Logfile of random's system information tool 1.09 (written by random/random) Run by Cuypers at 2013-08-31 16:45:05 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 95 GB (61%) free of 154 GB Total RAM: 4087 MB (46% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:45:18, on 31/08/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16660) Boot mode: Normal Running processes: C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe C:\Program Files (x86)\Logitech\Vid HD\Vid.exe C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe C:\Users\Cuypers\Local Settings\Apps\F.lux\flux.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\SilkQuit\SilkQuit.exe C:\Users\Cuypers\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\PROGRA~2\MICROS~3\Office12\OUTLOOK.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\trend micro\Cuypers.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b6aebd9800000000000020cf3059a7f2&tlver=1.4.19.19&affID=19405 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.5\iobitappsToolbarIE.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll O2 - BHO: Messenger Plus! Community SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing) O2 - BHO: Speed - {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - C:\PROGRA~2\SECURE~1\IE\SPEEDD~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Cuypers\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Rich Media Player - {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Users\Cuypers\AppData\Local\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file) O3 - Toolbar: Messenger Plus! Community Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing) O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.5\iobitappsToolbarIE.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICEE.EXE /FU "C:\Windows\TEMP\E_S975E.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart O4 - HKCU\..\Run: [F.lux] "C:\Users\Cuypers\Local Settings\Apps\F.lux\flux.exe" /noshow O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user') O4 - Startup: Dropbox.lnk = Cuypers\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: SilkQuit Meter.lnk = C:\Program Files (x86)\SilkQuit\SilkQuit.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Cuypers\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BroadCam Video Streaming Server (BroadCamService) - Unknown owner - C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SecureUpdate (SecureUpdateSvc) - Unknown owner - C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16008 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe" C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs "C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe" C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" atieclxx "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe" "C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe" "C:\Program Files\Bonjour\mDNSResponder.exe" "C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe" -service "C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE" "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe" "C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 1792 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe" "C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe" /TUStart /pid:1372 taskeng.exe {CD37EF38-84E6-41FD-80DF-A6722F537082} C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe" "C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe" "C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version6\TeamViewer6_Logfile.log "C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version6\TeamViewer6_Logfile.log "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" "C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart "C:\Users\Cuypers\Local Settings\Apps\F.lux\flux.exe" /noshow "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun "C:\Program Files (x86)\SilkQuit\SilkQuit.exe" "C:\Users\Cuypers\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b "C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe" -hide "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe" HOOK -Dwthx165.dll -IE"DefaultScope" -GC"C:\Users\Cuypers\AppData\Local\Google\Chrome\User Data\Default\Web Data" -FF"C:\Users\Cuypers\AppData\Roaming\Mozilla\Firefox\Profiles\iw3828du.default\Prefs.js" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k SDRSVC "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5740 CREDAT:267521 /prefetch:2 "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5740 CREDAT:3151188 /prefetch:2 C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe -Embedding "C:\PROGRA~2\MICROS~3\Office12\OUTLOOK.EXE" /recycle "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Cuypers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YINWFZR\hijack3.log "C:\Program Files\Internet Explorer\iexplore.exe" -noframemerging -sessionmerging "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4524 CREDAT:267521 /prefetch:2 "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4524 CREDAT:1578249 /prefetch:2 C:\Windows\system32\AUDIODG.EXE 0xa00 "C:\Program Files\Internet Explorer\iexplore.exe" -noframemerging -sessionmerging "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:267521 /prefetch:2 "D:\documenten\Downloads\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\Ginyas Chrome Watcher.job C:\Windows\tasks\Ginyas FireFox Watcher.job C:\Windows\tasks\Ginyas Stats Report.job C:\Windows\tasks\Ginyas Update Checker.job C:\Windows\tasks\GinyasBrowserCompanion Chrome Watcher.job C:\Windows\tasks\GinyasBrowserCompanion FireFox Watcher.job C:\Windows\tasks\GinyasBrowserCompanion Stats Report.job C:\Windows\tasks\GinyasBrowserCompanion Update Checker.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] Messenger Plus! Community SmartbarEngine - C:\Windows\system32\mscoree.dll [2010-11-05 444752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-08-22 254032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}] WOT Helper - C:\Program Files\WOT\WOT.dll [2012-08-02 2001984] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] IObit Apps Toolbar - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.5\iobitappsToolbarIE.dll [2013-08-28 1356096] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] Messenger Plus! Community SmartbarEngine - C:\Windows\system32\mscoree.dll [2010-11-05 444752] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}] AccelerateTab - C:\PROGRA~2\SECURE~1\IE\SPEEDD~1.DLL [2013-08-16 991056] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-10 461216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}] Rich Media Downloader - C:\Users\Cuypers\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll [2013-07-03 155928] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-22 192592] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}] WOT Helper - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02 1542720] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-02-08 1520776] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-10 170912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FEB703F7-E7B2-4AB0-9566-87658AC70095}] Rich Media Player - C:\Users\Cuypers\AppData\Local\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll [2013-03-12 120600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {ae07101b-46d4-4a98-af68-0333ea26e113} - Messenger Plus! Community Smartbar - C:\Windows\system32\mscoree.dll [2010-11-05 444752] {71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2012-08-02 2001984] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-08-22 254032] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912] {977AE9CC-AF83-45E8-9E03-E2798216E2D5} {ae07101b-46d4-4a98-af68-0333ea26e113} - Messenger Plus! Community Smartbar - C:\Windows\system32\mscoree.dll [2010-11-05 444752] {71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02 1542720] {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2013-02-08 1520776] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-22 192592] {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - IObit Apps Toolbar - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.5\iobitappsToolbarIE.dll [2013-08-28 1356096] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus DX8400 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICEE.EXE [2007-04-12 213504] "Logitech Vid"=C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [2011-06-02 6123032] "MyTomTomSA.exe"=C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [2012-09-10 436728] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-08-22 6581488] "Advanced SystemCare 6"=C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [2013-04-18 491840] "F.lux"=C:\Users\Cuypers\Local Settings\Apps\F.lux\flux.exe [2009-08-29 966656] "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-02-28 18642024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-09-21 2583040] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2009-10-19 36864] "TurboV EVO"=C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe [2010-07-07 9936000] "LWS"=C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [2011-11-11 205336] ""= [] "ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2013-02-08 1644680] "IObit Malware Fighter"=C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [2012-12-25 4474832] "SearchSettings"=C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [2013-08-28 1345856] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup SilkQuit Meter.lnk - C:\Program Files (x86)\SilkQuit\SilkQuit.exe C:\Users\Cuypers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\Cuypers\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=lvcod64.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux3"=wdmaud.drv "MSVideo"=vfwwdm32.dll "MSVideo8"=VfWWDM32.dll "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "aux4"=wdmaud.drv "wave5"=wdmaud.drv "midi5"=wdmaud.drv "mixer5"=wdmaud.drv "aux5"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-08-31 16:45:05 ----D---- C:\rsit 2013-08-31 16:45:05 ----D---- C:\Program Files\trend micro 2013-08-30 15:42:21 ----A---- C:\Windows\system32\TURegOpt.exe 2013-08-30 15:42:20 ----A---- C:\Windows\SYSWOW64\authuitu.dll 2013-08-30 15:42:20 ----A---- C:\Windows\system32\authuitu.dll 2013-08-30 15:42:13 ----D---- C:\Program Files (x86)\TuneUp Utilities 2013 2013-08-30 15:42:11 ----D---- C:\ProgramData\TuneUp Software 2013-08-30 15:42:05 ----SHD---- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-08-30 15:41:57 ----RD---- C:\Program Files (x86)\Skype 2013-08-30 15:39:32 ----D---- C:\Users\Cuypers\AppData\Roaming\OpenCandy 2013-08-29 18:07:15 ----A---- C:\Windows\SYSWOW64\sqlite3.dll 2013-08-29 18:07:13 ----D---- C:\Program Files (x86)\Secure Speed Dial 2013-08-29 18:07:12 ----D---- C:\Program Files (x86)\Application Updater 2013-08-28 09:20:49 ----D---- C:\Program Files (x86)\Trend Micro 2013-08-22 15:34:27 ----D---- C:\ProgramData\ABBYY 2013-08-22 15:32:52 ----D---- C:\ProgramData\syscon 2013-08-15 09:19:52 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-08-15 09:19:52 ----A---- C:\Windows\system32\ieui.dll 2013-08-15 09:19:51 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-08-15 09:19:51 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-08-15 09:19:51 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-08-15 09:19:51 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-08-15 09:19:51 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-08-15 09:19:51 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-15 09:19:51 ----A---- C:\Windows\system32\iesysprep.dll 2013-08-15 09:19:51 ----A---- C:\Windows\system32\iesetup.dll 2013-08-15 09:19:51 ----A---- C:\Windows\system32\iertutil.dll 2013-08-15 09:19:51 ----A---- C:\Windows\system32\iernonce.dll 2013-08-15 09:19:51 ----A---- C:\Windows\system32\ie4uinit.exe 2013-08-15 09:19:50 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-08-15 09:19:50 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-08-15 09:19:50 ----A---- C:\Windows\system32\msfeeds.dll 2013-08-15 09:19:50 ----A---- C:\Windows\system32\jscript9.dll 2013-08-15 09:19:50 ----A---- C:\Windows\system32\jscript.dll 2013-08-15 09:19:49 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-08-15 09:19:49 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-08-15 09:19:49 ----A---- C:\Windows\system32\urlmon.dll 2013-08-15 09:19:48 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-08-15 09:19:48 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-08-15 09:19:48 ----A---- C:\Windows\system32\jsproxy.dll 2013-08-15 09:19:47 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-08-15 09:19:47 ----A---- C:\Windows\system32\wininet.dll 2013-08-15 09:19:46 ----A---- C:\Windows\system32\ieframe.dll 2013-08-15 09:19:45 ----A---- C:\Windows\system32\mshtml.dll 2013-08-15 09:19:44 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-08-15 09:15:33 ----D---- C:\Windows\system32\MRT 2013-08-15 09:14:47 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll 2013-08-15 09:14:47 ----A---- C:\Windows\system32\rpcrt4.dll 2013-08-15 09:14:45 ----A---- C:\Windows\SYSWOW64\wintrust.dll 2013-08-15 09:14:45 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll 2013-08-15 09:14:45 ----A---- C:\Windows\SYSWOW64\cryptnet.dll 2013-08-15 09:14:45 ----A---- C:\Windows\SYSWOW64\crypt32.dll 2013-08-15 09:14:45 ----A---- C:\Windows\system32\wintrust.dll 2013-08-15 09:14:45 ----A---- C:\Windows\system32\cryptsvc.dll 2013-08-15 09:14:45 ----A---- C:\Windows\system32\cryptnet.dll 2013-08-15 09:14:45 ----A---- C:\Windows\system32\crypt32.dll 2013-08-15 09:14:42 ----A---- C:\Windows\SYSWOW64\tzres.dll 2013-08-15 09:14:42 ----A---- C:\Windows\system32\tzres.dll 2013-08-15 09:14:37 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2013-08-15 09:14:36 ----A---- C:\Windows\SYSWOW64\wow32.dll 2013-08-15 09:14:36 ----A---- C:\Windows\SYSWOW64\user.exe 2013-08-15 09:14:36 ----A---- C:\Windows\SYSWOW64\setup16.exe 2013-08-15 09:14:36 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2013-08-15 09:14:36 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2013-08-15 09:14:36 ----A---- C:\Windows\SYSWOW64\ntdll.dll 2013-08-15 09:14:36 ----A---- C:\Windows\SYSWOW64\instnm.exe 2013-08-15 09:14:36 ----A---- C:\Windows\system32\wow64.dll 2013-08-15 09:14:36 ----A---- C:\Windows\system32\ntoskrnl.exe 2013-08-15 09:14:36 ----A---- C:\Windows\system32\ntdll.dll 2013-08-15 09:14:35 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL 2013-08-15 09:14:35 ----A---- C:\Windows\system32\WMVDECOD.DLL 2013-08-15 09:14:12 ----A---- C:\Windows\system32\drivers\tssecsrv.sys 2013-08-15 09:14:12 ----A---- C:\Windows\system32\drivers\tcpip.sys 2013-08-12 10:41:58 ----D---- C:\Users\Cuypers\AppData\Roaming\Skype 2013-08-12 10:41:51 ----D---- C:\ProgramData\Skype 2013-08-11 19:03:22 ----A---- C:\Windows\SYSWOW64\qedit.dll 2013-08-11 19:03:22 ----A---- C:\Windows\system32\qedit.dll 2013-08-11 19:03:10 ----A---- C:\Windows\system32\win32k.sys 2013-08-11 19:03:01 ----A---- C:\Windows\SYSWOW64\DWrite.dll 2013-08-11 19:03:01 ----A---- C:\Windows\system32\DWrite.dll ======List of files/folders modified in the last 1 month====== 2013-08-31 16:45:05 ----RD---- C:\Program Files 2013-08-31 16:45:04 ----D---- C:\Windows\Temp 2013-08-31 16:29:47 ----A---- C:\Users\Cuypers\AppData\Roaming\tracedll_ExpressZipExplorer.txt 2013-08-31 16:29:08 ----A---- C:\Users\Cuypers\AppData\Roaming\tracedll_ExpressZipExplorer.1.txt 2013-08-31 15:52:00 ----D---- C:\ProgramData\GinyasBrowserCompanion 2013-08-31 14:53:02 ----A---- C:\Users\Cuypers\AppData\Roaming\tracedll_ExpressZipExplorer.2.txt 2013-08-31 14:16:18 ----D---- C:\Windows\Prefetch 2013-08-31 11:59:42 ----D---- C:\Windows\system32\Tasks 2013-08-31 11:18:25 ----D---- C:\Windows\system32\config 2013-08-31 11:08:01 ----SHD---- C:\System Volume Information 2013-08-31 11:04:54 ----D---- C:\Users\Cuypers\AppData\Roaming\Dropbox 2013-08-31 11:04:33 ----D---- C:\Users\Cuypers\AppData\Roaming\GinyasBrowserCompanion 2013-08-31 11:04:08 ----D---- C:\Windows\Tasks 2013-08-31 11:04:08 ----D---- C:\Windows\system32\wfp 2013-08-31 11:04:06 ----D---- C:\Windows\system32\wbem 2013-08-31 11:04:06 ----D---- C:\Windows 2013-08-31 11:03:25 ----SHD---- C:\Windows\Installer 2013-08-31 11:03:25 ----D---- C:\Windows\SysWOW64 2013-08-31 11:03:25 ----D---- C:\Windows\system32\NDF 2013-08-31 11:03:25 ----D---- C:\Windows\system32\DriverStore 2013-08-31 11:03:25 ----D---- C:\Windows\system32\CodeIntegrity 2013-08-31 11:03:25 ----D---- C:\Windows\system32\catroot2 2013-08-31 11:03:25 ----D---- C:\Windows\System32 2013-08-31 11:03:25 ----D---- C:\Windows\inf 2013-08-31 11:03:25 ----D---- C:\Windows\AppCompat 2013-08-31 11:03:24 ----SD---- C:\Users\Cuypers\AppData\Roaming\Microsoft 2013-08-31 11:03:24 ----D---- C:\Users\Cuypers\AppData\Roaming\Mikrov 2013-08-31 11:03:21 ----D---- C:\ProgramData\Mikrov 2013-08-31 11:03:20 ----D---- C:\ProgramData\IObit 2013-08-31 11:03:11 ----RD---- C:\Program Files (x86) 2013-08-31 11:03:07 ----SHD---- C:\Config.Msi 2013-08-31 11:03:07 ----D---- C:\Windows\registration 2013-08-31 11:03:07 ----D---- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2013-08-31 11:03:07 ----D---- C:\Program Files (x86)\IObit Apps Toolbar 2013-08-31 11:03:07 ----D---- C:\Program Files (x86)\Common Files 2013-08-31 11:02:32 ----HD---- C:\ProgramData 2013-08-31 10:51:01 ----A---- C:\Users\Cuypers\AppData\Roaming\tracedll_ExpressZipExplorer.3.txt 2013-08-31 10:35:33 ----D---- C:\ProgramData\Apple 2013-08-31 10:35:31 ----D---- C:\ProgramData\Apple Computer 2013-08-30 16:08:57 ----A---- C:\Users\Cuypers\AppData\Roaming\tracedll_ExpressZipExplorer.4.txt 2013-08-30 15:42:14 ----D---- C:\Users\Cuypers\AppData\Roaming\TuneUp Software 2013-08-30 15:29:03 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-08-30 08:07:00 ----A---- C:\Users\Cuypers\AppData\Roaming\tracedll_ExpressZipExplorer.5.txt 2013-08-30 07:59:12 ----D---- C:\Windows\SoftwareDistribution 2013-08-30 07:56:09 ----D---- C:\Windows\debug 2013-08-29 19:17:20 ----A---- C:\Users\Cuypers\AppData\Roaming\tracedll_ExpressZipExplorer.6.txt 2013-08-29 19:11:08 ----A---- C:\Users\Cuypers\AppData\Roaming\tracedll_ExpressZipExplorer.7.txt 2013-08-29 18:25:08 ----A---- C:\Users\Cuypers\AppData\Roaming\tracedll_ExpressZipExplorer.8.txt 2013-08-29 18:12:46 ----D---- C:\Windows\Panther 2013-08-29 18:10:53 ----SHD---- C:\Boot 2013-08-28 11:31:16 ----A---- C:\Users\Cuypers\AppData\Roaming\tracedll_ExpressZipExplorer.9.txt 2013-08-26 17:51:31 ----D---- C:\Windows\rescache 2013-08-24 17:33:13 ----D---- C:\Windows\Microsoft.NET 2013-08-24 17:33:12 ----RSD---- C:\Windows\assembly 2013-08-22 14:06:02 ----D---- C:\ProgramData\Google 2013-08-22 11:45:17 ----D---- C:\Program Files\SUPERAntiSpyware 2013-08-21 09:14:40 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2013-08-15 09:22:49 ----D---- C:\Windows\winsxs 2013-08-15 09:21:34 ----D---- C:\Windows\SYSWOW64\nl-NL 2013-08-15 09:21:33 ----D---- C:\Windows\system32\nl-NL 2013-08-15 09:21:33 ----D---- C:\Windows\system32\drivers 2013-08-15 09:21:33 ----D---- C:\Windows\AppPatch 2013-08-15 09:21:33 ----D---- C:\Program Files\Internet Explorer 2013-08-15 09:21:33 ----D---- C:\Program Files (x86)\Internet Explorer 2013-08-15 09:20:05 ----D---- C:\Windows\system32\catroot 2013-08-15 09:15:28 ----A---- C:\Windows\system32\MRT.exe 2013-08-14 08:00:23 ----D---- C:\Users\Cuypers\AppData\Roaming\IObit 2013-08-12 16:10:35 ----D---- C:\Program Files\Defraggler 2013-08-12 15:38:35 ----D---- C:\Program Files (x86)\Google 2013-08-12 15:35:12 ----D---- C:\Program Files\CCleaner 2013-08-12 10:41:58 ----D---- C:\Program Files (x86)\Windows Live 2013-08-11 20:12:16 ----D---- C:\Program Files\Microsoft Silverlight 2013-08-11 20:12:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2013-08-11 20:11:31 ----D---- C:\Program Files\Windows Defender 2013-08-11 20:11:31 ----D---- C:\Program Files (x86)\Windows Defender 2013-08-11 20:11:30 ----D---- C:\Program Files\Windows Journal 2013-08-11 18:43:26 ----D---- C:\Windows\ShellNew 2013-08-11 18:42:09 ----D---- C:\ProgramData\Avira 2013-08-11 18:42:08 ----D---- C:\Program Files\Google 2013-08-11 18:42:08 ----D---- C:\Program Files\Common Files\Microsoft Shared 2013-08-11 18:42:08 ----D---- C:\Program Files (x86)\MyTomTom 3 2013-08-11 18:42:04 ----D---- C:\Program Files (x86)\Avira ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2009-10-19 115312] R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-08-30 228768] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720] R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-04-22 13440] R1 AsUpIO;AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [2009-07-06 13368] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2013-03-28 130016] R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2013-03-28 100712] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-10-27 287232] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-09-24 116752] R3 CompFilter64;UVCCompositeFilter; C:\Windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152] R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] R3 LVUVC64;Logitech HD Webcam C510(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880] S1 uahyzwcz;uahyzwcz; \??\C:\Windows\system32\drivers\uahyzwcz.sys [] S1 vsynvllf;vsynvllf; \??\C:\Windows\system32\drivers\vsynvllf.sys [] S3 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488] S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [] S3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-04 19456] S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-12-04 57856] S3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904] S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 19968] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-09-17 1250816] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-10-27 203776] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144] R2 Application Updater;Application Updater; C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-08-28 807800] R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056] R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184] R2 BroadCamService;BroadCam Video Streaming Server; C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe [2012-06-08 2469380] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464] R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-30 2401632] R2 UMVPFSrv;UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04 136176] S2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592] S2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 22072] S2 SecureUpdateSvc;SecureUpdate; C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2013-08-15 2298704] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 257416] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-04 136176] S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-12-05 194032] S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 934760] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-04 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF-----------------