:24 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 16:24 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll(56).dll
2015-04-15 16:24 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win(71).dll
2015-04-15 16:24 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64(69).dll
2015-04-15 16:24 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu(70).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv(50).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32(48).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos(47).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore(60).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase(49).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel(57).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0(52).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt(55).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 16:24 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv(68).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest(65).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli(61).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss(59).exe
2015-04-15 16:24 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg(63).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv(44).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv(62).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32(58).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp(43).dll
2015-04-15 16:24 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 16:24 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 16:24 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 16:24 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass(51).exe
2015-04-15 16:24 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 16:24 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema(42).dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 16:24 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 16:24 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll(79).dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32(80).dll
2015-04-15 16:24 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 16:24 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32(77).dll
2015-04-15 16:24 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase(78).dll
2015-04-15 16:24 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli(81).dll
2015-04-15 16:24 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 16:24 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 16:24 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp(74).dll
2015-04-15 16:24 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 16:24 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 16:24 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 16:24 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 16:24 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 16:24 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 16:24 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil(46).dll
2015-04-15 16:24 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(76).dll
2015-04-15 16:24 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet(67).dll
2015-04-15 16:24 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon(64).dll
2015-04-15 16:24 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet(83).dll
2015-04-15 16:24 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(82).dll
2015-04-15 16:24 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3(53).dll
2015-04-15 16:24 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r(54).dll
2015-04-15 16:24 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 16:24 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 16:24 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32(45).dll
2015-04-15 16:24 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32(75).dll
2015-04-15 16:24 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 16:23 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 16:23 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 16:23 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-02 02:26 - 2015-04-02 02:26 - 00169992 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\psmounterex.sys
2015-03-28 10:17 - 2015-03-28 10:17 - 00000000 ____D () C:\Users\transit\AppData\Local\NVIDIA
2015-03-28 10:10 - 2015-04-16 18:05 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-28 10:10 - 2015-03-28 10:10 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-28 10:09 - 2015-03-28 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-28 10:09 - 2015-02-05 19:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-28 09:49 - 2015-03-28 09:49 - 00000998 _____ () C:\Users\transit\Desktop\Apple iPhone - Snelkoppeling.lnk
2015-03-28 09:09 - 2015-03-28 09:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-03-28 09:05 - 2015-03-28 09:05 - 00000382 _____ () C:\Windows\DirectX.log
2015-03-28 09:04 - 2015-03-28 09:04 - 00002210 _____ () C:\Users\transit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-26 22:54 - 2012-05-17 09:39 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-26 22:35 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-26 22:35 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-26 22:31 - 2011-12-07 17:27 - 01783937 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 22:29 - 2015-03-20 19:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-26 22:29 - 2015-03-20 15:15 - 00009769 _____ () C:\Windows\setupact.log
2015-04-26 22:29 - 2011-09-06 00:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-26 22:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 18:38 - 2009-07-14 07:08 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-26 18:26 - 2014-05-05 17:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 18:01 - 2012-05-17 11:43 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-26 15:24 - 2012-05-15 20:12 - 00000000 ____D () C:\Users\transit\AppData\Roaming\TeamViewer
2015-04-26 14:35 - 2014-01-26 21:36 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{401E2AD1-3D61-4E10-AEA2-12D09233DAF5}
2015-04-26 13:27 - 2011-05-16 16:47 - 00854064 _____ () C:\Windows\system32\perfh013.dat
2015-04-26 13:27 - 2011-05-16 16:47 - 00192888 _____ () C:\Windows\system32\perfc013.dat
2015-04-26 13:27 - 2009-07-14 07:13 - 01943218 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-24 23:43 - 2015-03-24 16:22 - 00002012 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-04-24 18:07 - 2014-01-22 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-04-24 18:07 - 2014-01-22 09:47 - 00000000 ____D () C:\Program Files (x86)\MyDrive Connect
2015-04-24 08:31 - 2015-03-20 15:14 - 00015296 _____ () C:\Windows\PFRO.log
2015-04-24 06:35 - 2012-04-27 12:53 - 00000000 ____D () C:\Users\transit\AppData\Local\Deployment
2015-04-24 06:35 - 2011-12-07 17:47 - 00000000 ____D () C:\Users\transit\AppData\Local\Google
2015-04-24 06:35 - 2011-12-07 17:28 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-23 22:15 - 2011-12-15 11:06 - 00000000 ____D () C:\Users\transit\AppData\Local\Adobe
2015-04-23 22:14 - 2015-01-04 18:48 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-23 22:14 - 2011-07-18 23:06 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-23 22:09 - 2014-03-25 15:03 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-23 22:08 - 2014-03-25 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-22 21:46 - 2014-05-05 17:27 - 00000000 ____D () C:\Windows\hpojj4500
2015-04-22 21:23 - 2014-05-05 17:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-22 19:21 - 2011-12-07 17:33 - 00000000 ____D () C:\Users\transit
2015-04-22 18:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-22 14:18 - 2015-01-09 15:33 - 00000000 ____D () C:\Windows\system32\log
2015-04-19 13:02 - 2009-07-14 06:45 - 00358224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-18 23:34 - 2011-12-07 17:34 - 00088536 _____ () C:\Users\transit\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-18 15:01 - 2014-10-04 13:34 - 00000000 ____D () C:\Users\transit\AppData\Local\Unity
2015-04-18 13:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-18 12:38 - 2012-01-25 15:36 - 01916950 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-04-18 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-18 10:09 - 2015-03-23 19:57 - 00001829 _____ () C:\Windows\system32\ScanResults.xml
2015-04-18 10:04 - 2015-03-23 19:55 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-04-17 15:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-17 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-04-17 15:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-04-17 15:07 - 2011-04-12 10:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-17 15:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-04-17 15:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-04-17 14:54 - 2012-05-17 09:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-17 14:54 - 2012-05-17 09:39 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-17 14:54 - 2011-08-10 21:09 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-17 14:18 - 2015-03-02 15:33 - 00000000 ____D () C:\Users\DefaultAppPool
2015-04-17 14:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-16 19:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 18:06 - 2014-12-11 04:23 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 18:06 - 2014-04-30 15:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 18:05 - 2014-03-25 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-16 18:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-16 03:13 - 2013-08-15 08:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 03:05 - 2011-07-18 22:31 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 16:50 - 2015-03-10 14:26 - 00000000 ____D () C:\ProgramData\5786049068603124795
2015-04-14 09:37 - 2014-05-05 17:19 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-05-05 17:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-05-05 17:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-28 10:09 - 2014-05-02 17:27 - 00000000 ____D () C:\temp
2015-03-28 10:09 - 2011-08-11 23:24 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-28 10:09 - 2011-08-11 23:22 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-28 09:10 - 2011-07-18 22:51 - 00000000 ____D () C:\Program Files (x86)\Windows Live
 
==================== Files in the root of some directories =======
 
2012-05-15 16:33 - 2012-05-15 16:33 - 0002116 _____ () C:\Program Files (x86)\INSTALL.LOG
2011-12-07 20:25 - 2011-12-07 20:25 - 0020816 _____ () C:\Users\transit\AppData\Roaming\UserTile.png
2013-12-19 14:17 - 2014-10-09 13:17 - 0000167 _____ () C:\Users\transit\AppData\Roaming\WB.CFG
2014-05-05 19:19 - 2014-05-05 19:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-08 23:52 - 2012-01-08 23:52 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-01-09 00:09 - 2012-01-09 00:09 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-05-04 19:58 - 2014-05-05 19:15 - 0015205 _____ () C:\ProgramData\hpzinstall.log
2014-05-02 19:33 - 2014-05-02 19:33 - 0000256 _____ () C:\ProgramData\lxee.log
2012-01-09 00:13 - 2012-02-14 10:43 - 0046798 _____ () C:\ProgramData\lxeeJSW.log
2012-01-08 23:57 - 2014-05-02 19:33 - 0109051 _____ () C:\ProgramData\lxeescan.log
2012-01-08 23:52 - 2012-01-08 23:52 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2012-01-08 23:52 - 2012-01-08 23:52 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some content of TEMP:
====================
C:\Users\transit\AppData\Local\Temp\jre-8u45-windows-au.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-24 06:55
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by transit at 2015-04-26 23:00:30
Running from C:\Users\transit\Desktop\stappen\01 - scan analyse
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
Belgium e-ID middleware 4.0.5 (build 7363) (HKLM\...\{824563DE-75AD-4166-9DC0-B6482F207363}) (Version: 4.0.7363 - Belgian Government)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DealPly (HKU\.DEFAULT\...\DealPly) (Version:  - ) <==== ATTENTION
DJ2540FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FoxTab PDF Creator (HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\FoxTab PDF Creator) (Version:  - ) <==== ATTENTION
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Deskjet 2540 series Basissoftware van het apparaat (HKLM\...\{A7F14256-6DC6-458A-A92D-B5EEF79429AB}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{50467ECF-F6A9-40EC-A649-67EB6FAD9894}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7299 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware versie 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klik-en-Klaar 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Nederlands (HKLM-x32\...\{90140011-0066-0413-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0413-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{C6DB958A-50CC-481B-9ED8-3BAD236F7B49}) (Version: 7601 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 4.0.0.2117 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.0.2117 - TomTom)
NVIDIA 3D Vision stuurprogramma 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Grafisch stuurprogramma 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Productverbeteringsonderzoek voor HP Deskjet 2540 series (HKLM\...\{08FB88A2-3FB6-4E82-AD55-393EBAD0E967}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version:  - )
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stuurprogrammapakket voor Windows - Fedict SmartCard  (10/04/2011 4.0.0.5) (HKLM\...\3FE3642036A0F4AEC17772437CE14BB1E67006AA) (Version: 10/04/2011 4.0.0.5 - Fedict)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\transit\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\transit\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3839137701-2974941544-2065132041-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\transit\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
26-04-2015 15:28:18 End of disinfection
26-04-2015 18:29:26 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {004A59DD-0CD0-48FE-AD8E-50037D0B5211} - System32\Tasks\{81C5B759-FF0B-46CE-84A8-89D669780F07} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {07511566-5EFA-44D8-B54A-96A839FB4940} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {08AD675C-78E2-4C28-A195-03D5E3092C32} - System32\Tasks\{ED19E1C3-8C8E-4068-ABBB-3F14C0916900} => C:\digosoft\digo.exe [2012-05-21] ()
Task: {0EF33F4E-247B-4A59-8ECC-AF1CD752B9A3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {1151529D-38AE-46EC-A02B-1363A1A8D351} - System32\Tasks\{97043C5F-54E3-4B29-90E1-55167C3C6216} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {126D4E91-3891-4847-BAC8-47720DEE87F7} - System32\Tasks\{A80688EE-9AEB-414D-AC41-9BCEF6B0A689} => C:\Users\transit\Desktop\POLAX\polax\Polax.exe
Task: {1CCC9F0E-4523-4FF0-8190-DCABF2C96743} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1E8A395B-EA24-4F17-A9B9-5DCBC117B411} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1FDB7AF3-6786-4302-8BCD-5E78A5EB1322} - System32\Tasks\{87DCE43B-5D3C-4981-81B8-CEB1BB2F98AE} => pcalua.exe -a C:\Users\transit\Desktop\windows-live-messenger.exe -d C:\Users\transit\Desktop
Task: {2915B59A-96C8-413C-A63A-7B77B25EEE95} - System32\Tasks\{E6B6C12B-5E62-46A2-8B7B-01F892CD7BA3} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {2D5904E5-E1C4-4A0F-AACA-053FA1F77000} - System32\Tasks\{BECA6EBB-F09F-40F9-999B-6BEACA975A2F} => C:\Users\transit\Desktop\POLAX\polax\Polax.exe
Task: {2F30E610-459D-4D12-BD13-0ABB00195095} - System32\Tasks\{476E3058-9339-41F6-8093-F6DAEF21E489} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {3F6AF2EE-DC50-42CD-B263-93F949D28BA8} - System32\Tasks\{27219742-9C26-4399-988F-BEC36EBA342D} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {451ED1C6-E3C9-493D-9153-E7A4C10FBB45} - System32\Tasks\{A524AE01-64F6-4CF1-B185-84C161D68BE2} => C:\digosoft\digo.exe [2012-05-21] ()
Task: {4CDD61AC-272E-4E8F-BBE7-A5393D517E81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-24] (Google Inc.)
Task: {5C676637-9DF8-4509-90A0-6E757725816D} - System32\Tasks\{50C37B14-2259-4BCD-B52E-783030EF8F71} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe [2014-08-30] (Kaspersky Lab ZAO)
Task: {6CF08229-C3E1-464D-9312-FF1BF08D0168} - System32\Tasks\{D01BDC77-7FD7-4F19-906D-BEBBA2C8913B} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {7226CC10-B3A4-459C-92A5-8C0B954CF9AC} - System32\Tasks\{1E44404E-8B72-452D-8498-10DBE60EBF0C} => C:\digosoft\digo.exe [2012-05-21] ()
Task: {790CA437-1925-47B9-BBF9-AF4335C11EB7} - System32\Tasks\{A02B6ABC-C50D-4680-8DE7-FE0BDDBE7928} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {7A4E990B-41D0-4B85-ACC0-A704048BF869} - System32\Tasks\{3A580740-5F12-4B2B-8145-B4F2CE15A9E3} => pcalua.exe -a "C:\Users\transit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TYUPHMOW\pure9.1.0.124nl.exe" -d C:\Users\transit\Desktop
Task: {808A239B-CB70-4D90-AB08-AB860F7264F8} - System32\Tasks\{F00A7E00-4D5B-4D15-BFF3-9B4AAB175A3D} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {9F41D46B-DAA2-4CDC-A46D-623B99643A20} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {A6CC5361-E4B6-4588-9DFF-9052C8B45294} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A939B57B-4C43-48E4-8DAE-6DEFE4B00EAD} - System32\Tasks\{2B42464D-0E58-47A4-BDC6-382E841EBACE} => C:\digosoft\digo.exe [2012-05-21] ()
Task: {AA04715B-CD3D-4F3C-B269-FEE890575CDB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B322BBB8-3653-4A4E-985A-4D968C505D33} - System32\Tasks\{9514EDF2-1A91-4E9F-A395-CB65BC391C6E} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\avpui.exe [2014-08-30] (Kaspersky Lab ZAO)
Task: {B4B832A9-9CF0-4976-AE45-B9914FBF119F} - System32\Tasks\{49A2827B-1E9E-4142-91E3-550C21B01A4D} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {C2F93822-6370-4737-9FED-70C4EDDC985B} - System32\Tasks\{0E904838-A6D6-49E6-94C9-9148A50BB3EE} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {C536211A-2615-4B22-95BC-9D101DC8BE33} - System32\Tasks\{F6EA5C37-FEF5-467C-ABDE-771B8D998DCB} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {C6164765-A807-4382-806E-5CA51469142A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {CA1E189F-5F29-4FC4-8EEA-DEF423E7D23B} - System32\Tasks\{17EFE308-059E-46D6-8B1C-70226613F8D6} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {DCF6A5C4-1955-415D-9FCB-28D6E13E67E7} - System32\Tasks\{7D4AD985-F398-41DA-A952-F9C1266F2381} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {DDF08966-2A52-4923-8C81-EF4A0BEAE5FA} - System32\Tasks\{A1E12A37-0C30-495B-8528-02D0F981C87C} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {E030BAE9-671C-4B06-B532-01D38F6263C8} - System32\Tasks\{687B5129-7122-4341-80E4-56FEE542F839} => C:\POLAX\Polax.exe [2001-12-27] ()
Task: {E212C79A-5141-40D2-AEB5-18D833D0336C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {F974BBCB-2D4D-44FD-87E2-01CD6FE2EA96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-24] (Google Inc.)
Task: {FAEAA3EA-2394-4704-9FA8-E0E353FA964C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-01-09 00:18 - 2009-05-18 09:40 - 00053760 _____ () C:\Windows\System32\LXEEPMON.DLL
2012-01-09 00:18 - 2009-01-13 15:15 - 04485120 _____ () C:\Windows\System32\LXEEOEM.DLL
2012-01-08 23:58 - 2009-11-04 15:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll
2014-05-05 20:56 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.1\kpcengine.2.3.dll
2015-04-24 09:12 - 2015-04-24 09:12 - 00140288 _____ () C:\Program Files (x86)\MyDrive Connect\quazip.dll
2014-09-11 17:06 - 2014-09-11 17:06 - 00878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 17:06 - 2014-09-11 17:06 - 00038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 00204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 17:08 - 2014-09-11 17:08 - 00015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 00015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 00307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 00014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 00252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3839137701-2974941544-2065132041-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\transit\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3839137701-2974941544-2065132041-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\MEDION\Wallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^transit^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperOptimizer.lnk => C:\Windows\pss\SuperOptimizer.lnk.Startup
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3839137701-2974941544-2065132041-500 - Administrator - Disabled)
Gast (S-1-5-21-3839137701-2974941544-2065132041-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3839137701-2974941544-2065132041-1010 - Limited - Enabled)
transit (S-1-5-21-3839137701-2974941544-2065132041-1002 - Administrator - Enabled) => C:\Users\transit
UpdatusUser (S-1-5-21-3839137701-2974941544-2065132041-1007 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/26/2015 10:34:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: PSIA.exe, versie: 3.0.0.10004, tijdstempel: 0x54784a82
Naam van module met fout: PSIA.exe, versie: 3.0.0.10004, tijdstempel: 0x54784a82
Uitzonderingscode: 0x40000015
Foutoffset: 0x00093534
Id van proces met fout: 0xa48
Starttijd van toepassing met fout: 0xPSIA.exe0
Pad naar toepassing met fout: PSIA.exe1
Pad naar module met fout: PSIA.exe2
Rapport-id: PSIA.exe3
 
Error: (04/26/2015 10:23:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: PSIA.exe, versie: 3.0.0.10004, tijdstempel: 0x54784a82
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutoffset: 0x0025ff90
Id van proces met fout: 0xa2c
Starttijd van toepassing met fout: 0xPSIA.exe0
Pad naar toepassing met fout: PSIA.exe1
Pad naar module met fout: PSIA.exe2
Rapport-id: PSIA.exe3
 
Error: (04/26/2015 10:03:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: PSIA.exe, versie: 3.0.0.10004, tijdstempel: 0x54784a82
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutoffset: 0xeeffee01
Id van proces met fout: 0x888
Starttijd van toepassing met fout: 0xPSIA.exe0
Pad naar toepassing met fout: PSIA.exe1
Pad naar module met fout: PSIA.exe2
Rapport-id: PSIA.exe3
 
Error: (04/24/2015 06:13:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: digo.exe, versie: 0.0.0.0, tijdstempel: 0x41bdebae
Naam van module met fout: VFP9r.dll, versie: 9.0.0.7423, tijdstempel: 0x49a31c32
Uitzonderingscode: 0xc0000005
Foutoffset: 0x00029842
Id van proces met fout: 0x1334
Starttijd van toepassing met fout: 0xdigo.exe0
Pad naar toepassing met fout: digo.exe1
Pad naar module met fout: digo.exe2
Rapport-id: digo.exe3
 
Error: (04/24/2015 05:37:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7601.17567, tijdstempel: 0x4d672ee4
Naam van module met fout: wwanapi.dll, versie: 6.1.7600.16385, tijdstempel: 0x4a5be0a8
Uitzonderingscode: 0xc0000005
Foutoffset: 0x00000000000333eb
Id van proces met fout: 0x24c
Starttijd van toepassing met fout: 0xExplorer.EXE0
Pad naar toepassing met fout: Explorer.EXE1
Pad naar module met fout: Explorer.EXE2
Rapport-id: Explorer.EXE3
 
Error: (04/23/2015 09:58:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {c43fcb9c-f1cf-469a-8bd8-5318e5f13078}
 
Error: (04/23/2015 06:45:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {0c7e9f5c-af52-43b9-a546-987fbf35d1a7}
 
Error: (04/23/2015 06:41:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {e8fca787-d916-43a1-8128-09e9346faff3}
 
 
System errors:
=============
Error: (04/26/2015 10:34:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Secunia PSI Agent-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (04/26/2015 10:24:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Secunia PSI Agent-service is onverwacht beëindigd. Dit is nu 2 keer gebeurd.
 
Error: (04/26/2015 10:03:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Secunia PSI Agent-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (04/26/2015 06:40:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de IKE and AuthIP IPsec Keying Modules-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt: 
%%1056
 
Error: (04/26/2015 06:40:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de User Profile Service-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt: 
%%1056
 
Error: (04/26/2015 06:40:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de Windows Management Instrumentation-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt: 
%%1056
 
Error: (04/26/2015 06:39:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de Server-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt: 
%%1056
 
Error: (04/26/2015 06:38:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Management Instrumentation-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 120000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (04/26/2015 06:38:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Themes-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (04/26/2015 06:38:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Shell Hardware Detection-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 60000 milliseconden worden uitgevoerd: Service opnieuw starten.
 
 
Microsoft Office Sessions:
=========================
Error: (04/26/2015 10:34:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a824000001500093534a4801d0805fb66dd6d2C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exeaf852374-ec53-11e4-a761-8c89a57d6dd6
 
Error: (04/26/2015 10:23:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c00000050025ff90a2c01d0805de30ed3f9C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown2aeaadc5-ec52-11e4-8a69-8c89a57d6dd6
 
Error: (04/26/2015 10:03:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005eeffee0188801d0805a83c5d39dC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown48fb07ec-ec4f-11e4-8a69-8c89a57d6dd6
 
Error: (04/24/2015 06:13:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: digo.exe0.0.0.041bdebaeVFP9r.dll9.0.0.742349a31c32c000000500029842133401d07ea90537c326C:\digosoft\digo.exeC:\Program Files (x86)\Common Files\microsoft shared\VFP\VFP9r.dllcecb6e61-ea9c-11e4-9697-8c89a57d6dd6
 
Error: (04/24/2015 05:37:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4wwanapi.dll6.1.7600.163854a5be0a8c000000500000000000333eb24c01d07ea469b2b629C:\Windows\Explorer.EXEC:\Windows\system32\wwanapi.dlld3263667-ea97-11e4-9620-8c89a57d6dd6
 
Error: (04/23/2015 09:58:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Toegang geweigerd.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {c43fcb9c-f1cf-469a-8bd8-5318e5f13078}
 
Error: (04/23/2015 06:45:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Toegang geweigerd.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {0c7e9f5c-af52-43b9-a546-987fbf35d1a7}
 
Error: (04/23/2015 06:41:44 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Toegang geweigerd.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {e8fca787-d916-43a1-8128-09e9346faff3}
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-04-26 10:59:24.325
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\Users\transit\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
  Date: 2012-04-26 10:59:24.315
  Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume2\Users\transit\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 32%
Total physical RAM: 4077.64 MB
Available physical RAM: 2732.7 MB
Total Pagefile: 8153.47 MB
Available Pagefile: 6599.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Boot) (Fixed) (Total:1811.92 GB) (Free:1754.25 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:46.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1811.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
 
==================== End Of Log ============================
 

 

Farbar Service Scanner Version: 17-01-2015
Ran by transit (administrator) on 26-04-2015 at 23:04:24
Running from "C:\Users\transit\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#57
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

One app needs to be updated,  (microsoft XML Core Services (MSXML) 4.x ) If I click on it, i get a error message that the link couldn't be opened with the standard browser (which is IE) , then the question 'Do I want to use IE? I click OK, then a microsoft page open

 

microsoft Core XML Services (MSXML) 6.0

select language: English (no Dutch possible).

 

If I click download I can choose 4 different versions, I selected the first one: msxml6.msi (1.5MB). I run the msi file.  I checked secunia psi, but the 4.x version was still there to be updated, no I'm not sure if I rebooted the pc and/or re scanned secunia psi.

 

then to be sure I  rebooted pc, let secunia psi scan again , but it keep scanning now for more then a half hour, this is to long.

 

ADDED: I stopped the scanning, reopend secunia psi, rescanned this time the scan finishes after a while, but the msxml 4.x is still mentioned to be updated.

 

 

This is a false positive. Basically Secunia is just telling you that the program is no longer supported and no longer receiving updates. You can ignore this. See here if interested. Also here.


  • 0

#58
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

It doesn't appear that you had your system set to Normal setup before running the FRST logs.

Capture.JPG

 

 

Let's do the following instead.

 

Step#1 - FRST Registry Search
 
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste the words
DealPly;FoxTab PDF Creator;SuperOptimizer into the Search box and click the Search Registry button.
    Search.JPG
 
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
    saved on your desktop named Search.txt.

 

Step#2 - Update Internet Explorer

You currently have IE9. Although you don't use IE as your default browser, leaving it outdated exposes you to vulnerabilities. Please download and install IE11 from here.

http://windows.micro...dwide-languages


  • 0

#59
HaraMo

HaraMo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 329 posts
Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by transit at 2015-04-27 18:39:52
Running from C:\Users\transit\Desktop
Boot Mode: Normal
 
================== Search Registry: "DealPly;FoxTab PDF Creator;SuperOptimizer" ===========
 
 
===================== Search result for "DealPly" ==========
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"DisplayName"="DealPly"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly]
"DisplayName"="DealPly"
 
 
===================== Search result for "FoxTab PDF Creator" ==========
 
[HKEY_USERS\S-1-5-21-3839137701-2974941544-2065132041-1007\Software\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Creator]
 
====== End Of Search ======

  • 0

#60
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Please run the following fix and let me know if IE11 installed successfully. After this make sure you are set to a normal startup as well (through msconfig).

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   486bytes   22 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP