TechSpot

luhe.Sirefef.a win64/patched.a in services.exe

Solved
By Jos Albers
Mar 5, 2013
Topic Status:
Not open for further replies.
  1. Hello everyone,

    Since a couple of weeks I have been getting notices first from google chrome that my computer is infected with the sirefef trojan. I used several virusscanners (malwarebytes, avg, mcafee) and programs to get rid of this bugger, but all with no effect. Used several manual removal tips as well. Still my AVG keeps giving me the message that there are virusses active, especially the win64/patched.a in win32/services.exe is unremovable. I have tried with a AVG rescue CD, booting from that CD and scanning. It has given me this result:

    IMAG0325 (3).jpg

    I still cannot delete this virus. Can anyone help me please?

    Thanks in advance.
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
     
  3. Jos Albers

    Jos Albers TS Rookie Topic Starter

    Thank you for this start, I did as told and got these textfiles:

    FRST:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-03-2013 01
    Ran by SYSTEM at 06-03-2013 11:04:34
    Running from E:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2226280 2011-05-16] (Realtek Semiconductor)
    HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-05-02] (Intel(R) Corporation)
    HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
    HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
    HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-12] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
    HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
    HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
    HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
    HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-29] ()
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-10] (AVG Technologies CZ, s.r.o.)
    HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll
    Startup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
    ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()

    ==================== Services (Whitelisted) ===================

    2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
    2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
    2 SW2SVC; C:\Program Files (x86)\SecureW2\sw2_service.exe [126856 2012-04-09] (SecureW2 B.V.)

    ==================== Drivers (Whitelisted) =====================

    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
    1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
    2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2011-09-28] ()
    1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-08-01] (DT Soft Ltd)
    3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
    2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2011-09-28] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
    2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
    3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-03-06 01:42 - 2013-03-06 01:42 - 00000000 ____D C:\FRST
    2013-03-06 01:40 - 2013-03-06 01:40 - 01464535 ____A (Farbar) C:\Users\Zaterdag\Downloads\FRST64.exe
    2013-03-05 04:14 - 2013-03-05 04:14 - 00000000 ____D C:\Users\Zaterdag\AppData\LocalGoogle
    2013-03-04 14:54 - 2013-03-04 14:54 - 00000000 ____D C:\Windows\pss
    2013-03-04 12:22 - 2013-03-04 12:22 - 00001076 ____A C:\Users\Public\Desktop\Astroburn Lite.lnk
    2013-03-04 12:22 - 2013-03-04 12:22 - 00000000 ____D C:\ProgramData\Astroburn Lite
    2013-03-04 12:22 - 2013-03-04 12:22 - 00000000 ____D C:\Program Files (x86)\Astroburn Lite
    2013-03-04 12:17 - 2013-03-04 12:19 - 90095616 ____A C:\Users\Zaterdag\Downloads\avg_arl_cdi_all_120_120823a5411 (1).iso
    2013-03-04 07:55 - 2013-03-04 07:55 - 00612811 ____A C:\Users\Zaterdag\Desktop\Jos Albers Calendar.ics
    2013-03-04 06:32 - 2013-03-04 06:32 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Zaterdag\Downloads\SpyHunter-Installer (1).exe
    2013-03-04 05:10 - 2013-03-04 05:10 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{863B40EC-BB67-4976-A774-8460817B871D}
    2013-03-03 15:09 - 2013-03-03 15:10 - 00000000 ____D C:\Users\Zaterdag\Downloads\avg_arl_ffi_all_120_120823a5411
    2013-03-03 15:08 - 2013-03-03 15:09 - 96932124 ____A C:\Users\Zaterdag\Downloads\avg_arl_ffi_all_120_120823a5411.rar
    2013-03-03 15:03 - 2013-03-03 15:03 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{517E4C57-8382-41C8-AC41-437CFBBF60DC}
    2013-03-02 15:55 - 2013-03-02 15:55 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{D1E91BF4-BB9C-4B79-B326-BDE93164B85D}
    2013-03-02 01:35 - 2013-03-04 12:11 - 00017486 ____A C:\Users\Zaterdag\Desktop\avgrep.txt
    2013-03-02 01:21 - 2013-03-02 01:22 - 90095616 ____A C:\Users\Zaterdag\Downloads\avg_arl_cdi_all_120_120823a5411.iso
    2013-03-02 01:12 - 2013-03-02 01:12 - 00000000 ____D C:\Users\Zaterdag\AppData\Roaming\AVG2013
    2013-03-02 01:11 - 2013-03-02 15:57 - 00000000 ____D C:\ProgramData\AVG2013
    2013-03-02 01:11 - 2013-03-02 01:11 - 00000977 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-03-02 01:11 - 2013-03-02 01:11 - 00000000 ___HD C:\$AVG
    2013-03-02 01:11 - 2013-03-02 01:11 - 00000000 ____D C:\Users\Zaterdag\AppData\Roaming\TuneUp Software
    2013-03-02 01:10 - 2013-03-02 01:10 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-03-02 01:07 - 2013-03-06 01:43 - 00000000 ____D C:\ProgramData\MFAData
    2013-03-02 01:07 - 2013-03-02 01:35 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\Avg2013
    2013-03-02 01:07 - 2013-03-02 01:07 - 04444760 ____A (AVG Technologies) C:\Users\Zaterdag\Downloads\avg_isct_stb_all_2013_2899_free.exe
    2013-03-02 01:07 - 2013-03-02 01:07 - 04444744 ____A (AVG Technologies) C:\Users\Zaterdag\Downloads\avg_free_stb_all_2013_2899_cnet.exe
    2013-03-02 01:07 - 2013-03-02 01:07 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\MFAData
    2013-03-01 17:27 - 2013-03-01 17:27 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{3E431B9A-B6BA-4A68-AB8B-D817B65B45D9}
    2013-03-01 04:18 - 2013-03-01 04:18 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{39D92A01-BEB2-4A2B-B292-109DB736C8E7}
    2013-02-28 11:36 - 2013-02-28 11:36 - 00015023 ____A C:\Users\Zaterdag\Downloads\[kat.ph]angels.and.demons.2009.r5.nl.subs.divxnl.team.torrent
    2013-02-28 11:30 - 2013-02-28 11:30 - 00334036 ____A C:\Users\Zaterdag\Downloads\[isoHunt] Angels & Demons (2009)(nl subs) (dutch) (TS).torrent
    2013-02-28 04:58 - 2013-02-28 04:58 - 00037376 ____A C:\Users\Zaterdag\Desktop\Urenstaat.xls
    2013-02-28 04:45 - 2013-02-28 04:45 - 00037888 ____A C:\Users\Zaterdag\Downloads\Urenstaat.xls
    2013-02-28 02:49 - 2013-02-28 02:49 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{8D2579DE-2FD5-4181-9B65-A5AF4ED2745E}
    2013-02-28 00:16 - 2013-02-28 00:18 - 90130256 ____A (Apple Inc.) C:\Users\Zaterdag\Downloads\iTunes64Setup.exe
    2013-02-26 07:37 - 2013-02-26 07:37 - 00786848 ____A C:\Users\Zaterdag\Downloads\3d_analyzer-v2.36_Installer.exe
    2013-02-26 06:51 - 2013-02-26 06:51 - 00000000 ____D C:\Program Files (x86)\SEGA
    2013-02-25 08:40 - 2013-02-25 08:41 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{B039FFCC-E850-49CB-96F1-B7D5CFD69B4E}
    2013-02-24 02:50 - 2013-02-24 02:50 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{C75969CE-A46E-4DD9-B4A9-D9C282EA1050}
    2013-02-23 15:27 - 2013-02-23 15:27 - 00262144 ____A C:\Windows\Minidump\022413-30638-01.dmp
    2013-02-23 10:23 - 2013-02-23 10:24 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{052FA491-BDAF-4027-B60F-455FC030A02F}
    2013-02-22 14:09 - 2013-02-22 14:09 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{1B666C83-8D6F-4379-8AD9-54C4B7C87C7E}
    2013-02-20 15:45 - 2013-02-20 15:45 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{27340F10-58CE-43F6-8A60-A8823E57375B}
    2013-02-20 03:11 - 2013-02-20 03:11 - 00049659 ____A C:\Users\Zaterdag\Downloads\[isoHunt] Phil Collins.torrent
    2013-02-20 02:57 - 2013-02-20 02:57 - 00014123 ____A C:\Users\Zaterdag\Downloads\[isoHunt] F984E7E67510DA3D0BF25EE7FE1E8A0C0981DB79.torrent
    2013-02-20 02:51 - 2013-02-20 02:51 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{FFDF1A02-DF65-47B6-9841-7CDC30F1AF46}
    2013-02-20 01:26 - 2013-02-20 01:26 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-02-20 01:26 - 2013-02-20 01:26 - 00000000 ____D C:\Users\Zaterdag\AppData\Roaming\Malwarebytes
    2013-02-20 01:26 - 2013-02-20 01:26 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-02-20 01:26 - 2013-02-20 01:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-20 01:26 - 2012-12-14 07:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-02-20 01:26 - 2011-07-07 22:55 - 00041272 ____A (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
    2013-02-20 01:25 - 2013-02-20 01:25 - 09545320 ____A (Malwarebytes Corporation ) C:\Users\Zaterdag\Downloads\mbam-setup.exe
    2013-02-20 00:29 - 2013-02-20 00:29 - 00000000 ____A C:\autoexec.bat
    2013-02-20 00:28 - 2013-02-20 00:28 - 00000000 ____D C:\Program Files\Enigma Software Group
    2013-02-20 00:27 - 2013-03-02 01:19 - 00000000 ____D C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
    2013-02-20 00:26 - 2013-02-20 00:26 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Zaterdag\Downloads\SpyHunter-Installer.exe
    2013-02-20 00:09 - 2013-02-20 00:09 - 02406064 ____A (Trend Micro Inc.) C:\Users\Zaterdag\Downloads\HousecallLauncher64.exe
    2013-02-20 00:02 - 2013-02-20 00:02 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{9A8D376F-5696-461D-A19B-9DC44A48B957}
    2013-02-15 15:08 - 2013-02-15 15:09 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{5ED34662-73B8-4347-9B41-6D5D03A6614C}
    2013-02-14 04:30 - 2013-02-14 04:30 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{257249E9-4840-463F-A956-C30DAC056B92}
    2013-02-12 06:48 - 2013-02-12 06:48 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{06CDEDC8-C0DE-46CE-8405-9E70CFB9BBF6}
    2013-02-10 01:57 - 2013-02-10 01:57 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
    2013-02-08 05:46 - 2013-02-08 05:47 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{1B9759DC-5BBD-405F-977A-1EE20704B59C}
    2013-02-05 13:44 - 2013-02-05 13:44 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{222F6370-5BB1-4BCD-8970-FC28EADF159F}
    2013-02-04 16:30 - 2013-02-04 16:30 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{41960A95-0717-476B-A511-775B3A490CC5}

    ==================== One Month Modified Files and Folders =======

    2013-03-06 01:45 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-03-06 01:45 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-03-06 01:43 - 2013-03-02 01:07 - 00000000 ____D C:\ProgramData\MFAData
    2013-03-06 01:42 - 2013-03-06 01:42 - 00000000 ____D C:\FRST
    2013-03-06 01:40 - 2013-03-06 01:40 - 01464535 ____A (Farbar) C:\Users\Zaterdag\Downloads\FRST64.exe
    2013-03-06 01:38 - 2011-09-03 07:45 - 00045056 ____A C:\Windows\System32\acovcnt.exe
    2013-03-06 01:38 - 2011-04-12 18:33 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-03-06 01:37 - 2011-07-28 09:26 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-03-06 01:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-03-06 01:37 - 2009-07-13 20:51 - 00095292 ____A C:\Windows\setupact.log
    2013-03-05 08:43 - 2011-12-06 04:21 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\Last.fm
    2013-03-05 08:16 - 2011-04-12 18:33 - 00001070 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-03-05 08:06 - 2012-04-06 07:39 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-03-05 04:14 - 2013-03-05 04:14 - 00000000 ____D C:\Users\Zaterdag\AppData\LocalGoogle
    2013-03-04 14:54 - 2013-03-04 14:54 - 00000000 ____D C:\Windows\pss
    2013-03-04 14:10 - 2012-10-04 07:06 - 00000000 ___SD C:\Users\Zaterdag\Google Drive
    2013-03-04 14:10 - 2011-09-03 08:55 - 00000000 ____D C:\Users\Zaterdag\Tracing
    2013-03-04 12:22 - 2013-03-04 12:22 - 00001076 ____A C:\Users\Public\Desktop\Astroburn Lite.lnk
    2013-03-04 12:22 - 2013-03-04 12:22 - 00000000 ____D C:\ProgramData\Astroburn Lite
    2013-03-04 12:22 - 2013-03-04 12:22 - 00000000 ____D C:\Program Files (x86)\Astroburn Lite
    2013-03-04 12:19 - 2013-03-04 12:17 - 90095616 ____A C:\Users\Zaterdag\Downloads\avg_arl_cdi_all_120_120823a5411 (1).iso
    2013-03-04 12:11 - 2013-03-02 01:35 - 00017486 ____A C:\Users\Zaterdag\Desktop\avgrep.txt
    2013-03-04 08:46 - 2011-02-18 20:40 - 00754982 ____A C:\Windows\System32\perfh013.dat
    2013-03-04 08:46 - 2011-02-18 20:40 - 00156406 ____A C:\Windows\System32\perfc013.dat
    2013-03-04 08:46 - 2009-07-13 21:13 - 01694562 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-03-04 08:01 - 2011-09-11 12:12 - 00000000 ____D C:\Users\Zaterdag\Desktop\C1 filmpjes
    2013-03-04 07:55 - 2013-03-04 07:55 - 00612811 ____A C:\Users\Zaterdag\Desktop\Jos Albers Calendar.ics
    2013-03-04 07:55 - 2011-10-27 01:23 - 00986112 __ASH C:\Users\Zaterdag\Desktop\Thumbs.db
    2013-03-04 07:54 - 2012-10-03 01:00 - 00000000 ____D C:\Users\Zaterdag\Desktop\Video
    2013-03-04 07:37 - 2012-12-03 01:51 - 00000000 ___RD C:\Users\Zaterdag\Dropbox
    2013-03-04 06:32 - 2013-03-04 06:32 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Zaterdag\Downloads\SpyHunter-Installer (1).exe
    2013-03-04 05:10 - 2013-03-04 05:10 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{863B40EC-BB67-4976-A774-8460817B871D}
    2013-03-03 15:10 - 2013-03-03 15:09 - 00000000 ____D C:\Users\Zaterdag\Downloads\avg_arl_ffi_all_120_120823a5411
    2013-03-03 15:09 - 2013-03-03 15:08 - 96932124 ____A C:\Users\Zaterdag\Downloads\avg_arl_ffi_all_120_120823a5411.rar
    2013-03-03 15:03 - 2013-03-03 15:03 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{517E4C57-8382-41C8-AC41-437CFBBF60DC}
    2013-03-02 15:57 - 2013-03-02 01:11 - 00000000 ____D C:\ProgramData\AVG2013
    2013-03-02 15:55 - 2013-03-02 15:55 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{D1E91BF4-BB9C-4B79-B326-BDE93164B85D}
    2013-03-02 15:55 - 2011-09-03 07:45 - 00109976 ____A C:\Users\Zaterdag\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-02 15:53 - 2011-07-28 09:40 - 00002360 ____A C:\Windows\System32\AutoRunFilter.ini
    2013-03-02 15:53 - 2011-07-28 09:40 - 00001499 ____A C:\Windows\System32\ServiceFilter.ini
    2013-03-02 01:35 - 2013-03-02 01:07 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\Avg2013
    2013-03-02 01:34 - 2009-07-13 20:45 - 00418872 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-03-02 01:33 - 2011-04-12 17:39 - 01690908 ____A C:\Windows\PFRO.log
    2013-03-02 01:22 - 2013-03-02 01:21 - 90095616 ____A C:\Users\Zaterdag\Downloads\avg_arl_cdi_all_120_120823a5411.iso
    2013-03-02 01:20 - 2011-09-05 06:49 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\Downloaded Installations
    2013-03-02 01:20 - 2011-09-05 06:49 - 00000000 ____D C:\Program Files (x86)\HTC
    2013-03-02 01:19 - 2013-02-20 00:27 - 00000000 ____D C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
    2013-03-02 01:18 - 2012-12-08 12:04 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\Sony Corporation
    2013-03-02 01:12 - 2013-03-02 01:12 - 00000000 ____D C:\Users\Zaterdag\AppData\Roaming\AVG2013
    2013-03-02 01:11 - 2013-03-02 01:11 - 00000977 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-03-02 01:11 - 2013-03-02 01:11 - 00000000 ___HD C:\$AVG
    2013-03-02 01:11 - 2013-03-02 01:11 - 00000000 ____D C:\Users\Zaterdag\AppData\Roaming\TuneUp Software
    2013-03-02 01:10 - 2013-03-02 01:10 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-03-02 01:07 - 2013-03-02 01:07 - 04444760 ____A (AVG Technologies) C:\Users\Zaterdag\Downloads\avg_isct_stb_all_2013_2899_free.exe
    2013-03-02 01:07 - 2013-03-02 01:07 - 04444744 ____A (AVG Technologies) C:\Users\Zaterdag\Downloads\avg_free_stb_all_2013_2899_cnet.exe
    2013-03-02 01:07 - 2013-03-02 01:07 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\MFAData
    2013-03-01 17:27 - 2013-03-01 17:27 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{3E431B9A-B6BA-4A68-AB8B-D817B65B45D9}
    2013-03-01 04:18 - 2013-03-01 04:18 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{39D92A01-BEB2-4A2B-B292-109DB736C8E7}
    2013-03-01 04:14 - 2011-09-03 11:54 - 00000000 ____D C:\Users\Zaterdag\AppData\Roaming\uTorrent
    2013-02-28 11:36 - 2013-02-28 11:36 - 00015023 ____A C:\Users\Zaterdag\Downloads\[kat.ph]angels.and.demons.2009.r5.nl.subs.divxnl.team.torrent
    2013-02-28 11:30 - 2013-02-28 11:30 - 00334036 ____A C:\Users\Zaterdag\Downloads\[isoHunt] Angels & Demons (2009)(nl subs) (dutch) (TS).torrent
    2013-02-28 04:58 - 2013-02-28 04:58 - 00037376 ____A C:\Users\Zaterdag\Desktop\Urenstaat.xls
    2013-02-28 04:45 - 2013-02-28 04:45 - 00037888 ____A C:\Users\Zaterdag\Downloads\Urenstaat.xls
    2013-02-28 02:49 - 2013-02-28 02:49 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{8D2579DE-2FD5-4181-9B65-A5AF4ED2745E}
    2013-02-28 02:42 - 2011-11-27 15:52 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\CrashDumps
    2013-02-28 00:18 - 2013-02-28 00:16 - 90130256 ____A (Apple Inc.) C:\Users\Zaterdag\Downloads\iTunes64Setup.exe
    2013-02-27 06:01 - 2012-04-06 07:39 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-02-27 06:01 - 2011-10-10 05:23 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-02-26 07:37 - 2013-02-26 07:37 - 00786848 ____A C:\Users\Zaterdag\Downloads\3d_analyzer-v2.36_Installer.exe
    2013-02-26 06:51 - 2013-02-26 06:51 - 00000000 ____D C:\Program Files (x86)\SEGA
    2013-02-25 08:41 - 2013-02-25 08:40 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{B039FFCC-E850-49CB-96F1-B7D5CFD69B4E}
    2013-02-24 15:04 - 2011-09-07 14:32 - 00000000 ____D C:\Users\Zaterdag\AppData\Roaming\Skype
    2013-02-24 02:50 - 2013-02-24 02:50 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{C75969CE-A46E-4DD9-B4A9-D9C282EA1050}
    2013-02-24 00:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-02-23 15:27 - 2013-02-23 15:27 - 00262144 ____A C:\Windows\Minidump\022413-30638-01.dmp
    2013-02-23 15:27 - 2011-12-10 12:42 - 00000000 ____D C:\Windows\Minidump
    2013-02-23 15:27 - 2011-12-10 12:41 - 442533764 ____A C:\Windows\MEMORY.DMP
    2013-02-23 10:24 - 2013-02-23 10:23 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{052FA491-BDAF-4027-B60F-455FC030A02F}
    2013-02-22 14:09 - 2013-02-22 14:09 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{1B666C83-8D6F-4379-8AD9-54C4B7C87C7E}
    2013-02-20 15:45 - 2013-02-20 15:45 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{27340F10-58CE-43F6-8A60-A8823E57375B}
    2013-02-20 03:11 - 2013-02-20 03:11 - 00049659 ____A C:\Users\Zaterdag\Downloads\[isoHunt] Phil Collins.torrent
    2013-02-20 02:57 - 2013-02-20 02:57 - 00014123 ____A C:\Users\Zaterdag\Downloads\[isoHunt] F984E7E67510DA3D0BF25EE7FE1E8A0C0981DB79.torrent
    2013-02-20 02:51 - 2013-02-20 02:51 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{FFDF1A02-DF65-47B6-9841-7CDC30F1AF46}
    2013-02-20 01:26 - 2013-02-20 01:26 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-02-20 01:26 - 2013-02-20 01:26 - 00000000 ____D C:\Users\Zaterdag\AppData\Roaming\Malwarebytes
    2013-02-20 01:26 - 2013-02-20 01:26 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-02-20 01:26 - 2013-02-20 01:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-20 01:25 - 2013-02-20 01:25 - 09545320 ____A (Malwarebytes Corporation ) C:\Users\Zaterdag\Downloads\mbam-setup.exe
    2013-02-20 00:29 - 2013-02-20 00:29 - 00000000 ____A C:\autoexec.bat
    2013-02-20 00:28 - 2013-02-20 00:28 - 00000000 ____D C:\Program Files\Enigma Software Group
    2013-02-20 00:26 - 2013-02-20 00:26 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Users\Zaterdag\Downloads\SpyHunter-Installer.exe
    2013-02-20 00:22 - 2013-01-25 08:19 - 00887011 ____A C:\Users\Zaterdag\AppData\Local\census.cache
    2013-02-20 00:22 - 2013-01-25 08:19 - 00131087 ____A C:\Users\Zaterdag\AppData\Local\ars.cache
    2013-02-20 00:09 - 2013-02-20 00:09 - 02406064 ____A (Trend Micro Inc.) C:\Users\Zaterdag\Downloads\HousecallLauncher64.exe
    2013-02-20 00:02 - 2013-02-20 00:02 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{9A8D376F-5696-461D-A19B-9DC44A48B957}
    2013-02-15 15:09 - 2013-02-15 15:08 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{5ED34662-73B8-4347-9B41-6D5D03A6614C}
    2013-02-14 04:30 - 2013-02-14 04:30 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{257249E9-4840-463F-A956-C30DAC056B92}
    2013-02-12 06:48 - 2013-02-12 06:48 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{06CDEDC8-C0DE-46CE-8405-9E70CFB9BBF6}
    2013-02-10 03:24 - 2012-09-10 01:18 - 00000000 ____D C:\Users\Zaterdag\AppData\Roaming\FileZilla
    2013-02-10 01:57 - 2013-02-10 01:57 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
    2013-02-08 05:47 - 2013-02-08 05:46 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{1B9759DC-5BBD-405F-977A-1EE20704B59C}
    2013-02-05 13:44 - 2013-02-05 13:44 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{222F6370-5BB1-4BCD-8970-FC28EADF159F}
    2013-02-04 16:30 - 2013-02-04 16:30 - 00000000 ____D C:\Users\Zaterdag\AppData\Local\{41960A95-0717-476B-A511-775B3A490CC5}


    ZeroAccess:
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}\@
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}\L
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}\U
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}\L\00000004.@
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}\L\201d3dde
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}\L\4cce1f70
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}\L\55490ac4
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}\L\76603ac3
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}\U\00000004.@
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}\U\00000008.@
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}\U\000000cb.@
    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642}\U\80000032.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-02-20 00:28:09
    Restore point made on: 2013-02-28 17:59:58
    Restore point made on: 2013-03-02 01:09:56
    Restore point made on: 2013-03-02 01:10:27
    Restore point made on: 2013-03-02 01:17:21
    Restore point made on: 2013-03-02 01:18:39

    ==================== Memory info ===========================

    Percentage of memory in use: 19%
    Total physical RAM: 2982.7 MB
    Available physical RAM: 2395.46 MB
    Total Pagefile: 2980.85 MB
    Available Pagefile: 2391.42 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:125.03 GB) (Free:33.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (Data) (Fixed) (Total:148.06 GB) (Free:46.42 GB) NTFS
    3 Drive e: (mrt 06 2013) (CDROM) (Total:0.56 GB) (Free:0.56 GB) UDF
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 1024 KB

    Partitions of Disk 0:
    ===============

    Disk ID: 38601C96

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 25 GB 1024 KB
    Partition 2 Primary 125 GB 25 GB
    Partition 0 Extended 148 GB 150 GB
    Partition 3 Logical 148 GB 150 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 1C
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C OS NTFS Partition 125 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Data NTFS Partition 148 GB Healthy

    =========================================================

    Last Boot: 2013-03-05 08:36

    ==================== End Of Log =============================


    and Search:

    Farbar Recovery Scan Tool (x64) Version: 06-03-2013 01
    Ran by SYSTEM at 2013-03-06 11:05:15
    Running from E:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.


    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     

    Attached Files:

  5. Jos Albers

    Jos Albers TS Rookie Topic Starter

    Here we are again. First of all the output from the frst:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2013 01
    Ran by SYSTEM at 2013-03-06 21:56:25 Run:1
    Running from E:\

    ==============================================

    C:\Windows\Installer\{f60254a8-636b-7729-6d9b-c01d651e0642} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    And the output from ComboFix:

    ComboFix 13-03-05.01 - Zaterdag 06-03-2013 22:03:22.1.4 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.2983.2091 [GMT 1:00]
    Gestart vanuit: c:\users\Zaterdag\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\SecureW2
    c:\program files (x86)\SecureW2\sw2_rsaproxy.exe
    c:\program files (x86)\SecureW2\sw2_service.exe
    c:\program files (x86)\SecureW2\sw2_tray.exe
    c:\program files (x86)\SecureW2\Uninstall.exe
    c:\programdata\FullRemove.exe
    c:\programdata\Roaming
    c:\users\Zaterdag\AppData\Local\Microsoft\Windows\Temporary Internet Files\{190E9495-650C-4492-A0FA-8A085859D5A4}.xps
    c:\users\Zaterdag\AppData\Local\TempDIR
    c:\windows\msvcr71.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_SW2SVC
    -------\Service_SW2SVC
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-02-06 to 2013-03-06 ))))))))))))))))))))))))))))))
    .
    .
    2013-03-06 09:42 . 2013-03-06 09:42--------d-----w-C:\FRST
    2013-03-05 12:18 . 2013-03-05 12:18--------d-----w-c:\users\UpdatusUser\AppData\Local\Microsoft
    2013-03-04 20:22 . 2013-03-04 20:22--------d-----w-c:\program files (x86)\Astroburn Lite
    2013-03-04 20:22 . 2013-03-04 20:22--------d-----w-c:\programdata\Astroburn Lite
    2013-03-02 09:12 . 2013-03-02 09:12--------d-----w-c:\users\Zaterdag\AppData\Roaming\AVG2013
    2013-03-02 09:11 . 2013-03-02 09:11--------d-----w-c:\users\Zaterdag\AppData\Roaming\TuneUp Software
    2013-03-02 09:11 . 2013-03-02 23:57--------d-----w-c:\programdata\AVG2013
    2013-03-02 09:11 . 2013-03-02 09:11--------d-----w-C:\$AVG
    2013-03-02 09:10 . 2013-03-02 09:10--------d-----w-c:\program files (x86)\AVG
    2013-03-02 09:07 . 2013-03-06 20:50--------d-----w-c:\programdata\MFAData
    2013-03-02 09:07 . 2013-03-02 09:35--------d-----w-c:\users\Zaterdag\AppData\Local\Avg2013
    2013-03-02 09:07 . 2013-03-02 09:07--------d--h--w-c:\programdata\Common Files
    2013-03-02 09:07 . 2013-03-02 09:07--------d-----w-c:\users\Zaterdag\AppData\Local\MFAData
    2013-02-26 14:51 . 2013-02-26 14:51--------d-----w-c:\program files (x86)\SEGA
    2013-02-20 09:26 . 2013-02-20 09:26--------d-----w-c:\users\Zaterdag\AppData\Local\Programs
    2013-02-20 09:26 . 2013-02-20 09:26--------d-----w-c:\users\Zaterdag\AppData\Roaming\Malwarebytes
    2013-02-20 09:26 . 2011-07-08 06:5541272----a-w-c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2013-02-20 09:26 . 2013-02-20 09:26--------d-----w-c:\programdata\Malwarebytes
    2013-02-20 09:26 . 2012-12-14 15:4924176----a-w-c:\windows\system32\drivers\mbam.sys
    2013-02-20 09:26 . 2013-02-20 09:26--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-02-20 08:28 . 2013-02-20 08:28--------d-----w-c:\program files\Enigma Software Group
    2013-02-20 08:27 . 2013-03-02 09:19--------d-----w-c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
    2013-02-20 08:27 . 2013-02-20 08:27--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
    2013-02-15 22:31 . 2013-02-15 22:31186432----a-w-c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2013-02-10 09:57 . 2013-02-10 09:57--------d-----w-c:\program files (x86)\FileZilla FTP Client
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-06 09:38 . 2011-09-03 15:4545056----a-w-c:\windows\system32\acovcnt.exe
    2013-02-27 14:01 . 2012-04-06 15:39691568----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-02-27 14:01 . 2011-10-10 13:2371024----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
    2011-04-13 02:33433648----a-w-c:\programdata\Partner\Partner.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
    2012-08-02 10:13248936----a-w-c:\program files (x86)\Softonic\Softonic\1.6.7.4\bh\Softonic.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll" [2012-08-02 274536]
    .
    [HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
    [HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKEY_CLASSES_ROOT\Softonic.dskBnd]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\Zaterdag\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\Zaterdag\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\Zaterdag\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
    "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
    "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
    R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-04-13 332272]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-01 283200]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-11 378472]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
    S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
    .
    .
    --- Andere Services/Drivers In Geheugen ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-06 10:161630672----a-w-c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 14:01]
    .
    2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
    .
    2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
    2011-04-13 02:33750064----a-w-c:\programdata\Partner\Partner64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50133400----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2010-09-02 08:41220160----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2010-09-02 08:41220160----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-12-17 18:50755816----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-12-17 18:50755816----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-12-17 18:50755816----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-12-17 18:50755816----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.nl/
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    c:\windows\AsScrPro.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-03-06 22:21:15 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-03-06 21:21
    .
    Pre-Run: 36.571.164.672 bytes beschikbaar
    Post-Run: 36.367.273.984 bytes beschikbaar
    .
    - - End Of File - - E6E991FDE1BB37628F8989BB3DDF88F5


    Computer is running terribly slow, but in the last reboot there was no virus noted by AVG, so I'm becoming hopefull :)
    Thanks again!
     
  6. Jos Albers

    Jos Albers TS Rookie Topic Starter

    Oh, in addition: when I shut down my computer, it automatically started running an update. Dont know why or if it had anything to do with this repair process. Just thought I'd mention it
     
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent! Next steps:

    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.


    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
     
  8. Jos Albers

    Jos Albers TS Rookie Topic Starter

    Okay, here we go. Adware cleaning:

    # AdwCleaner v2.114 - Verslag gemaakt op 07/03/2013 om 09:50:52
    # Geactualiseerd op 05/03/2013 door Xplode
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Gebruiker : Zaterdag - ZATERDAG-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Zaterdag\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****

    Gestopt & Verwijdert : Partner Service

    ***** [Files / Mappen] *****

    File Verwijdert : C:\user.js
    Map Verwijdert : C:\Program Files (x86)\Softonic
    Map Verwijdert : C:\ProgramData\Partner
    Map Verwijdert : C:\Users\Zaterdag\AppData\Local\OpenCandy
    Map Verwijdert : C:\Users\Zaterdag\AppData\Roaming\OpenCandy

    ***** [Register] *****

    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Sleutel Verwijdert : HKCU\Software\Softonic
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
    Sleutel Verwijdert : HKLM\Software\Softonic
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Waarde Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]

    ***** [Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Google Chrome v25.0.1364.152

    File : C:\Users\Zaterdag\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [7923 octets] - [07/03/2013 09:50:52]

    ########## EOF - C:\AdwCleaner[S1].txt - [7983 octets] ##########


    And JRT:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.9 (03.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Zaterdag on do 07-03-2013 at 10:20:39,98
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\eula.1028.txt
    Successfully deleted: [File] C:\eula.1031.txt
    Successfully deleted: [File] C:\eula.1033.txt
    Successfully deleted: [File] C:\eula.1036.txt
    Successfully deleted: [File] C:\eula.1040.txt
    Successfully deleted: [File] C:\eula.1041.txt
    Successfully deleted: [File] C:\eula.1042.txt
    Successfully deleted: [File] C:\eula.2052.txt
    Successfully deleted: [File] C:\install.res.1028.dll
    Successfully deleted: [File] C:\install.res.1031.dll
    Successfully deleted: [File] C:\install.res.1033.dll
    Successfully deleted: [File] C:\install.res.1036.dll
    Successfully deleted: [File] C:\install.res.1040.dll
    Successfully deleted: [File] C:\install.res.1041.dll
    Successfully deleted: [File] C:\install.res.1042.dll
    Successfully deleted: [File] C:\install.res.2052.dll
    Successfully deleted: [File] C:\install.res.3082.dll



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on do 07-03-2013 at 10:28:36,76
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. Jos Albers

    Jos Albers TS Rookie Topic Starter

    OTL logfile created on: 7-3-2013 10:30:29 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zaterdag\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,91 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 56,88% Memory free
    5,82 Gb Paging File | 4,07 Gb Available in Paging File | 69,96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 125,03 Gb Total Space | 36,27 Gb Free Space | 29,01% Space Free | Partition Type: NTFS
    Drive D: | 148,06 Gb Total Space | 46,42 Gb Free Space | 31,35% Space Free | Partition Type: NTFS
    Drive E: | 574,94 Mb Total Space | 573,43 Mb Free Space | 99,74% Space Free | Partition Type: UDF

    Computer Name: ZATERDAG-PC | User Name: Zaterdag | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2013-03-07 09:48:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zaterdag\Desktop\OTL.exe
    PRC - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012-12-11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012-11-30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2012-10-30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012-10-22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    PRC - [2011-08-31 14:33:32 | 001,545,856 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    PRC - [2011-07-28 18:42:23 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
    PRC - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011-01-25 19:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2010-11-15 18:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    PRC - [2010-10-14 22:38:34 | 000,653,952 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
    PRC - [2010-10-07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    PRC - [2010-09-24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    PRC - [2010-08-17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2010-07-10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    PRC - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    PRC - [2009-12-15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    PRC - [2009-11-02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009-06-19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    PRC - [2009-06-19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2008-12-23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2008-08-14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013-03-07 10:14:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
    MOD - [2013-03-07 09:49:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
    MOD - [2013-03-07 09:48:34 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
    MOD - [2013-03-07 09:47:58 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013-03-07 09:47:53 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
    MOD - [2013-03-07 09:47:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
    MOD - [2013-03-07 09:47:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013-03-07 09:47:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
    MOD - [2013-03-07 09:47:27 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013-03-07 09:47:12 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2012-11-30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2012-11-30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011-09-27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011-09-27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011-08-31 14:33:32 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
    MOD - [2011-02-19 05:39:57 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_nl_31bf3856ad364e35\PresentationFramework.resources.dll
    MOD - [2011-02-19 05:39:57 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_nl_31bf3856ad364e35\PresentationCore.resources.dll
    MOD - [2010-11-13 01:34:15 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2010-09-24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    MOD - [2009-11-02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
    MOD - [2009-11-02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011-05-02 22:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2011-05-02 22:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2011-05-02 22:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2011-03-04 00:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
    SRV:64bit: - [2010-09-23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010-04-17 00:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013-02-27 15:01:04 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013-01-08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012-11-15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012-10-22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2011-05-11 10:22:24 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011-05-10 19:47:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009-12-15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2009-06-16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2012-12-14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012-11-15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012-10-30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012-10-30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012-10-30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012-10-30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012-10-30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012-10-22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012-10-15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012-10-15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012-10-02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012-09-21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012-09-21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012-09-14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012-08-21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012-08-21 10:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
    DRV:64bit: - [2012-08-01 13:15:31 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012-03-08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011-09-28 17:01:26 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2011-09-28 17:01:25 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2011-05-10 19:47:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2011-05-01 22:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011-02-24 18:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011-02-24 18:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011-01-27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011-01-13 12:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010-12-13 22:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010-11-20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-11-20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010-10-14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010-09-22 02:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010-09-13 11:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010-08-03 19:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
    DRV:64bit: - [2010-06-25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010-04-17 00:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2009-11-01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009-10-05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009-07-20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-07-14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009-06-10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008-05-24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2010-07-26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009-07-03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
     
  10. Jos Albers

    Jos Albers TS Rookie Topic Starter

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-10-03 22:58:18 | 000,000,000 | ---D | M]

    [2012-09-22 19:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Zaterdag\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: avast! WebRep = C:\Users\Zaterdag\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
    CHR - Extension: Skype Click to Call = C:\Users\Zaterdag\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Zaterdag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

    O1 HOSTS File: ([2013-03-06 22:14:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.228.196 62.179.104.196
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{615564C7-BE1D-4D4B-8DB0-ACAE911CF93E}: DhcpNameServer = 213.46.228.196 62.179.104.196
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F7738E6-E93B-4792-B226-8F224B3CDA19}: DhcpNameServer = 192.168.42.129
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8E55015-EA40-4405-8685-1164C8BC3967}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013-02-20 09:29:35 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013-03-07 10:20:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013-03-07 10:19:56 | 000,000,000 | ---D | C] -- C:\JRT
    [2013-03-07 09:56:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013-03-07 09:48:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zaterdag\Desktop\OTL.exe
    [2013-03-07 09:48:15 | 000,547,791 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Zaterdag\Desktop\JRT.exe
    [2013-03-06 22:21:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013-03-06 22:14:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013-03-06 22:01:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013-03-06 22:01:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013-03-06 22:01:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013-03-06 22:00:59 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2013-03-06 21:59:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013-03-06 21:59:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013-03-06 21:52:06 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\Zaterdag\Desktop\ComboFix.exe
    [2013-03-06 10:42:18 | 000,000,000 | ---D | C] -- C:\FRST
    [2013-03-04 23:54:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2013-03-04 21:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astroburn Lite
    [2013-03-04 21:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Astroburn Lite
    [2013-03-04 21:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astroburn Lite
    [2013-03-04 14:10:38 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{863B40EC-BB67-4976-A774-8460817B871D}
    [2013-03-04 00:03:45 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{517E4C57-8382-41C8-AC41-437CFBBF60DC}
    [2013-03-03 00:55:22 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{D1E91BF4-BB9C-4B79-B326-BDE93164B85D}
    [2013-03-02 10:12:53 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Roaming\AVG2013
    [2013-03-02 10:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013-03-02 10:11:49 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Roaming\TuneUp Software
    [2013-03-02 10:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2013-03-02 10:11:02 | 000,000,000 | ---D | C] -- C:\$AVG
    [2013-03-02 10:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2013-03-02 10:07:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2013-03-02 10:07:47 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\MFAData
    [2013-03-02 10:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013-03-02 10:07:47 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\Avg2013
    [2013-03-02 02:27:08 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{3E431B9A-B6BA-4A68-AB8B-D817B65B45D9}
    [2013-03-01 13:18:32 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{39D92A01-BEB2-4A2B-B292-109DB736C8E7}
    [2013-02-28 11:49:48 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{8D2579DE-2FD5-4181-9B65-A5AF4ED2745E}
    [2013-02-26 15:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
    [2013-02-25 17:40:52 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{B039FFCC-E850-49CB-96F1-B7D5CFD69B4E}
    [2013-02-24 11:50:01 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{C75969CE-A46E-4DD9-B4A9-D9C282EA1050}
    [2013-02-23 19:23:42 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{052FA491-BDAF-4027-B60F-455FC030A02F}
    [2013-02-22 23:09:16 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{1B666C83-8D6F-4379-8AD9-54C4B7C87C7E}
    [2013-02-21 00:45:08 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{27340F10-58CE-43F6-8A60-A8823E57375B}
    [2013-02-20 11:51:15 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{FFDF1A02-DF65-47B6-9841-7CDC30F1AF46}
    [2013-02-20 10:26:47 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\Programs
    [2013-02-20 10:26:29 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Roaming\Malwarebytes
    [2013-02-20 10:26:15 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2013-02-20 10:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013-02-20 10:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013-02-20 10:26:09 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013-02-20 10:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013-02-20 09:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2013-02-20 09:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2013-02-20 09:02:37 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{9A8D376F-5696-461D-A19B-9DC44A48B957}
    [2013-02-16 00:08:57 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{5ED34662-73B8-4347-9B41-6D5D03A6614C}
    [2013-02-14 13:30:43 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{257249E9-4840-463F-A956-C30DAC056B92}
    [2013-02-12 15:48:09 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{06CDEDC8-C0DE-46CE-8405-9E70CFB9BBF6}
    [2013-02-10 10:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
    [2013-02-08 14:46:53 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{1B9759DC-5BBD-405F-977A-1EE20704B59C}
    [2013-02-05 22:44:09 | 000,000,000 | ---D | C] -- C:\Users\Zaterdag\AppData\Local\{222F6370-5BB1-4BCD-8970-FC28EADF159F}
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013-03-07 10:22:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013-03-07 10:22:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013-03-07 10:16:25 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013-03-07 10:16:25 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013-03-07 10:12:23 | 000,418,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013-03-07 10:11:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013-03-07 10:10:46 | 2345,689,088 | -HS- | M] () -- C:\hiberfil.sys
    [2013-03-07 10:06:07 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013-03-07 10:04:10 | 001,672,722 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013-03-07 10:04:10 | 000,754,982 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
    [2013-03-07 10:04:10 | 000,663,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013-03-07 10:04:10 | 000,156,406 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
    [2013-03-07 10:04:10 | 000,125,060 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013-03-07 10:04:03 | 001,672,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013-03-07 09:48:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zaterdag\Desktop\OTL.exe
    [2013-03-07 09:48:33 | 000,547,791 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Zaterdag\Desktop\JRT.exe
    [2013-03-06 22:31:51 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
    [2013-03-06 22:14:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013-03-06 21:52:17 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\Zaterdag\Desktop\ComboFix.exe
    [2013-03-05 13:22:41 | 000,740,461 | R--- | M] () -- C:\Users\Zaterdag\Desktop\IMAG0325 (3).jpg
    [2013-03-04 21:22:06 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Astroburn Lite.lnk
    [2013-03-04 16:55:02 | 000,612,811 | ---- | M] () -- C:\Users\Zaterdag\Desktop\Jos Albers Calendar.ics
    [2013-03-03 00:53:50 | 000,002,360 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
    [2013-03-03 00:53:48 | 000,001,499 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
    [2013-03-02 10:11:50 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013-02-24 00:27:22 | 442,533,764 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013-02-20 09:29:35 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
    [2013-02-20 09:22:41 | 000,887,011 | ---- | M] () -- C:\Users\Zaterdag\AppData\Local\census.cache
    [2013-02-20 09:22:36 | 000,131,087 | ---- | M] () -- C:\Users\Zaterdag\AppData\Local\ars.cache
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013-03-06 22:01:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013-03-06 22:01:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013-03-06 22:01:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013-03-06 22:01:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013-03-06 22:01:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013-03-05 13:22:00 | 000,740,461 | R--- | C] () -- C:\Users\Zaterdag\Desktop\IMAG0325 (3).jpg
    [2013-03-04 21:22:06 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Astroburn Lite.lnk
    [2013-03-04 16:55:02 | 000,612,811 | ---- | C] () -- C:\Users\Zaterdag\Desktop\Jos Albers Calendar.ics
    [2013-03-02 10:11:50 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013-02-20 09:29:35 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
    [2013-01-25 17:19:54 | 000,887,011 | ---- | C] () -- C:\Users\Zaterdag\AppData\Local\census.cache
    [2013-01-25 17:19:12 | 000,131,087 | ---- | C] () -- C:\Users\Zaterdag\AppData\Local\ars.cache
    [2013-01-25 17:06:20 | 000,000,036 | ---- | C] () -- C:\Users\Zaterdag\AppData\Local\housecall.guid.cache
    [2012-12-25 17:29:52 | 000,000,327 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2012-12-18 16:08:37 | 000,374,784 | ---- | C] () -- C:\Windows\SysWow64\Axa32.dll
    [2012-12-18 16:08:37 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Ecxa.dll
    [2012-09-18 20:29:06 | 001,672,722 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012-04-02 10:58:49 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
    [2012-04-02 10:58:49 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
    [2011-11-04 10:13:42 | 000,010,103 | ---- | C] () -- C:\Users\Zaterdag\AppData\Roaming\Comma Separated Values (Windows).CAL
    [2011-09-27 11:18:13 | 000,012,800 | ---- | C] () -- C:\Windows\DCEBoot64.exe
    [2011-05-31 08:01:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011-05-31 08:01:35 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011-05-31 08:01:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

    ========== ZeroAccess Check ==========

    [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011-09-03 16:58:48 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\ASUS WebStorage
    [2013-03-02 10:12:53 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\AVG2013
    [2012-03-25 12:48:00 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\Belastingdienst
    [2012-12-16 21:06:29 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\BSW
    [2012-12-05 23:30:01 | 000,000,000 | -HSD | M] -- C:\Users\Zaterdag\AppData\Roaming\D5BEDA
    [2012-03-27 15:03:06 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\DAEMON Tools Lite
    [2012-12-08 22:21:35 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\Dropbox
    [2012-04-02 13:41:18 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\Eclipse
    [2013-02-10 12:24:59 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\FileZilla
    [2011-09-03 17:08:17 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\Nuance
    [2012-12-18 12:05:37 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\SmartDraw
    [2012-11-30 19:02:59 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\Sports Interactive
    [2011-12-27 10:36:32 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\The Creative Assembly
    [2013-03-02 10:11:49 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\TuneUp Software
    [2011-09-03 20:40:47 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2011-09-28 17:04:51 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\Ubisoft
    [2013-03-01 13:14:33 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\uTorrent
    [2011-09-03 17:08:14 | 000,000,000 | ---D | M] -- C:\Users\Zaterdag\AppData\Roaming\Zeon

    ========== Purity Check ==========



    < End of report >
     
  11. Jos Albers

    Jos Albers TS Rookie Topic Starter

    Finally, OTL also made a report called "extras", which I included below:


    OTL Extras logfile created on: 7-3-2013 10:30:29 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zaterdag\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,91 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 56,88% Memory free
    5,82 Gb Paging File | 4,07 Gb Available in Paging File | 69,96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 125,03 Gb Total Space | 36,27 Gb Free Space | 29,01% Space Free | Partition Type: NTFS
    Drive D: | 148,06 Gb Total Space | 46,42 Gb Free Space | 31,35% Space Free | Partition Type: NTFS
    Drive E: | 574,94 Mb Total Space | 573,43 Mb Free Space | 99,74% Space Free | Partition Type: UDF

    Computer Name: ZATERDAG-PC | User Name: Zaterdag | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{021B6358-4373-3FC0-A0B4-4709B7E0D3E5}" = Microsoft .NET Framework 4 Extended NLD Language Pack
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{27B3E5AA-5B75-414A-AC37-F5ADDFA68BDB}" = Windows Live Family Safety
    "{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
    "{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
    "{464F7B5E-80BB-4F34-A602-384F0702674A}" = Windows Live Family Safety
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5ECA80C9-7D7A-49AC-B487-52F1CF47ECEE}" = Windows Live Family Safety
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{698EAE05-09DE-47D0-9586-29E41A0934DD}" = Windows Live Family Safety
    "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{74AC7ECE-87E1-41F7-ABA2-5ED9B13CECFA}" = Windows Live Family Safety
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
    "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}" = Windows Live Family Safety
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
    "{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.56
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
    "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
    "{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
    "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
    "AVG" = AVG 2013
    "Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
    "ProInst" = Intel PROSet Wireless

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
    "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
    "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
    "{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
    "{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
    "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
    "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
    "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
    "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
    "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
    "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
    "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger
    "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
    "{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
    "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
    "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
    "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
    "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
    "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
    "{64C12304-7010-43F3-A25B-BDC38DE41E46}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
    "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
    "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
    "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
    "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
    "{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
    "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
    "{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{847C879C-1467-4924-A491-1302B4C58F70}" = Messenger Companion
    "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
    "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
    "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
    "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
    "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
    "{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Nederlands
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
    "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
    "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
    "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
    "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
    "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
    "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
    "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
    "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
    "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
    "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
    "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
    "{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
    "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
    "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
    "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
    "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF581945-BBE9-11D5-A7FE-50275FC10000}" = Capitalism II
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
    "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
    "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
    "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
    "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
    "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Astroburn Lite" = Astroburn Lite
    "ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
    "Asus Vibe2.0" = AsusVibe2.0
    "ASUS WebStorage" = ASUS WebStorage
    "avast" = avast! Free Antivirus
    "Bookworm Deluxe" = Bookworm Deluxe
    "BSW" = BrettspielWelt
    "Caesar 3" = Caesar 3
    "Cooking Dash" = Cooking Dash
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "D-Fend Reloaded" = D-Fend Reloaded 1.3.2 (Deïnstalleren)
    "DivX Setup" = DivX Setup
    "ExtractNow_is1" = ExtractNow
    "FileZilla Client" = FileZilla Client 3.6.0.2
    "Google Chrome" = Google Chrome
    "Governor of Poker" = Governor of Poker
    "Hotel Dash Suite Success" = Hotel Dash Suite Success
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "Jewel Quest 3" = Jewel Quest 3
    "LastFM_is1" = Last.fm Scrobbler 2.1.30
    "Luxor 3" = Luxor 3
    "Mahjongg dimensions" = Mahjongg dimensions
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.70.0.1100
    "Monopoly by Parker Brothers" = Monopoly by Parker Brothers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PDF to ePub Converter_is1" = PDF to ePub Converter 3.0.6
    "Plants vs Zombies" = Plants vs Zombies
    "ProInst" = Intel PROSet Wireless
    "Sierra Utilities" = Sierra Utilities
    "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.11 (32-bit)
    "World of Goo" = World of Goo
    "ZMBV" = Zip Motion Block Video codec (Remove Only)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    < End of report >
     
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.



    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
     
  13. Jos Albers

    Jos Albers TS Rookie Topic Starter

    Okay thanks again. Here we go. Two threats were found, this is the logfile:

    C:\FRST\Quarantine\{f60254a8-636b-7729-6d9b-c01d651e0642}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantined
    C:\FRST\Quarantine\{f60254a8-636b-7729-6d9b-c01d651e0642}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantined


    In addition, AVG found two threats during this scan. But those were two files in the quarantine from frst, so I just deleted them, hope that's okay,
    Computer is running slowly, but a lot faster than two days ago, so I'm starting to become optimistic. Thank you so much for your help so far!
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. Let's see if we can get things sped up with cleanup here:

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advanced System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  15. Jos Albers

    Jos Albers TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.60
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG AntiVirus Free Edition 2013
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware versie 1.70.0.1100
    Java(TM) 6 Update 27
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader 10.1.6 Adobe Reader out of Date!
    Google Chrome 25.0.1364.152
    Google Chrome 25.0.1364.97
    Google Chrome EULA Accepted...
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems


    Adobe Flash Player Update!

    Please download the newest version of Adobe Flash Player from Adobe.com

    Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Let me know how the speed is...
     
  17. Jos Albers

    Jos Albers TS Rookie Topic Starter

    Did what you asked and installed the new versions. Also deleted all the extra antivirus/malware programs I downloaded before (malwarebites, spyhunter, avast) so I now only have AVG running.

    Can I conclude that my computer is clean now?

    It is still running slower than it did before this whole episode started. Especially on startup he is very slow.
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    The computer is clean, yes.

    AVG is likely the culprit of the slowness, since we've cleaned up everything else.

    Would you like a different antivirus, or did you purchase AVG?

    AVG is notorious for taking over the system when it comes to a virus infection. Sadly, it doesn't lose its grip. Either it goes and you get something else, or reinstall AVG completely and hope for the best...
     
  19. Jos Albers

    Jos Albers TS Rookie Topic Starter

    I installed AVG because a friend of mine told me so, after the computer got infected in the first place. Got a free version, so I don't mind switching to a different antivirus, which one do you recommend?
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    This going okay?
     
  22. Jos Albers

    Jos Albers TS Rookie Topic Starter

    Yes! Got it. Had some difficulty removing AVG, but got an updated version of Avast running now. Once again updated all the outdated software and the computer is running smoothly.

    Thank you for your help!
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.