Solved pop ups everywhere

Mikeiej · Jan 19, 2015

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by mike (administrator) on MIKE-PC on 19-01-2015 18:33:19
Running from C:\Users\mike\Downloads
Loaded Profiles: mike (Available profiles: mike & Mcx1-MIKE-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BitTorrent Inc.) C:\Users\mike\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files (x86)\Box Rock\bin\BoxRock.expext.exe
() C:\Program Files (x86)\Box Rock\bin\BoxRock.PurBrowse64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-03-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-25] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-03] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-21] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2014-07-14] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [mbot_nl_164] => [X]
HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4007693456-2404522445-154011923-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4007693456-2404522445-154011923-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4007693456-2404522445-154011923-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\qzmodc17.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-4007693456-2404522445-154011923-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4007693456-2404522445-154011923-1001: electronicarts.com/GameFacePlugin -> C:\Users\mike\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF user.js: detected! => C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\qzmodc17.default\user.js
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Documenten) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-15]
CHR Extension: (Google Drive) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-15]
CHR Extension: (YouTube) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-15]
CHR Extension: (Google Zoeken) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-15]
CHR Extension: (Skype Click to Call) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-04]
CHR Extension: (Box Rock) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\opanhpfihnlghjgfmamhnkhepbnagekp [2015-01-19]
CHR Extension: (Gmail) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-22] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Update Box Rock; "C:\Program Files (x86)\Box Rock\updateBoxRock.exe" [X]
S2 Util Box Rock; "C:\Program Files (x86)\Box Rock\bin\utilBoxRock.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-08] (Windows (R) Win 7 DDK provider)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-10-29] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-25] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-10-29] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-11] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 {2c1d8860-89c9-450e-a117-95f496764507}Gw64; C:\Windows\System32\drivers\{2c1d8860-89c9-450e-a117-95f496764507}Gw64.sys [48776 2015-01-19] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 18:29 - 2015-01-19 18:34 - 00022520 _____ () C:\Users\mike\Downloads\FRST.txt
2015-01-19 18:29 - 2015-01-19 18:33 - 00000000 ____D () C:\FRST
2015-01-19 18:28 - 2015-01-19 18:28 - 02126848 _____ (Farbar) C:\Users\mike\Downloads\FRST64.exe
2015-01-19 18:28 - 2015-01-19 18:28 - 01118208 _____ (Farbar) C:\Users\mike\Downloads\FRST.exe
2015-01-19 17:13 - 2015-01-19 06:35 - 00048776 _____ (StdLib) C:\Windows\system32\Drivers\{2c1d8860-89c9-450e-a117-95f496764507}Gw64.sys
2015-01-19 17:09 - 2015-01-19 17:09 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-19 17:06 - 2015-01-19 18:25 - 00005168 _____ () C:\Windows\SysWOW64\ColorMedia.ini
2015-01-19 17:06 - 2015-01-19 18:25 - 00002752 _____ () C:\Windows\SysWOW64\ColorMediaOff.ini
2015-01-19 17:06 - 2015-01-19 18:25 - 00002752 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-01-19 17:06 - 2015-01-19 18:24 - 00000000 ____D () C:\ProgramData\PicColorData
2015-01-19 17:06 - 2015-01-19 18:24 - 00000000 ____D () C:\Program Files (x86)\Box Rock
2015-01-19 17:06 - 2015-01-19 17:06 - 00003748 _____ () C:\Windows\System32\Tasks\NNYOXBV
2015-01-19 17:06 - 2015-01-07 21:07 - 00045216 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\Drivers\cmwr.sys
2015-01-19 17:05 - 2015-01-19 18:25 - 00000000 ____D () C:\ProgramData\PicColor Utility
2015-01-19 17:05 - 2015-01-19 17:05 - 00000000 ____D () C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0
2015-01-19 17:05 - 2015-01-07 20:54 - 00370688 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-19 17:05 - 2015-01-07 20:54 - 00324776 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-19 17:04 - 2015-01-19 17:04 - 03966152 _____ (http://yourfile-downloader.com) C:\Users\mike\Downloads\Britain_for_Learners_of_English,_Second_Edition_Workbook.rar_downloader.exe
2015-01-19 00:56 - 2015-01-19 00:56 - 00012436 _____ () C:\Users\mike\Downloads\[kickass.so]doctor.p.and.adam.f.feat.method.man.the.pit.320.kbps.torrent
2015-01-18 23:22 - 2015-01-18 23:22 - 00013118 _____ () C:\Users\mike\Downloads\[kickass.so]cypress.hill.rusko.cypress.x.rusko.ep.01.2012.ep.sw.torrent
2015-01-18 23:22 - 2015-01-18 23:22 - 00010843 _____ () C:\Users\mike\Downloads\[kickass.so]cypress.hill.rusko.can.t.keep.me.down.feat.damian.marley.2012.single.sw.torrent
2015-01-18 20:35 - 2015-01-18 20:35 - 00017531 _____ () C:\Users\mike\Downloads\[kickass.so]the.maze.runner.2014.1080p.brrip.x264.yify.torrent
2015-01-18 20:35 - 2015-01-18 20:35 - 00015472 _____ () C:\Users\mike\Downloads\[kickass.so]the.hungover.games.2014.unrated.webrip.720p.aac.x264.tomcat12.etrg.torrent
2015-01-18 20:33 - 2015-01-18 20:33 - 00007724 _____ () C:\Users\mike\Downloads\[kickass.so]zombeavers.2014.720p.brrip.x264.yify.torrent
2015-01-18 20:30 - 2015-01-18 20:30 - 00076360 _____ () C:\Users\mike\Downloads\[kickass.so]birdman.2014.dvdscr.x264.playnow.torrent
2015-01-18 20:30 - 2015-01-18 20:30 - 00008896 _____ () C:\Users\mike\Downloads\[kickass.so]a.million.ways.to.die.in.the.west.2014.720p.brrip.x264.yify.torrent
2015-01-18 20:27 - 2015-01-18 20:27 - 00008755 _____ () C:\Users\mike\Downloads\[kickass.so]let.s.be.cops.2014.720p.brrip.x264.yify.torrent
2015-01-16 18:11 - 2015-01-16 18:11 - 00021233 _____ () C:\Users\mike\Downloads\[kickass.so]twenty.one.pilots.discography.2009.2013.320.kbps.arsenal.london.torrent
2015-01-16 17:41 - 2015-01-16 17:41 - 00111351 _____ () C:\Users\mike\Downloads\[kickass.so]horrible.bosses.2.2014.hdrip.hc.xvid.ac3.rav3n.torrent
2015-01-16 17:41 - 2015-01-16 17:41 - 00019778 _____ () C:\Users\mike\Downloads\[kickass.so]horrible.bosses.2011.1080p.bluray.x264.anoxmous.torrent
2015-01-15 20:55 - 2015-01-15 20:55 - 00019598 _____ () C:\Users\mike\Downloads\[kickass.so]anchorman.2.the.legend.continues.2013.1080p.brrip.x264.yify.torrent
2015-01-15 19:47 - 2015-01-15 19:47 - 00016316 _____ () C:\Users\mike\Downloads\[kickass.so]anchorman.the.legend.of.ron.burgundy.extended.2004.1080p.brrip.x264.yify.torrent
2015-01-15 19:46 - 2015-01-15 19:46 - 00078873 _____ () C:\Users\mike\Downloads\[kickass.so]anchorman.2.2013.camrip.mp4.p2p.torrent
2015-01-15 01:05 - 2015-01-15 01:05 - 00014522 _____ () C:\Users\mike\Downloads\[kickass.so]dizzee.rascal.bassline.junkie.mp3.1080p.360p.mp4.ov55.torrent
2015-01-15 01:04 - 2015-01-15 01:04 - 00012832 _____ () C:\Users\mike\Downloads\[kickass.so]dizzee.rascal.the.fifth.deluxe.edition.2013.320kbps.cbr.mp3.vx.p2pdl.torrent
2015-01-15 00:57 - 2015-01-15 00:57 - 00087803 _____ () C:\Users\mike\Downloads\[kickass.so]example.perfect.replacement.remixes.2013.ep.torrent
2015-01-15 00:57 - 2015-01-15 00:57 - 00021122 _____ () C:\Users\mike\Downloads\[kickass.so]example.live.life.living.deluxe.edition.2014.320kbps.edm.rg.torrent
2015-01-15 00:53 - 2015-01-15 00:53 - 00020939 _____ () C:\Users\mike\Downloads\[kickass.so]example.playing.in.the.shadows.2011.theleak.torrent
2015-01-15 00:44 - 2015-01-15 00:44 - 00024096 _____ () C:\Users\mike\Downloads\[kickass.so]twenty.one.pilots.full.discography.4.albums.mp3.torrent
2015-01-11 20:47 - 2015-01-18 20:50 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-01-11 20:47 - 2015-01-11 20:49 - 00000000 ____D () C:\Users\mike\AppData\Roaming\NCH Software
2015-01-11 20:47 - 2015-01-11 20:47 - 00655424 _____ (NCH Software) C:\Users\mike\Downloads\switchsetup.exe
2015-01-11 20:47 - 2015-01-11 20:47 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2015-01-11 20:47 - 2015-01-11 20:47 - 00000000 ____D () C:\ProgramData\NCH Software
2015-01-11 20:47 - 2015-01-11 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-01-11 20:47 - 2015-01-11 20:47 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-01-11 20:37 - 2015-01-11 20:37 - 00018093 _____ () C:\Users\mike\Downloads\[kickass.so]state.champs.the.finer.things.torrent
2015-01-11 20:33 - 2015-01-11 20:33 - 00014175 _____ () C:\Users\mike\Downloads\[kickass.so]real.friends.put.yourself.back.together.2013 (1).torrent
2015-01-11 20:30 - 2015-01-11 20:30 - 00014280 _____ () C:\Users\mike\Downloads\[kickass.so]real.friends.put.yourself.back.together.2013.torrent
2015-01-11 20:23 - 2015-01-11 20:23 - 00147400 _____ () C:\Users\mike\Downloads\[kickass.so]the.story.so.far.under.soil.and.dirt.2011.flac.torrent
2015-01-11 20:17 - 2015-01-11 20:17 - 00021873 _____ () C:\Users\mike\Downloads\[kickass.so]neck.deep.wishful.thinking.2014.flac.torrent
2015-01-07 22:08 - 2015-01-07 22:08 - 00158619 _____ () C:\Users\mike\Downloads\[kickass.so]prison.break.season.1 (1).torrent
2015-01-07 22:05 - 2015-01-07 22:05 - 00180179 _____ () C:\Users\mike\Downloads\[kickass.so]prison.break.s01e01.02.bdrip.720p.h264.eng.ita.dts.5.1.sub.ita.eng.torrent
2015-01-07 20:59 - 2015-01-07 20:59 - 00158619 _____ () C:\Users\mike\Downloads\[kickass.so]prison.break.season.1.torrent
2015-01-06 22:21 - 2015-01-06 22:21 - 00027365 _____ () C:\Users\mike\Downloads\[kickass.so]breaking.bad.season.2.complete.720p.brrip.sujaidr.torrent
2015-01-06 20:22 - 2015-01-06 20:22 - 00014986 _____ () C:\Users\mike\Downloads\[kickass.so]a.haunted.house.2013.cam.xvid.tickle.time.torrent
2015-01-06 16:34 - 2015-01-06 16:34 - 00015287 _____ () C:\Users\mike\Downloads\[kickass.so]captain.philips.2013.brrip.xvid.ac3.sam.etrg.torrent
2014-12-28 14:57 - 2014-12-28 14:57 - 00011672 _____ () C:\Users\mike\Downloads\[kickass.so]magic.rude.single.torrent
2014-12-28 14:55 - 2014-12-28 14:56 - 00015829 _____ () C:\Users\mike\Downloads\[kickass.so]the.interview.2014.720p.web.dl.xvid.mp3.rarbg.torrent
2014-12-28 00:46 - 2014-12-28 00:49 - 00000000 ____D () C:\Users\mike\AppData\Roaming\.minecraft
2014-12-28 00:46 - 2014-12-28 00:46 - 00000000 ____D () C:\Users\mike\AppData\Roaming\java
2014-12-28 00:44 - 2014-12-28 00:44 - 01291528 _____ (Mojang) C:\Users\mike\Downloads\Minecraft.exe
2014-12-27 22:46 - 2015-01-12 22:55 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-12-27 22:46 - 2014-12-30 22:46 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-12-27 22:46 - 2014-12-27 23:28 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-12-27 22:46 - 2014-12-27 22:46 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-12-27 22:46 - 2014-12-27 22:46 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-12-27 22:46 - 2014-12-27 22:46 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-12-27 22:45 - 2014-12-27 22:45 - 00628496 _____ (CMI Limited) C:\Users\mike\AppData\Local\nsu96AB.tmp
2014-12-27 22:45 - 2014-12-27 22:45 - 00000000 __SHD () C:\Users\mike\AppData\Roaming\AnyProtectEx
2014-12-27 21:16 - 2014-12-27 21:17 - 00008095 _____ () C:\Users\mike\Downloads\Democracy_3.rar.torrent
2014-12-27 13:47 - 2014-12-27 13:47 - 00171422 _____ () C:\Users\mike\Downloads\Da_Vincis_Demons_Season_1_HDTV.XviD[Pawulon].torrent
2014-12-27 13:47 - 2014-12-27 13:47 - 00017905 _____ () C:\Users\mike\Downloads\The_Da_Vinci_Code_(2006).torrent
2014-12-27 01:20 - 2014-12-27 01:20 - 00014584 _____ () C:\Users\mike\Downloads\Democracy_3_(Latest_With_Extremism_DLC)_-_2014_[Isohunt.to].torrent
2014-12-27 01:09 - 2014-12-27 01:09 - 00011497 _____ () C:\Users\mike\Downloads\Democracy_3GOG.torrent
2014-12-25 19:43 - 2014-12-25 19:43 - 00000880 _____ () C:\Users\mike\Downloads\abgx360.ini (2).zip
2014-12-25 19:15 - 2014-12-25 19:16 - 03326176 _____ (Microsoft Corporation) C:\Users\mike\Downloads\OutlookConnector.exe
2014-12-22 16:16 - 2014-12-22 17:10 - 00000000 ____D () C:\Users\mike\Downloads\Assassins.Creed.Rogue.XBOX360-iMARS[rarbg]
2014-12-22 16:15 - 2014-12-22 16:15 - 00084191 _____ () C:\Users\mike\Downloads\Assassins_Creed_Rogue_XBOX360-iMARS.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 18:32 - 2014-07-14 18:31 - 00000000 ____D () C:\Users\mike\AppData\Roaming\uTorrent
2015-01-19 18:29 - 2014-07-24 21:18 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 18:13 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-19 17:45 - 2011-04-13 03:33 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 17:38 - 2014-08-30 16:24 - 00000000 ____D () C:\Users\mike\Documents\Engels
2015-01-19 17:30 - 2014-07-14 23:04 - 01716630 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 17:13 - 2009-07-14 03:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-19 16:39 - 2014-08-11 16:45 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-19 16:39 - 2014-07-14 14:41 - 00000387 _____ () C:\Users\mike\AppData\Roaming\sp_data.sys
2015-01-19 16:36 - 2011-04-13 03:33 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 01:26 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 01:26 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 01:19 - 2009-07-14 05:51 - 00108358 _____ () C:\Windows\setupact.log
2015-01-19 01:18 - 2014-08-11 16:47 - 00000000 ____D () C:\ProgramData\MCShield
2015-01-19 01:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 01:10 - 2014-11-02 21:53 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Skype
2015-01-18 22:53 - 2014-09-02 20:52 - 00000000 ____D () C:\Users\mike\AppData\Roaming\vlc
2015-01-15 18:26 - 2014-07-27 21:36 - 00000000 ____D () C:\Users\mike\AppData\Local\Microsoft Help
2015-01-13 23:29 - 2014-07-24 21:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 23:29 - 2014-07-24 21:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 23:29 - 2014-07-24 21:18 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-12 22:59 - 2014-08-11 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-01-12 22:59 - 2014-08-11 16:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-01-12 22:55 - 2011-04-13 02:39 - 00247006 _____ () C:\Windows\PFRO.log
2015-01-11 20:47 - 2014-09-10 18:09 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-11 19:22 - 2011-03-17 12:52 - 00727400 _____ () C:\Windows\system32\perfh019.dat
2015-01-11 19:22 - 2011-03-17 12:52 - 00154046 _____ () C:\Windows\system32\perfc019.dat
2015-01-11 19:22 - 2011-02-19 06:02 - 00395144 _____ () C:\Windows\system32\perfh00D.dat
2015-01-11 19:22 - 2011-02-19 06:02 - 00087962 _____ () C:\Windows\system32\perfc00D.dat
2015-01-11 19:22 - 2011-02-19 05:56 - 00609788 _____ () C:\Windows\system32\perfh008.dat
2015-01-11 19:22 - 2011-02-19 05:56 - 00114332 _____ () C:\Windows\system32\perfc008.dat
2015-01-11 19:22 - 2011-02-19 05:51 - 00411272 _____ () C:\Windows\system32\prfh0404.dat
2015-01-11 19:22 - 2011-02-19 05:51 - 00125348 _____ () C:\Windows\system32\prfc0404.dat
2015-01-11 19:22 - 2011-02-19 05:45 - 00731818 _____ () C:\Windows\system32\prfh0816.dat
2015-01-11 19:22 - 2011-02-19 05:45 - 00156110 _____ () C:\Windows\system32\prfc0816.dat
2015-01-11 19:22 - 2011-02-19 05:40 - 00756670 _____ () C:\Windows\system32\perfh013.dat
2015-01-11 19:22 - 2011-02-19 05:40 - 00156930 _____ () C:\Windows\system32\perfc013.dat
2015-01-11 19:22 - 2011-02-19 05:35 - 00742846 _____ () C:\Windows\system32\perfh010.dat
2015-01-11 19:22 - 2011-02-19 05:35 - 00150050 _____ () C:\Windows\system32\perfc010.dat
2015-01-11 19:22 - 2011-02-19 05:29 - 00748516 _____ () C:\Windows\system32\perfh00C.dat
2015-01-11 19:22 - 2011-02-19 05:29 - 00152784 _____ () C:\Windows\system32\perfc00C.dat
2015-01-11 19:22 - 2011-02-19 05:24 - 00700008 _____ () C:\Windows\system32\perfh007.dat
2015-01-11 19:22 - 2011-02-19 05:24 - 00152320 _____ () C:\Windows\system32\perfc007.dat
2015-01-11 19:22 - 2011-02-19 05:19 - 00748256 _____ () C:\Windows\system32\perfh00A.dat
2015-01-11 19:22 - 2011-02-19 05:19 - 00161678 _____ () C:\Windows\system32\perfc00A.dat
2015-01-11 19:22 - 2009-07-14 06:13 - 08765312 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 12:14 - 2014-08-07 14:49 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 17:51 - 2014-10-25 19:13 - 00000000 ____D () C:\Users\mike\Downloads\Anno 1404 with Venice Expansion Pack
2014-12-30 17:39 - 2014-07-14 18:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-25 19:44 - 2014-07-16 23:19 - 00000000 ____D () C:\Users\mike\AppData\Roaming\abgx360

==================== Files in the root of some directories =======
2014-07-14 14:41 - 2015-01-19 16:39 - 0000387 _____ () C:\Users\mike\AppData\Roaming\sp_data.sys
2014-12-27 22:45 - 2014-12-27 22:45 - 0628496 _____ (CMI Limited) C:\Users\mike\AppData\Local\nsu96AB.tmp
2011-04-13 03:48 - 2010-07-07 00:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2014-07-14 23:22 - 2014-07-14 23:23 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-07-14 23:22 - 2014-07-14 23:22 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\mike\AppData\Local\Temp\1F91DEBa91480.exe
C:\Users\mike\AppData\Local\Temp\4zsaJNbqkU.exe
C:\Users\mike\AppData\Local\Temp\70f4be83E.exe
C:\Users\mike\AppData\Local\Temp\75c5.exe
C:\Users\mike\AppData\Local\Temp\appshat_generic.exe
C:\Users\mike\AppData\Local\Temp\DAEMONToolsPro550-0388.exe
C:\Users\mike\AppData\Local\Temp\ICReinstall_SevenZip_9.20.x.exe
C:\Users\mike\AppData\Local\Temp\OptimizerPro.exe
C:\Users\mike\AppData\Local\Temp\optprosetup.exe
C:\Users\mike\AppData\Local\Temp\redsn0w_win_0.9.15b3.exe
C:\Users\mike\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\mike\AppData\Local\Temp\smt_omiga-plus.exe
C:\Users\mike\AppData\Local\Temp\SpOrder.dll
C:\Users\mike\AppData\Local\Temp\vx2tRt7WqQ.exe
C:\Users\mike\AppData\Local\Temp\zxBz1nxLtN.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 16:44

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by mike at 2015-01-19 18:34:54
Running from C:\Users\mike\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{81AB1FAB-B6E5-0107-EE24-D16F18039301}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venice (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS K75DE_Screensaver (HKLM-x32\...\ASUS K75DE_Screensaver) (Version: 1.0.0002 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.1 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.9 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0016 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version: - Oberon Media Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cooking Dash (HKLM-x32\...\Cooking Dash) (Version: - Oberon Media Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
Football Manager 2014 (HKLM-x32\...\Rm9vdGJhbGxNYW5hZ2VyMjAxNA==_is1) (Version: 1 - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version: - Oberon Media Inc.)
Hogs Of War (HKLM-x32\...\Hogs Of War) (Version: 1.0 - Infogrames)
Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version: - Oberon Media Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.2 - ASUS)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Quest 3 (HKLM-x32\...\Jewel Quest 3) (Version: - Oberon Media Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version: - Hanako Games)
Luxor 3 (HKLM-x32\...\Luxor 3) (Version: - Oberon Media Inc.)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version: - Oberon Media Inc.)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Nederlands (HKLM-x32\...\{90150000-001F-0413-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MKV File Player (HKLM-x32\...\{C2CDB6A0-9E2D-4E4E-8776-2D92F2F0FB3D}_is1) (Version: - mkvfileplayer.com)
MKV Player 2.1.17 (HKLM-x32\...\MKV Player_is1) (Version: - )
Mountain (HKLM-x32\...\Steam App 313340) (Version: - David OReilly)
Mozilla Firefox 31.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 nl)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Only If (HKLM-x32\...\Steam App 298260) (Version: - Creability)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version: - Oberon Media Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.12 - ASUS)
Should I Remove It (HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
System Requirements Lab Detection (HKLM-x32\...\{45749495-134D-45C0-8866-108890D599BA}) (Version: 2.2.1.0 - Husdawg, LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unchecky v0.3.5 (HKLM-x32\...\Unchecky) (Version: 0.3.5 - RaMMicHaeL)
Unity Web Player (HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
World of Goo (HKLM-x32\...\World of Goo) (Version: - Oberon Media Inc.)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

12-01-2015 22:39:26 Windows Update
13-01-2015 16:04:47 Windows Update
13-01-2015 21:06:14 Windows Update
14-01-2015 15:39:38 Windows Update
14-01-2015 15:43:21 Windows Update
15-01-2015 00:43:46 Windows Update
15-01-2015 18:35:33 Windows Update
16-01-2015 17:47:41 Windows Update
17-01-2015 19:22:54 Windows Update
17-01-2015 19:27:16 Windows Update
18-01-2015 00:24:30 Windows Update
18-01-2015 12:44:41 Windows Update
18-01-2015 17:46:23 Windows Update
18-01-2015 22:51:42 Windows Update
19-01-2015 16:41:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-19 01:18 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BD5334D-A857-43C0-82DC-E0FDEA2FB7DD} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {1764F20C-75E5-4CF1-8D20-06FB04C9276E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {28FD9BDC-0F04-40FE-92FA-56F9111F18E1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {46963949-1D04-4564-A620-218733E229BA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4724B372-B7C0-42A0-8303-D962E496B3FF} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MIKE-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {4906ACA7-DF92-4EC3-866A-8D3F84DB6FD9} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {5B94D9EF-29C4-4CC9-8FAA-4157ADA7AF39} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2011-12-21] (ASUSTeK Computer Inc.)
Task: {60F398C6-F009-4FEB-B4EF-955537F134F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {6D96B6C5-7AD1-44A1-B8FF-2B5F0043F413} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-17] (ASUSTek Computer Inc.)
Task: {70F5D7E1-4AD1-4886-9F07-E27AC546B2D4} - System32\Tasks\{74CDF92E-7E85-46D9-A14E-6B4BA3078EFD} => pcalua.exe -a C:\Users\mike\Downloads\vcredist_x86.exe -d C:\Users\mike\Downloads
Task: {79E36975-36E8-4C11-BF70-D3176B1A5558} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {7BF28E40-067F-48EA-AD16-1355DE7D3B0D} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2011-12-21] (ASUSTeK Computer Inc.)
Task: {7C086DC4-A475-4E9E-B57E-46AAFA5F4746} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {84A77F86-B445-48DE-B57F-B89B693CD5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B12D34CB-9EAB-4CBB-AEF2-00CFB77C55EB} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {B22AA6BD-9A09-4909-81FE-C79BC1D82B16} - System32\Tasks\NNYOXBV => C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0\3a8e94626c7e455eab9ee6b45c18d0d0.exe [2015-01-19] ()
Task: {BD9D7246-C9AB-460F-8CA5-84AB220E2817} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E9730CBF-576E-4E3C-993F-2271B402BAFA} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {FA17B81B-1B73-410B-B989-A1A0FF2DFF35} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-07-16 22:03 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-03-29 13:33 - 2012-03-29 13:33 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-03-29 13:32 - 2012-03-29 13:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-03-29 13:15 - 2012-03-29 13:15 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-01-19 17:13 - 2015-01-18 23:45 - 00101608 _____ () C:\Program Files (x86)\Box Rock\bin\BoxRock.expext.exe
2015-01-19 17:13 - 2015-01-19 06:35 - 00353000 _____ () C:\Program Files (x86)\Box Rock\bin\BoxRock.PurBrowse64.exe
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-31 17:25 - 2012-01-31 17:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-02-21 22:49 - 2012-02-21 22:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-01-19 17:13 - 2015-01-18 23:45 - 00082152 _____ () C:\Program Files (x86)\Box Rock\bin\BoxRock.expextdll.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-07-18 13:13 - 2014-07-15 10:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-18 13:13 - 2014-07-15 10:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-18 13:13 - 2014-07-15 10:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 13:14 - 2014-07-15 10:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 13:13 - 2014-07-15 10:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-18 13:14 - 2014-07-15 10:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-4007693456-2404522445-154011923-500 - Administrator - Disabled)
Gast (S-1-5-21-4007693456-2404522445-154011923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4007693456-2404522445-154011923-1004 - Limited - Enabled)
Mcx1-MIKE-PC (S-1-5-21-4007693456-2404522445-154011923-1002 - Limited - Enabled) => C:\Users\Mcx1-MIKE-PC
mike (S-1-5-21-4007693456-2404522445-154011923-1001 - Administrator - Enabled) => C:\Users\mike

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 06:32:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma FRST64.exe, versie 19.1.2015.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 2180

Starttijd: 01d0340d64de7e72

Eindtijd: 3

Toepassingspad: C:\Users\mike\Downloads\FRST64.exe

Rapport-id: 062e62a8-a001-11e4-b9bf-10bf48da2682

Error: (01/19/2015 05:08:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma MULTIU.tmp, versie 51.52.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 2120

Starttijd: 01d034021f1942d9

Eindtijd: 6

Toepassingspad: C:\Users\mike\AppData\Local\Temp\is-1GBTP.tmp\MULTIU.tmp

Rapport-id:

Error: (01/19/2015 01:30:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8938

Error: (01/19/2015 01:30:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8938

Error: (01/19/2015 01:30:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 01:30:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4087

Error: (01/19/2015 01:30:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4087

Error: (01/19/2015 01:30:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 01:30:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3088

Error: (01/19/2015 01:30:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3088

System errors:
=============
Error: (01/19/2015 06:25:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De ColorMedia-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 200 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (01/19/2015 06:24:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Update Box Rock-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (01/19/2015 06:24:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Util Box Rock-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (01/19/2015 06:24:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Update Box Rock-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 5000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (01/19/2015 06:24:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Util Box Rock-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 5000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (01/19/2015 01:20:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Google Update Service (gupdate)-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (01/19/2015 01:18:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 1:15:06 op ‎19-‎1-‎2015 is onverwacht gebeurd.

Error: (01/19/2015 01:15:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Windows Error Reporting Service.

Error: (01/17/2015 10:29:37 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.

Error: (01/15/2015 01:19:07 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.

Microsoft Office Sessions:
=========================
Error: (01/19/2015 06:32:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe19.1.2015.0218001d0340d64de7e723C:\Users\mike\Downloads\FRST64.exe062e62a8-a001-11e4-b9bf-10bf48da2682

Error: (01/19/2015 05:08:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: MULTIU.tmp51.52.0.0212001d034021f1942d96C:\Users\mike\AppData\Local\Temp\is-1GBTP.tmp\MULTIU.tmp

Error: (01/19/2015 01:30:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8938

Error: (01/19/2015 01:30:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8938

Error: (01/19/2015 01:30:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 01:30:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4087

Error: (01/19/2015 01:30:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4087

Error: (01/19/2015 01:30:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 01:30:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3088

Error: (01/19/2015 01:30:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3088

CodeIntegrity Errors:
===================================
Date: 2014-10-23 15:32:18.379
Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2014-10-23 15:31:22.695
Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 66%
Total physical RAM: 3539.77 MB
Available physical RAM: 1193.91 MB
Total Pagefile: 7077.73 MB
Available Pagefile: 4264.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:55.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: () (Removable) (Total:1.88 GB) (Free:1.09 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1D20FFAB)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

argus · Jan 19, 2015

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

Right-click on

icon and select

Run as Administrator to start the tool.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

argus · Jan 19, 2015

CHR dev: Chrome dev build detected! <======= ATTENTION

Close all Chrome windows and tabs.
Go to the Start menu > Control Panel.
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.

Reinstall new Chrome.

Mikeiej · Jan 19, 2015

I have deleted and reinstalled chrome as you told me to.

# AdwCleaner v4.108 - Rapport aangemaakt 19/01/2015 op 19:03:20
# Laatste Update 17/01/2015 door Xplode
# Database : 2015-01-18.1 [Live]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : mike - MIKE-PC
# Gestart vanuit : C:\Users\mike\Downloads\AdwCleaner.exe
# Optie : Scannen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

Bestand Gevonden : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\qzmodc17.default\user.js
Bestand Gevonden : C:\Windows\System32\drivers\cmwr.sys
Map Gevonden : C:\Program Files (x86)\Box Rock
Map Gevonden : C:\Program Files (x86)\NCH Software
Map Gevonden : C:\Program Files (x86)\predm
Map Gevonden : C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0
Map Gevonden : C:\ProgramData\NCH Software
Map Gevonden : C:\ProgramData\PicColorData
Map Gevonden : C:\Users\mike\AppData\Local\Temp\Box Rock
Map Gevonden : C:\Users\mike\AppData\Roaming\AnyProtectEx
Map Gevonden : C:\Users\mike\AppData\Roaming\NCH Software

***** [ Taken ] *****

Taak Gevonden : APSnotifierPP1
Taak Gevonden : APSnotifierPP2
Taak Gevonden : APSnotifierPP3

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

Sleutel Gevonden : HKCU\Software\AnyProtect
Sleutel Gevonden : HKCU\Software\Optimizer Pro
Sleutel Gevonden : HKCU\Software\Softonic
Sleutel Gevonden : HKCU\Software\TutoTag
Sleutel Gevonden : HKCU\Software\Video Player
Sleutel Gevonden : [x64] HKCU\Software\AnyProtect
Sleutel Gevonden : [x64] HKCU\Software\Optimizer Pro
Sleutel Gevonden : [x64] HKCU\Software\Softonic
Sleutel Gevonden : [x64] HKCU\Software\TutoTag
Sleutel Gevonden : [x64] HKCU\Software\Video Player
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
Sleutel Gevonden : HKLM\SOFTWARE\MyBestOffersToday
Sleutel Gevonden : HKLM\SOFTWARE\PC_Booster
Sleutel Gevonden : HKLM\SOFTWARE\PicColor Utility
Sleutel Gevonden : HKLM\SOFTWARE\YourFileDownloader
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\PicColor Utility

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v31.0 (x86 nl)

-\\ Google Chrome v39.0.2171.99

-\\ Chromium v

-\\ Comodo Dragon v

*************************

AdwCleaner[R0].txt - [4306 octets] - [19/01/2015 19:03:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4366 octets] ##########

argus · Jan 19, 2015

Is everything ok now?

Mikeiej · Jan 19, 2015

I don't see any weird links anymore, so i think it's ok now. But is the whole problem solved?

argus · Jan 19, 2015

Chrome installation is altered by malware. Problem solved.

Download DelFix by Xplode and save it to your desktop.

Run the tool by right click on the

icon and Run as administrator option.
Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Greeting!

Mikeiej · Jan 19, 2015

Will this program reset my whole laptop? And if so, where will it save the backup to? because i don't want to lose my documents and stuff.

argus · Jan 19, 2015

No, do not worry

Mikeiej · Jan 19, 2015

Okay, i have done as you asked.

Thanks for helping me with my problem!

Mikeiej · Jan 20, 2015

Hello,

I haven't downloaded anything or done anything weird and i suddenly get weird popups again...

Mikeiej · Jan 20, 2015

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by mike (administrator) on MIKE-PC on 20-01-2015 17:43:20
Running from C:\Users\mike\Downloads
Loaded Profiles: mike & (Available profiles: mike & Mcx1-MIKE-PC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BitTorrent Inc.) C:\Users\mike\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
( ) C:\Users\mike\AppData\Roaming\ASPackage\ASPackage.exe
() C:\Users\mike\AppData\Roaming\ASPackage\ASSrv.exe
() C:\Users\mike\AppData\Local\wincheck\wincheck.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files (x86)\ver4BlockAndSurf\BlockAndSurf.exe
() C:\Program Files (x86)\ver4BlockAndSurf\J6BlockAndSurfR79.exe
() C:\Users\mike\AppData\Local\ConvertAd\CASrv.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
() C:\Users\mike\AppData\Local\ConvertAd\ConvertAd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-03-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-25] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-03] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-21] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2014-07-14] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [mbot_nl_164] => [X]
HKLM-x32\...\Run: [WinCheck] => C:\Users\mike\AppData\Local\wincheck\wincheck.exe [268288 2015-01-20] ()
HKLM-x32\...\RunOnce: [Update] => C:\Users\mike\AppData\Roaming\ASPackage\ASPackage.exe [278812 2015-01-20] ( )
HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
HKU\S-1-5-21-4007693456-2404522445-154011923-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-14] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type...e&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type...e&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?...01ABD050_42RBF1G5SXX42RBF1G5S&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?...01ABD050_42RBF1G5SXX42RBF1G5S&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type...e&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type...e&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?...01ABD050_42RBF1G5SXX42RBF1G5S&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?...01ABD050_42RBF1G5SXX42RBF1G5S&q={searchTerms}
HKU\S-1-5-21-4007693456-2404522445-154011923-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type...e&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S
HKU\S-1-5-21-4007693456-2404522445-154011923-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type...e&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S
HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type...e&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S
HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type...e&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=...6&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?...01ABD050_42RBF1G5SXX42RBF1G5S&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?...01ABD050_42RBF1G5SXX42RBF1G5S&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?...01ABD050_42RBF1G5SXX42RBF1G5S&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?...01ABD050_42RBF1G5SXX42RBF1G5S&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-4007693456-2404522445-154011923-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?...01ABD050_42RBF1G5SXX42RBF1G5S&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4007693456-2404522445-154011923-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4007693456-2404522445-154011923-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?...01ABD050_42RBF1G5SXX42RBF1G5S&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4007693456-2404522445-154011923-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?...01ABD050_42RBF1G5SXX42RBF1G5S&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?...01ABD050_42RBF1G5SXX42RBF1G5S&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: BlockAndSurf -> {B75511A6-1F81-8C46-6854-566A06D4D14D} -> C:\Program Files (x86)\ver4BlockAndSurf\186_x64.dll ()
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: BlockAndSurf -> {B75511A6-1F81-8C46-6854-566A06D4D14D} -> C:\Program Files (x86)\ver4BlockAndSurf\186.dll ()
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\qzmodc17.default
FF NewTab: hxxp://isearch.omiga-plus.com/newtab/?type=nt&ts=1421770908&from=face&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S
FF DefaultSearchEngine: omiga-plus
FF SelectedSearchEngine: omiga-plus
FF Homepage: hxxp://isearch.omiga-plus.com/?type=hp&ts=1421770908&from=face&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-4007693456-2404522445-154011923-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4007693456-2404522445-154011923-1001: electronicarts.com/GameFacePlugin -> C:\Users\mike\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: electronicarts.com/GameFacePlugin -> C:\Users\mike\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF user.js: detected! => C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\qzmodc17.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Fast Start - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\qzmodc17.default\Extensions\faststartff@gmail.com [2015-01-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\qzmodc17.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\Firefox\Extensions: [{F71E8E3B-94EA-0F15-76E9-F1F427DCA73A}] - C:\Program Files (x86)\ver4BlockAndSurf\186.xpi
FF Extension: No Name - C:\Program Files (x86)\ver4BlockAndSurf\186.xpi [2015-01-20]
FF HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{F71E8E3B-94EA-0F15-76E9-F1F427DCA73A}] - C:\Program Files (x86)\ver4BlockAndSurf\186.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://isearch.omiga-plus.com/?type...e&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S

Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1421770908&from=face&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1421770908&from=face&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S"
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-19]
CHR Extension: (Google Documenten) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-19]
CHR Extension: (Google Drive) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-19]
CHR Extension: (YouTube) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-19]
CHR Extension: (Google Zoeken) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-19]
CHR Extension: (Google Spreadsheets) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-19]
CHR Extension: (Skype Click to Call) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-19]
CHR Extension: (Google Wallet) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-19]
CHR Extension: (Gmail) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://isearch.omiga-plus.com/?type...e&uid=TOSHIBAXMQ01ABD050_42RBF1G5SXX42RBF1G5S

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 serveras; C:\Users\mike\AppData\Roaming\ASPackage\ASSrv.exe [126976 2015-01-20] () [File not signed]
R2 serverca; C:\Users\mike\AppData\Local\ConvertAd\CASrv.exe [122368 2015-01-20] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-22] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-20] (SysTool PasSame LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-08] (Windows (R) Win 7 DDK provider)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-10-29] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-25] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-10-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 webinstrNHKT; C:\Windows\system32\Drivers\webinstrNHKT.sys [56432 2015-01-20] (Corsica)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 17:43 - 2015-01-20 17:44 - 00032788 _____ () C:\Users\mike\Downloads\FRST.txt
2015-01-20 17:43 - 2015-01-20 17:43 - 00000000 ____D () C:\FRST
2015-01-20 17:40 - 2015-01-20 17:40 - 02126848 _____ (Farbar) C:\Users\mike\Downloads\FRST64.exe
2015-01-20 17:28 - 2015-01-20 17:29 - 14105760 _____ (Microsoft Corporation) C:\Users\mike\Downloads\mseinstall (1).exe
2015-01-20 17:26 - 2015-01-20 17:26 - 00001047 _____ () C:\Users\mike\Desktop\AnyProtect.lnk
2015-01-20 17:26 - 2015-01-20 17:26 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-01-20 17:23 - 2015-01-20 17:26 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-01-20 17:23 - 2015-01-20 17:23 - 00613057 _____ (CMI Limited) C:\Users\mike\AppData\Local\nseAE3A.tmp
2015-01-20 17:22 - 2015-01-20 17:22 - 00003068 _____ () C:\Windows\System32\Tasks\BlockAndSurf Update
2015-01-20 17:22 - 2015-01-20 17:22 - 00002228 _____ () C:\Windows\patsearch.bin
2015-01-20 17:22 - 2015-01-20 17:22 - 00000422 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2015-01-20 17:22 - 2015-01-20 17:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
2015-01-20 17:22 - 2015-01-20 17:22 - 00000000 ____D () C:\Program Files (x86)\ver4BlockAndSurf
2015-01-20 17:22 - 2015-01-20 17:21 - 00056432 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNHKT.sys
2015-01-20 17:21 - 2015-01-20 17:21 - 00000000 ____D () C:\Users\mike\AppData\Roaming\omiga-plus
2015-01-20 17:21 - 2015-01-20 17:21 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-20 17:20 - 2015-01-20 17:40 - 00001087 _____ () C:\Users\mike\Desktop\Continue Live Installation.lnk
2015-01-20 17:20 - 2015-01-20 17:24 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-20 17:20 - 2015-01-20 17:20 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-20 17:19 - 2015-01-20 17:19 - 00004010 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-20 17:19 - 2015-01-20 17:19 - 00001971 _____ () C:\Users\mike\Desktop\Sync Folder.lnk
2015-01-20 17:19 - 2015-01-20 17:19 - 00000000 ____D () C:\Users\mike\AppData\Roaming\mystartsearch
2015-01-20 17:18 - 2015-01-20 17:19 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-01-20 17:18 - 2015-01-20 17:18 - 00001071 _____ () C:\Users\mike\Desktop\MyPC Backup.lnk
2015-01-20 17:18 - 2015-01-20 17:18 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-01-20 17:11 - 2015-01-20 17:22 - 00000000 ____D () C:\Users\mike\AppData\Local\ConvertAd
2015-01-20 17:10 - 2015-01-20 17:11 - 00000000 ____D () C:\Users\mike\AppData\Local\wincheck
2015-01-20 17:07 - 2015-01-20 17:23 - 00000000 ____D () C:\Users\mike\AppData\Roaming\ASPackage
2015-01-20 17:07 - 2015-01-20 17:07 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-01-20 16:42 - 2015-01-20 16:42 - 00199017 _____ () C:\Users\mike\Downloads\Werkcollege 7 Orde houden, stopgedrag en eigen tussenevaluatie.pptx
2015-01-19 20:24 - 2015-01-19 20:27 - 00000000 ____D () C:\Users\mike\Downloads\The Hobbit Audiobook
2015-01-19 20:24 - 2015-01-19 20:24 - 00038264 _____ () C:\Users\mike\Downloads\[kickass.so]jrr.tolkien.s.the.hobbit.audiobook.with.rob.inglis.torrent
2015-01-19 20:23 - 2015-01-19 22:25 - 00000000 ____D () C:\Users\mike\Downloads\No Hero - Mark Owen and Kevin Maurer
2015-01-19 20:23 - 2015-01-19 20:23 - 00015696 _____ () C:\Users\mike\Downloads\[kickass.so]no.hero.the.evolution.of.a.navy.seal.mark.owen.and.kevin.maurer.audiobook.mp3.torrent
2015-01-19 19:03 - 2015-01-19 19:03 - 02186752 ____N () C:\Users\mike\Downloads\AdwCleaner.exe
2015-01-19 18:59 - 2015-01-20 17:21 - 00002491 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-19 18:57 - 2015-01-19 18:58 - 00000000 ____D () C:\Users\mike\AppData\Local\Deployment
2015-01-19 18:57 - 2015-01-19 18:57 - 00000000 __SHD () C:\Users\mike\AppData\Local\EmieUserList
2015-01-19 18:57 - 2015-01-19 18:57 - 00000000 __SHD () C:\Users\mike\AppData\Local\EmieSiteList
2015-01-19 18:57 - 2015-01-19 18:57 - 00000000 ____D () C:\Users\mike\AppData\Local\Apps\2.0
2015-01-19 18:36 - 2015-01-19 18:36 - 00034513 _____ () C:\Users\mike\Documents\Scan frts.txt
2015-01-19 17:09 - 2015-01-19 17:09 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-19 17:06 - 2015-01-19 18:52 - 00000000 ____D () C:\Program Files (x86)\Box Rock
2015-01-19 17:06 - 2015-01-19 18:25 - 00005168 _____ () C:\Windows\SysWOW64\ColorMedia.ini
2015-01-19 17:06 - 2015-01-19 18:25 - 00002752 _____ () C:\Windows\SysWOW64\ColorMediaOff.ini
2015-01-19 17:06 - 2015-01-19 18:25 - 00002752 _____ () C:\Windows\system32\ColorMediaOff.ini
2015-01-19 17:06 - 2015-01-19 18:24 - 00000000 ____D () C:\ProgramData\PicColorData
2015-01-19 17:06 - 2015-01-19 17:06 - 00003748 _____ () C:\Windows\System32\Tasks\NNYOXBV
2015-01-19 17:06 - 2015-01-07 21:07 - 00045216 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\Drivers\cmwr.sys
2015-01-19 17:05 - 2015-01-19 17:05 - 00000000 ____D () C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0
2015-01-19 17:05 - 2015-01-07 20:54 - 00370688 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-19 17:05 - 2015-01-07 20:54 - 00324776 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-19 17:04 - 2015-01-19 17:04 - 03966152 _____ (http://yourfile-downloader.com) C:\Users\mike\Downloads\Britain_for_Learners_of_English,_Second_Edition_Workbook.rar_downloader.exe
2015-01-19 00:56 - 2015-01-19 00:56 - 00012436 _____ () C:\Users\mike\Downloads\[kickass.so]doctor.p.and.adam.f.feat.method.man.the.pit.320.kbps.torrent
2015-01-18 23:22 - 2015-01-18 23:22 - 00013118 _____ () C:\Users\mike\Downloads\[kickass.so]cypress.hill.rusko.cypress.x.rusko.ep.01.2012.ep.sw.torrent
2015-01-18 23:22 - 2015-01-18 23:22 - 00010843 _____ () C:\Users\mike\Downloads\[kickass.so]cypress.hill.rusko.can.t.keep.me.down.feat.damian.marley.2012.single.sw.torrent
2015-01-18 20:35 - 2015-01-18 20:35 - 00017531 _____ () C:\Users\mike\Downloads\[kickass.so]the.maze.runner.2014.1080p.brrip.x264.yify.torrent
2015-01-18 20:35 - 2015-01-18 20:35 - 00015472 _____ () C:\Users\mike\Downloads\[kickass.so]the.hungover.games.2014.unrated.webrip.720p.aac.x264.tomcat12.etrg.torrent
2015-01-18 20:33 - 2015-01-18 20:33 - 00007724 _____ () C:\Users\mike\Downloads\[kickass.so]zombeavers.2014.720p.brrip.x264.yify.torrent
2015-01-18 20:30 - 2015-01-18 20:30 - 00076360 _____ () C:\Users\mike\Downloads\[kickass.so]birdman.2014.dvdscr.x264.playnow.torrent
2015-01-18 20:30 - 2015-01-18 20:30 - 00008896 _____ () C:\Users\mike\Downloads\[kickass.so]a.million.ways.to.die.in.the.west.2014.720p.brrip.x264.yify.torrent
2015-01-18 20:27 - 2015-01-18 20:27 - 00008755 _____ () C:\Users\mike\Downloads\[kickass.so]let.s.be.cops.2014.720p.brrip.x264.yify.torrent
2015-01-16 18:11 - 2015-01-16 18:11 - 00021233 _____ () C:\Users\mike\Downloads\[kickass.so]twenty.one.pilots.discography.2009.2013.320.kbps.arsenal.london.torrent
2015-01-16 17:41 - 2015-01-16 17:41 - 00111351 _____ () C:\Users\mike\Downloads\[kickass.so]horrible.bosses.2.2014.hdrip.hc.xvid.ac3.rav3n.torrent
2015-01-16 17:41 - 2015-01-16 17:41 - 00019778 _____ () C:\Users\mike\Downloads\[kickass.so]horrible.bosses.2011.1080p.bluray.x264.anoxmous.torrent
2015-01-15 20:55 - 2015-01-15 20:55 - 00019598 _____ () C:\Users\mike\Downloads\[kickass.so]anchorman.2.the.legend.continues.2013.1080p.brrip.x264.yify.torrent
2015-01-15 19:47 - 2015-01-15 19:47 - 00016316 _____ () C:\Users\mike\Downloads\[kickass.so]anchorman.the.legend.of.ron.burgundy.extended.2004.1080p.brrip.x264.yify.torrent
2015-01-15 19:46 - 2015-01-15 19:46 - 00078873 _____ () C:\Users\mike\Downloads\[kickass.so]anchorman.2.2013.camrip.mp4.p2p.torrent
2015-01-15 01:05 - 2015-01-15 01:05 - 00014522 _____ () C:\Users\mike\Downloads\[kickass.so]dizzee.rascal.bassline.junkie.mp3.1080p.360p.mp4.ov55.torrent
2015-01-15 01:04 - 2015-01-15 01:04 - 00012832 _____ () C:\Users\mike\Downloads\[kickass.so]dizzee.rascal.the.fifth.deluxe.edition.2013.320kbps.cbr.mp3.vx.p2pdl.torrent
2015-01-15 00:57 - 2015-01-15 00:57 - 00087803 _____ () C:\Users\mike\Downloads\[kickass.so]example.perfect.replacement.remixes.2013.ep.torrent
2015-01-15 00:57 - 2015-01-15 00:57 - 00021122 _____ () C:\Users\mike\Downloads\[kickass.so]example.live.life.living.deluxe.edition.2014.320kbps.edm.rg.torrent
2015-01-15 00:53 - 2015-01-15 00:53 - 00020939 _____ () C:\Users\mike\Downloads\[kickass.so]example.playing.in.the.shadows.2011.theleak.torrent
2015-01-15 00:44 - 2015-01-15 00:44 - 00024096 _____ () C:\Users\mike\Downloads\[kickass.so]twenty.one.pilots.full.discography.4.albums.mp3.torrent
2015-01-11 20:47 - 2015-01-18 20:50 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-01-11 20:47 - 2015-01-11 20:49 - 00000000 ____D () C:\Users\mike\AppData\Roaming\NCH Software
2015-01-11 20:47 - 2015-01-11 20:47 - 00655424 _____ (NCH Software) C:\Users\mike\Downloads\switchsetup.exe
2015-01-11 20:47 - 2015-01-11 20:47 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2015-01-11 20:47 - 2015-01-11 20:47 - 00000000 ____D () C:\ProgramData\NCH Software
2015-01-11 20:47 - 2015-01-11 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-01-11 20:47 - 2015-01-11 20:47 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-01-11 20:37 - 2015-01-11 20:37 - 00018093 _____ () C:\Users\mike\Downloads\[kickass.so]state.champs.the.finer.things.torrent
2015-01-11 20:33 - 2015-01-11 20:33 - 00014175 _____ () C:\Users\mike\Downloads\[kickass.so]real.friends.put.yourself.back.together.2013 (1).torrent
2015-01-11 20:30 - 2015-01-11 20:30 - 00014280 _____ () C:\Users\mike\Downloads\[kickass.so]real.friends.put.yourself.back.together.2013.torrent
2015-01-11 20:23 - 2015-01-11 20:23 - 00147400 _____ () C:\Users\mike\Downloads\[kickass.so]the.story.so.far.under.soil.and.dirt.2011.flac.torrent
2015-01-11 20:17 - 2015-01-11 20:17 - 00021873 _____ () C:\Users\mike\Downloads\[kickass.so]neck.deep.wishful.thinking.2014.flac.torrent
2015-01-07 22:05 - 2015-01-07 22:05 - 00180179 _____ () C:\Users\mike\Downloads\[kickass.so]prison.break.s01e01.02.bdrip.720p.h264.eng.ita.dts.5.1.sub.ita.eng.torrent
2015-01-07 20:59 - 2015-01-07 20:59 - 00158619 _____ () C:\Users\mike\Downloads\[kickass.so]prison.break.season.1.torrent
2015-01-06 22:21 - 2015-01-06 22:21 - 00027365 _____ () C:\Users\mike\Downloads\[kickass.so]breaking.bad.season.2.complete.720p.brrip.sujaidr.torrent
2015-01-06 20:22 - 2015-01-06 20:22 - 00014986 _____ () C:\Users\mike\Downloads\[kickass.so]a.haunted.house.2013.cam.xvid.tickle.time.torrent
2015-01-06 16:34 - 2015-01-06 16:34 - 00015287 _____ () C:\Users\mike\Downloads\[kickass.so]captain.philips.2013.brrip.xvid.ac3.sam.etrg.torrent
2014-12-28 14:57 - 2014-12-28 14:57 - 00011672 _____ () C:\Users\mike\Downloads\[kickass.so]magic.rude.single.torrent
2014-12-28 14:55 - 2014-12-28 14:56 - 00015829 _____ () C:\Users\mike\Downloads\[kickass.so]the.interview.2014.720p.web.dl.xvid.mp3.rarbg.torrent
2014-12-28 00:46 - 2014-12-28 00:49 - 00000000 ____D () C:\Users\mike\AppData\Roaming\.minecraft
2014-12-28 00:46 - 2014-12-28 00:46 - 00000000 ____D () C:\Users\mike\AppData\Roaming\java
2014-12-28 00:44 - 2014-12-28 00:44 - 01291528 _____ (Mojang) C:\Users\mike\Downloads\Minecraft.exe
2014-12-27 22:46 - 2015-01-20 17:27 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-12-27 22:46 - 2015-01-20 17:27 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-12-27 22:46 - 2015-01-20 17:27 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-12-27 22:46 - 2015-01-20 17:27 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-12-27 22:46 - 2015-01-20 17:27 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-12-27 22:46 - 2015-01-20 17:27 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-12-27 22:45 - 2014-12-27 22:45 - 00628496 _____ (CMI Limited) C:\Users\mike\AppData\Local\nsu96AB.tmp
2014-12-27 22:45 - 2014-12-27 22:45 - 00000000 __SHD () C:\Users\mike\AppData\Roaming\AnyProtectEx
2014-12-27 21:16 - 2014-12-27 21:17 - 00008095 _____ () C:\Users\mike\Downloads\Democracy_3.rar.torrent
2014-12-27 13:47 - 2014-12-27 13:47 - 00171422 _____ () C:\Users\mike\Downloads\Da_Vincis_Demons_Season_1_HDTV.XviD[Pawulon].torrent
2014-12-27 13:47 - 2014-12-27 13:47 - 00017905 _____ () C:\Users\mike\Downloads\The_Da_Vinci_Code_(2006).torrent
2014-12-27 01:20 - 2014-12-27 01:20 - 00014584 _____ () C:\Users\mike\Downloads\Democracy_3_(Latest_With_Extremism_DLC)_-_2014_[Isohunt.to].torrent
2014-12-27 01:09 - 2014-12-27 01:09 - 00011497 _____ () C:\Users\mike\Downloads\Democracy_3GOG.torrent
2014-12-25 19:43 - 2014-12-25 19:43 - 00000880 _____ () C:\Users\mike\Downloads\abgx360.ini (2).zip
2014-12-25 19:15 - 2014-12-25 19:16 - 03326176 _____ (Microsoft Corporation) C:\Users\mike\Downloads\OutlookConnector.exe
2014-12-22 16:16 - 2014-12-22 17:10 - 00000000 ____D () C:\Users\mike\Downloads\Assassins.Creed.Rogue.XBOX360-iMARS[rarbg]
2014-12-22 16:15 - 2014-12-22 16:15 - 00084191 _____ () C:\Users\mike\Downloads\Assassins_Creed_Rogue_XBOX360-iMARS.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 17:44 - 2014-07-14 18:31 - 00000000 ____D () C:\Users\mike\AppData\Roaming\uTorrent
2015-01-20 17:33 - 2014-08-11 16:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-20 17:32 - 2014-08-11 16:42 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-20 17:32 - 2014-08-11 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-20 17:32 - 2014-08-11 16:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-20 17:30 - 2014-08-07 14:44 - 00002198 _____ () C:\Windows\epplauncher.mif
2015-01-20 17:29 - 2014-07-24 21:18 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 17:25 - 2009-07-14 05:51 - 00108675 _____ () C:\Windows\setupact.log
2015-01-20 17:21 - 2014-07-14 18:22 - 00001375 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 17:21 - 2014-07-14 18:22 - 00001363 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-20 17:21 - 2014-07-14 14:40 - 00001617 _____ () C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 17:03 - 2011-04-13 03:33 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 16:36 - 2014-07-14 23:04 - 01744988 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 15:55 - 2014-07-14 14:41 - 00000387 _____ () C:\Users\mike\AppData\Roaming\sp_data.sys
2015-01-19 21:26 - 2014-08-11 16:45 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-19 19:21 - 2014-08-09 23:08 - 00001752 _____ () C:\DelFix.txt
2015-01-19 19:00 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 19:00 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 18:59 - 2014-07-14 18:18 - 00000000 ____D () C:\Users\mike\AppData\Local\Google
2015-01-19 18:59 - 2011-04-13 03:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-19 18:59 - 2011-04-13 03:33 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-19 18:58 - 2011-04-13 03:33 - 00004048 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-19 18:58 - 2011-04-13 03:33 - 00003796 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-19 18:58 - 2011-04-13 03:33 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 18:54 - 2014-07-22 00:11 - 00000262 __RSH () C:\ProgramData\ntuser.pol
2015-01-19 18:53 - 2014-08-11 16:47 - 00000000 ____D () C:\ProgramData\MCShield
2015-01-19 18:52 - 2011-04-13 02:39 - 00248922 _____ () C:\Windows\PFRO.log
2015-01-19 18:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 18:13 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-19 17:38 - 2014-08-30 16:24 - 00000000 ____D () C:\Users\mike\Documents\Engels
2015-01-19 17:13 - 2009-07-14 03:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-19 01:10 - 2014-11-02 21:53 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Skype
2015-01-18 22:53 - 2014-09-02 20:52 - 00000000 ____D () C:\Users\mike\AppData\Roaming\vlc
2015-01-15 18:26 - 2014-07-27 21:36 - 00000000 ____D () C:\Users\mike\AppData\Local\Microsoft Help
2015-01-13 23:29 - 2014-07-24 21:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 23:29 - 2014-07-24 21:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 23:29 - 2014-07-24 21:18 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-12 22:59 - 2014-08-11 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-01-12 22:59 - 2014-08-11 16:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-01-11 20:47 - 2014-09-10 18:09 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-11 19:22 - 2011-03-17 12:52 - 00727400 _____ () C:\Windows\system32\perfh019.dat
2015-01-11 19:22 - 2011-03-17 12:52 - 00154046 _____ () C:\Windows\system32\perfc019.dat
2015-01-11 19:22 - 2011-02-19 06:02 - 00395144 _____ () C:\Windows\system32\perfh00D.dat
2015-01-11 19:22 - 2011-02-19 06:02 - 00087962 _____ () C:\Windows\system32\perfc00D.dat
2015-01-11 19:22 - 2011-02-19 05:56 - 00609788 _____ () C:\Windows\system32\perfh008.dat
2015-01-11 19:22 - 2011-02-19 05:56 - 00114332 _____ () C:\Windows\system32\perfc008.dat
2015-01-11 19:22 - 2011-02-19 05:51 - 00411272 _____ () C:\Windows\system32\prfh0404.dat
2015-01-11 19:22 - 2011-02-19 05:51 - 00125348 _____ () C:\Windows\system32\prfc0404.dat
2015-01-11 19:22 - 2011-02-19 05:45 - 00731818 _____ () C:\Windows\system32\prfh0816.dat
2015-01-11 19:22 - 2011-02-19 05:45 - 00156110 _____ () C:\Windows\system32\prfc0816.dat
2015-01-11 19:22 - 2011-02-19 05:40 - 00756670 _____ () C:\Windows\system32\perfh013.dat
2015-01-11 19:22 - 2011-02-19 05:40 - 00156930 _____ () C:\Windows\system32\perfc013.dat
2015-01-11 19:22 - 2011-02-19 05:35 - 00742846 _____ () C:\Windows\system32\perfh010.dat
2015-01-11 19:22 - 2011-02-19 05:35 - 00150050 _____ () C:\Windows\system32\perfc010.dat
2015-01-11 19:22 - 2011-02-19 05:29 - 00748516 _____ () C:\Windows\system32\perfh00C.dat
2015-01-11 19:22 - 2011-02-19 05:29 - 00152784 _____ () C:\Windows\system32\perfc00C.dat
2015-01-11 19:22 - 2011-02-19 05:24 - 00700008 _____ () C:\Windows\system32\perfh007.dat
2015-01-11 19:22 - 2011-02-19 05:24 - 00152320 _____ () C:\Windows\system32\perfc007.dat
2015-01-11 19:22 - 2011-02-19 05:19 - 00748256 _____ () C:\Windows\system32\perfh00A.dat
2015-01-11 19:22 - 2011-02-19 05:19 - 00161678 _____ () C:\Windows\system32\perfc00A.dat
2015-01-11 19:22 - 2009-07-14 06:13 - 08765312 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 12:14 - 2014-08-07 14:49 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 17:51 - 2014-10-25 19:13 - 00000000 ____D () C:\Users\mike\Downloads\Anno 1404 with Venice Expansion Pack
2014-12-30 17:39 - 2014-07-14 18:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-25 19:44 - 2014-07-16 23:19 - 00000000 ____D () C:\Users\mike\AppData\Roaming\abgx360

==================== Files in the root of some directories =======
2014-07-14 14:41 - 2015-01-20 15:55 - 0000387 _____ () C:\Users\mike\AppData\Roaming\sp_data.sys
2015-01-20 17:23 - 2015-01-20 17:23 - 0613057 _____ (CMI Limited) C:\Users\mike\AppData\Local\nseAE3A.tmp
2014-12-27 22:45 - 2014-12-27 22:45 - 0628496 _____ (CMI Limited) C:\Users\mike\AppData\Local\nsu96AB.tmp
2011-04-13 03:48 - 2010-07-07 00:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2014-07-14 23:22 - 2014-07-14 23:23 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-07-14 23:22 - 2014-07-14 23:22 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\mike\AppData\Local\Temp\848F0CD5-18F7-669A-C5C6-A957A13B7738.exe
C:\Users\mike\AppData\Local\Temp\B115FE0C-D61F-9AFE-828C-60CE4E1F0B85.dll
C:\Users\mike\AppData\Local\Temp\B115FE0C-D61F-9AFE-828C-60CE4E1F0B85.exe
C:\Users\mike\AppData\Local\Temp\CloudBackup346.exe
C:\Users\mike\AppData\Local\Temp\Setup_16752.exe
C:\Users\mike\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 16:44

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by mike at 2015-01-20 17:45:59
Running from C:\Users\mike\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{81AB1FAB-B6E5-0107-EE24-D16F18039301}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
ANNO 1404 - Venice (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION
AnySend (HKLM-x32\...\ASPackage) (Version: 1.0.0.0 - CMI Limited)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS K75DE_Screensaver (HKLM-x32\...\ASUS K75DE_Screensaver) (Version: 1.0.0002 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.1 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.9 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0016 - ASUS)
BlockAndSurf (HKLM-x32\...\D521FB2B-F017-02F7-4807-71FC0108E16A) (Version: - BlockAndSurf-software) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version: - Oberon Media Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
ConvertAd (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION!
Cooking Dash (HKLM-x32\...\Cooking Dash) (Version: - Oberon Media Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
Football Manager 2014 (HKLM-x32\...\Rm9vdGJhbGxNYW5hZ2VyMjAxNA==_is1) (Version: 1 - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker (HKLM-x32\...\Governor of Poker) (Version: - Oberon Media Inc.)
Hogs Of War (HKLM-x32\...\Hogs Of War) (Version: 1.0 - Infogrames)
Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version: - Oberon Media Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.2 - ASUS)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Quest 3 (HKLM-x32\...\Jewel Quest 3) (Version: - Oberon Media Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version: - Hanako Games)
Luxor 3 (HKLM-x32\...\Luxor 3) (Version: - Oberon Media Inc.)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version: - Oberon Media Inc.)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware versie 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Nederlands (HKLM-x32\...\{90150000-001F-0413-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MKV File Player (HKLM-x32\...\{C2CDB6A0-9E2D-4E4E-8776-2D92F2F0FB3D}_is1) (Version: - mkvfileplayer.com)
MKV Player 2.1.17 (HKLM-x32\...\MKV Player_is1) (Version: - )
Mountain (HKLM-x32\...\Steam App 313340) (Version: - David OReilly)
Mozilla Firefox 31.0 (x86 nl) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 nl)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ATTENTION
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
omiga-plus uninstall (HKLM-x32\...\omiga-plus uninstall) (Version: - omiga-plus) <==== ATTENTION
Only If (HKLM-x32\...\Steam App 298260) (Version: - Creability)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version: - Oberon Media Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.12 - ASUS)
Should I Remove It (HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
System Requirements Lab Detection (HKLM-x32\...\{45749495-134D-45C0-8866-108890D599BA}) (Version: 2.2.1.0 - Husdawg, LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unchecky v0.3.5 (HKLM-x32\...\Unchecky) (Version: 0.3.5 - RaMMicHaeL)
Unity Web Player (HKU\S-1-5-21-4007693456-2404522445-154011923-1001\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-4007693456-2404522445-154011923-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WinCheck (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - WinCheck) <==== ATTENTION!
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
World of Goo (HKLM-x32\...\World of Goo) (Version: - Oberon Media Inc.)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

19-01-2015 19:20:46 End of disinfection
19-01-2015 21:43:54 Windows Update
20-01-2015 16:06:15 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-19 18:53 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BC81178-C017-4367-BD80-5D4F732F88C2} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-20] (AnyProtect.com) <==== ATTENTION
Task: {12798716-5F93-48A3-BA2D-D39630EFAE7D} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION
Task: {1764F20C-75E5-4CF1-8D20-06FB04C9276E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {46963949-1D04-4564-A620-218733E229BA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4724B372-B7C0-42A0-8303-D962E496B3FF} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MIKE-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {4906ACA7-DF92-4EC3-866A-8D3F84DB6FD9} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {4AE7BCBD-94F2-4577-9EE2-7ADAAB5C500F} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-20] (AnyProtect.com) <==== ATTENTION
Task: {5B94D9EF-29C4-4CC9-8FAA-4157ADA7AF39} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2011-12-21] (ASUSTeK Computer Inc.)
Task: {60F398C6-F009-4FEB-B4EF-955537F134F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-19] (Google Inc.)
Task: {6D96B6C5-7AD1-44A1-B8FF-2B5F0043F413} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-17] (ASUSTek Computer Inc.)
Task: {70F5D7E1-4AD1-4886-9F07-E27AC546B2D4} - System32\Tasks\{74CDF92E-7E85-46D9-A14E-6B4BA3078EFD} => pcalua.exe -a C:\Users\mike\Downloads\vcredist_x86.exe -d C:\Users\mike\Downloads
Task: {79E36975-36E8-4C11-BF70-D3176B1A5558} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {7BF28E40-067F-48EA-AD16-1355DE7D3B0D} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2011-12-21] (ASUSTeK Computer Inc.)
Task: {7C086DC4-A475-4E9E-B57E-46AAFA5F4746} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {84A77F86-B445-48DE-B57F-B89B693CD5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-19] (Google Inc.)
Task: {B12D34CB-9EAB-4CBB-AEF2-00CFB77C55EB} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {B22AA6BD-9A09-4909-81FE-C79BC1D82B16} - System32\Tasks\NNYOXBV => C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0\3a8e94626c7e455eab9ee6b45c18d0d0.exe [2015-01-19] ()
Task: {BD9D7246-C9AB-460F-8CA5-84AB220E2817} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-20] (AnyProtect.com) <==== ATTENTION
Task: {E96D9326-C56C-48F6-A240-48EFEC919C88} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\ver4BlockAndSurf\J6BlockAndSurfR79.exe [2015-01-20] () <==== ATTENTION
Task: {E9730CBF-576E-4E3C-993F-2271B402BAFA} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {FA17B81B-1B73-410B-B989-A1A0FF2DFF35} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\ver4BlockAndSurf\J6BlockAndSurfR79.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-29 13:33 - 2012-03-29 13:33 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-03-29 13:32 - 2012-03-29 13:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-03-29 13:15 - 2012-03-29 13:15 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-01-20 17:08 - 2015-01-20 17:08 - 00126976 _____ () C:\Users\mike\AppData\Roaming\ASPackage\ASSrv.exe
2015-01-20 11:09 - 2015-01-20 11:09 - 00268288 _____ () C:\Users\mike\AppData\Local\wincheck\wincheck.exe
2015-01-20 17:18 - 2014-11-25 20:37 - 00012800 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2015-01-20 17:21 - 2015-01-20 17:21 - 00129536 _____ () C:\Program Files (x86)\ver4BlockAndSurf\BlockAndSurf.exe
2015-01-20 17:21 - 2015-01-20 17:21 - 00749056 _____ () C:\Program Files (x86)\ver4BlockAndSurf\J6BlockAndSurfR79.exe
2015-01-20 17:11 - 2015-01-20 17:22 - 00122368 _____ () C:\Users\mike\AppData\Local\ConvertAd\CASrv.exe
2015-01-20 10:54 - 2015-01-20 10:54 - 01878016 _____ () C:\Users\mike\AppData\Local\ConvertAd\ConvertAd.exe
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-31 17:25 - 2012-01-31 17:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-02-21 22:49 - 2012-02-21 22:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-01-20 17:07 - 2015-01-20 17:07 - 00011264 _____ () C:\Users\mike\AppData\Local\Temp\nsj6754.tmp\System.dll
2015-01-20 17:07 - 2015-01-20 17:07 - 00117248 _____ () C:\Users\mike\AppData\Local\Temp\nsj6754.tmp\IpConfig.dll
2012-03-15 18:48 - 2012-03-15 18:48 - 00221184 _____ () C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
2015-01-19 18:59 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-19 18:59 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-19 18:59 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-19 18:59 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-19 18:59 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-4007693456-2404522445-154011923-500 - Administrator - Disabled)
Gast (S-1-5-21-4007693456-2404522445-154011923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4007693456-2404522445-154011923-1004 - Limited - Enabled)
Mcx1-MIKE-PC (S-1-5-21-4007693456-2404522445-154011923-1002 - Limited - Enabled) => C:\Users\Mcx1-MIKE-PC
mike (S-1-5-21-4007693456-2404522445-154011923-1001 - Administrator - Enabled) => C:\Users\mike

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling-adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 06:32:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma FRST64.exe, versie 19.1.2015.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 2180

Starttijd: 01d0340d64de7e72

Eindtijd: 3

Toepassingspad: C:\Users\mike\Downloads\FRST64.exe

Rapport-id: 062e62a8-a001-11e4-b9bf-10bf48da2682

Error: (01/19/2015 05:08:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma MULTIU.tmp, versie 51.52.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 2120

Starttijd: 01d034021f1942d9

Eindtijd: 6

Toepassingspad: C:\Users\mike\AppData\Local\Temp\is-1GBTP.tmp\MULTIU.tmp

Rapport-id:

Error: (01/19/2015 01:30:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8938

Error: (01/19/2015 01:30:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8938

Error: (01/19/2015 01:30:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 01:30:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4087

Error: (01/19/2015 01:30:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4087

Error: (01/19/2015 01:30:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 01:30:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3088

Error: (01/19/2015 01:30:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3088

System errors:
=============
Error: (01/19/2015 07:30:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/19/2015 06:51:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN-uitbreidingsmodule is onverwacht gestopt.

Pad naar module: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll

Error: (01/19/2015 06:51:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN-uitbreidingsmodule is onverwacht gestopt.

Pad naar module: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll

Error: (01/19/2015 06:51:51 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de Windows Search-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt:
%%1056

Error: (01/19/2015 06:51:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Windows Media Player Network Sharing Service-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (01/19/2015 06:51:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: De WMPNetworkSvc-service kan niet als NT AUTHORITY\NetworkService met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%50

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (01/19/2015 06:51:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN-uitbreidingsmodule is onverwacht gestopt.

Pad naar module: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll

Error: (01/19/2015 06:51:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De iPod-service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (01/19/2015 06:51:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (01/19/2015 06:51:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Media Player Network Sharing Service-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.

Microsoft Office Sessions:
=========================
Error: (01/19/2015 06:32:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe19.1.2015.0218001d0340d64de7e723C:\Users\mike\Downloads\FRST64.exe062e62a8-a001-11e4-b9bf-10bf48da2682

Error: (01/19/2015 05:08:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: MULTIU.tmp51.52.0.0212001d034021f1942d96C:\Users\mike\AppData\Local\Temp\is-1GBTP.tmp\MULTIU.tmp

Error: (01/19/2015 01:30:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8938

Error: (01/19/2015 01:30:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8938

Error: (01/19/2015 01:30:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 01:30:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4087

Error: (01/19/2015 01:30:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4087

Error: (01/19/2015 01:30:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/19/2015 01:30:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3088

Error: (01/19/2015 01:30:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3088

CodeIntegrity Errors:
===================================
Date: 2014-10-23 15:32:18.379
Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2014-10-23 15:31:22.695
Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 83%
Total physical RAM: 3539.77 MB
Available physical RAM: 589.16 MB
Total Pagefile: 7077.73 MB
Available Pagefile: 2886.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:63.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1D20FFAB)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

argus · Jan 20, 2015

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

Right-click on

icon and select

Run as Administrator to start the tool.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

argus · Jan 20, 2015

Uninstall Chrome

lose all Chrome windows and tabs.
Go to the Start menu > Control Panel.
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.

Chrome installation is altered by malware. Reinstall is needed.

Mikeiej · Jan 20, 2015

# AdwCleaner v4.108 - Rapport aangemaakt 20/01/2015 op 19:24:48
# Laatste Update 17/01/2015 door Xplode
# Database : 2015-01-18.1 [Live]
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : mike - MIKE-PC
# Gestart vanuit : C:\Users\mike\Downloads\AdwCleaner (1).exe
# Optie : Scannen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

Bestand Gevonden : C:\Users\mike\AppData\Local\Temp\Uninstall.exe
Bestand Gevonden : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\qzmodc17.default\user.js
Bestand Gevonden : C:\Windows\System32\drivers\cmwr.sys
Map Gevonden : C:\Program Files (x86)\AnyProtectEx
Map Gevonden : C:\Program Files (x86)\NCH Software
Map Gevonden : C:\Program Files (x86)\predm
Map Gevonden : C:\ProgramData\NCH Software
Map Gevonden : C:\Users\mike\AppData\Roaming\AnyProtectEx
Map Gevonden : C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Map Gevonden : C:\Users\mike\AppData\Roaming\NCH Software

***** [ Taken ] *****

Taak Gevonden : APSnotifierPP1
Taak Gevonden : APSnotifierPP2
Taak Gevonden : APSnotifierPP3
Taak Gevonden : LaunchSignup

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

Sleutel Gevonden : HKCU\Software\AnyProtect
Sleutel Gevonden : HKCU\Software\Optimizer Pro
Sleutel Gevonden : HKCU\Software\Video Player
Sleutel Gevonden : [x64] HKCU\Software\AnyProtect
Sleutel Gevonden : [x64] HKCU\Software\Optimizer Pro
Sleutel Gevonden : [x64] HKCU\Software\Video Player
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Sleutel Gevonden : HKLM\SOFTWARE\PC_Booster
Sleutel Gevonden : HKLM\SOFTWARE\SupDp
Sleutel Gevonden : HKLM\SOFTWARE\YourFileDownloader
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Waarde Gevonden : HKCU\Software\Mozilla\Firefox\Extensions [{F71E8E3B-94EA-0F15-76E9-F1F427DCA73A}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v31.0 (x86 nl)

[qzmodc17.default] - Regel gevonden : user_pref("browser.search.defaultenginename", "omiga-plus");
[qzmodc17.default] - Regel gevonden : user_pref("browser.search.selectedEngine", "omiga-plus");

-\\ Google Chrome v39.0.2171.99

-\\ Chromium v

-\\ Comodo Dragon v

*************************

AdwCleaner[R0].txt - [3989 octets] - [20/01/2015 19:24:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4049 octets] ##########

argus · Jan 20, 2015

Attach here screenshot

argus · Jan 20, 2015

Problem solved?

Mikeiej · Jan 20, 2015

A screenshot of what do you mean? my malwarebytes has quarantined most problems now but just like yesterday i don't think the problem is over yet.

argus · Jan 21, 2015

Is everything ok now?

Mikeiej · Jan 21, 2015

I think so. Thank you again!

Solved pop ups everywhere

New Member

Former MalwareTips Staff

Attachments

Former MalwareTips Staff

New Member

Attachments

Former MalwareTips Staff

New Member

Former MalwareTips Staff

New Member

Former MalwareTips Staff

New Member

New Member

New Member

Former MalwareTips Staff

Former MalwareTips Staff

New Member

Former MalwareTips Staff

Former MalwareTips Staff

New Member

Former MalwareTips Staff

New Member

Similar threads