B_Daan

Thank you for the information. My last scan found no threats.

Hi, When mbam finds suspected files they will be quarantined. When the scan is finished you can choose to remove those files or to restore them. My question is what happens when you accidently restore an item you want to delete? Will it show up in a next scan or does mbam think I marked it as 'safe'?

Ok thanks for the info. Thank u for your assistance.

Hi I have one more question. Can you explain to me what FRST fixes? For example it says it removed "TOC.WMV" ADS from wmv files. Thanks for your help. I was much needed and appreciated.

Hi deeprybka, Here is the fixlog from FRST. I have one more question. Can you explain to me what it fixes? For example it says it removed "TOC.WMV" ADS from wmv files. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:5-08-2014Ran by Bekker at 2014-08-09 20:20:56 Run:1Running from C:\Users\Bekker\DownloadsBoot Mode: Normal ============================================== Content of fixlist:*****************AlternateDataStreams: C:\ProgramData\TEMP:88050731AlternateDataStreams: C:\ProgramData\TEMP:C39E55C5AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2AlternateDataStreams: C:\Users\Annemieke\Desktop\modem:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Downloads\00030.mp4:TOC.WMVAlternateDataStreams: C:\Users\Bekker\Downloads\00031.mp4:TOC.WMVAlternateDataStreams: C:\Users\Bekker\Downloads\6307628.jpg:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Downloads\Hillbilly Bears (Dutch).mp4:TOC.WMVAlternateDataStreams: C:\Users\Bekker\Downloads\Netherworld - Paris Catacombs (720p).mp4:TOC.WMVAlternateDataStreams: C:\Users\Bekker\Documents\Adobe:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\adobe bestanden:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Adobe Scripts:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Downloaded Installations:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Downloads:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\GomPlayer:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Mijn ontvangen bestanden:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Remote Assistance Logs:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Shareaza Downloads:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\SimCity 4:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\torrents:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Version Cue:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\werk peter:Roxio EMC StreamFF Extension: No Name - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\staged [2014-08-06] ***************** C:\ProgramData\TEMP => ":88050731" ADS removed successfully.C:\ProgramData\TEMP => ":C39E55C5" ADS removed successfully.C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.C:\Users\Annemieke\Desktop\modem => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\Downloads\00030.mp4 => ":TOC.WMV" ADS removed successfully.C:\Users\Bekker\Downloads\00031.mp4 => ":TOC.WMV" ADS removed successfully.C:\Users\Bekker\Downloads\6307628.jpg => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\Downloads\Hillbilly Bears (Dutch).mp4 => ":TOC.WMV" ADS removed successfully.C:\Users\Bekker\Downloads\Netherworld - Paris Catacombs (720p).mp4 => ":TOC.WMV" ADS removed successfully.C:\Users\Bekker\Documents\Adobe => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\Documents\adobe bestanden => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\Documents\Adobe Scripts => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\Documents\Downloaded Installations => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\Documents\Downloads => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\Documents\GomPlayer => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\Documents\Mijn ontvangen bestanden => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\Documents\Remote Assistance Logs => ":Roxio EMC Stream" ADS removed successfully."C:\Users\Bekker\Documents\Shareaza Downloads" => ":Roxio EMC Stream" ADS not found.C:\Users\Bekker\Documents\SimCity 4 => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\Documents\torrents => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\Documents\Version Cue => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\Documents\werk peter => ":Roxio EMC Stream" ADS removed successfully.C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\staged => Moved successfully. ==== End of Fixlog ====

And the Farbar Service Scanner results: Farbar Service Scanner Version: 21-07-2014 Ran by Bekker (administrator) on 09-08-2014 at 15:43:30 Running from "C:\Users\Bekker\Downloads" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => File is digitally signed C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\system32\dhcpcsvc.dll => File is digitally signed C:\Windows\system32\Drivers\afd.sys => File is digitally signed C:\Windows\system32\Drivers\tdx.sys => File is digitally signed C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed C:\Windows\system32\dnsrslvr.dll => File is digitally signed C:\Windows\system32\mpssvc.dll => File is digitally signed C:\Windows\system32\bfe.dll => File is digitally signed C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\system32\SDRSVC.dll => File is digitally signed C:\Windows\system32\vssvc.exe => File is digitally signed C:\Windows\system32\wscsvc.dll => File is digitally signed C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\system32\wuaueng.dll => File is digitally signed C:\Windows\system32\qmgr.dll => File is digitally signed C:\Windows\system32\es.dll => File is digitally signed C:\Windows\system32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed **** End of log ****

Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x86) Version:5-08-2014 Ran by Bekker at 2014-08-09 15:08:51 Running from C:\Users\Bekker\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Antivirus en antispyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AS: McAfee Antivirus en antispyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Sansa Media Converter (HKLM\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.256 - ) 3D Sound Back Beta0.1 (HKLM\...\{39DB116F-E088-486F-B13C-8925ECE7A6E5}) (Version: 0.1 - Realtek Semiconductor Corp.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Aan de slag met Dell (HKLM\...\{2C086D06-187A-4050-ADD4-2F9D033651B4}) (Version: 1.00.0000 - Dell Inc.) AChat 1.12 (HKLM\...\AChat_is1) (Version: - AChat Animation Studios) Adobe Creative Suite 6 Master Collection (HKLM\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated) Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated) Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.10) - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - ) Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) Adobe Widget Browser (Version: 2.0.348 - Adobe Systems Incorporated.) Hidden Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Astrospiegel Win (HKLM\...\ST5UNST #1) (Version: - ) ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - ) ATI Catalyst Install Manager (HKLM\...\{5968F27A-66E6-171E-5311-0A74D74AAD9B}) (Version: 3.0.812.0 - ATI Technologies, Inc.) Audacity 1.3.5 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) Avi2Dvd 0.4.5 beta (HKLM\...\Avi2Dvd) (Version: 0.4.5 beta - TrustFm) AviSynth 2.5 (HKLM\...\AviSynth) (Version: - ) bl (Version: 1.0.0 - Your Company Name) Hidden Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell) BSC Cleanitol TM (HKCU\...\BSC Cleanitol TM) (Version: - ) Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 3.1.0.22 - ) Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.0.0.8 - ) Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.0.1.16 - ) Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.1.15 - ) Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - ) Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.0.0.5 - ) Canon Utilities RAW Image Converter (HKLM\...\Canon Utilities RAW Image Converter) (Version: - ) Canon Utilities RemoteCapture 1.4 (HKLM\...\RemoteCapture) (Version: - ) Canon Utilities RemoteCapture DC (HKLM\...\RemoteCaptureDC) (Version: 3.0.1.8 - ) Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - ) Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - ) Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Core Implementation (Version: 2007.1220.2143.38732 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Graphics Full Existing (Version: 2007.1220.2143.38732 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Graphics Full New (Version: 2007.1220.2143.38732 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Graphics Light (Version: 2007.1220.2143.38732 - ATI) Hidden Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Graphics Previews Common (Version: 2007.1220.2143.38732 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (Version: 2007.1220.2143.38732 - ATI) Hidden Catalyst Control Center InstallProxy (Version: 2011.0126.1749.31909 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) Hidden Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) Hidden CCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help English (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help French (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help German (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help Italian (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help Korean (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help Polish (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help Thai (Version: 2007.0731.2233.38497 - ATI) Hidden CCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hidden ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden ccc-core-static (Version: 2007.1220.2143.38732 - Uw bedrijfsnaam) Hidden ccc-utility (Version: 2007.0731.2234.38497 - ATI) Hidden ccc-utility (Version: 2007.1220.2143.38732 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) Coca-Cola Zero Screen Saver (HKLM\...\Coca-Cola Zero) (Version: - ) Compatibiliteitspakket voor het 2007 Microsoft Office system (HKLM\...\{90120000-0020-0413-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CPUID HWMonitor 1.15 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) Creevity Mp3 Cover Downloader (HKLM\...\Mp3 Cover Downloader_is1) (Version: 1.4.0 - Diego Alicata) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version: - CyberGhost S.R.L.) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd) Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.125 - PC-Doctor, Inc.) Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 4.0.5.6 - Dell) DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC) DriverMax 7 (HKLM\...\DMX5_is1) (Version: 7.16.0.120 - Innovative Solutions) Empire: Total War Demo (HKLM\...\Steam App 10620) (Version: - The Creative Assembly) EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version: - SEIKO EPSON Corporation) Equalify v2.5.3 (Stable) (HKLM\...\{33EC4F70-9F4B-406F-BB2A-F75A285E927D}) (Version: 2.5.3.0 - Equalify) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version: - ) Express Burn (HKLM\...\ExpressBurn) (Version: - NCH Software) Express Rip (HKLM\...\ExpressRip) (Version: - NCH Swift Sound) FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - ) Folder Lock (HKCU\...\FolderLock6) (Version: - New Sofware.net Inc.) Free WebM to AVI Converter 1.0 (HKLM\...\{38B50CEC-C683-404D-BAD7-48CBCBFF981B}_is1) (Version: - PolySoft Solutions) Free YouTube Download version 3.0.18.1123 (HKLM\...\Free YouTube Download_is1) (Version: - DVDVideoSoft Ltd.) Freemake Video Converter versie 4.0.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation) gmax (HKLM\...\{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}) (Version: 4.4.0.125 - Discreet) GOM Audio (HKLM\...\GomAudio) (Version: 2.0.5.0138 - Gretech Corporation) GOM Player (HKLM\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation) Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google SketchUp 6 (HKLM\...\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}) (Version: 6.0.01313 - Google) Google SketchUp 6 (Version: 6.4.112 - Google) Hidden Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Google Video Uploader (HKLM\...\Google Video Uploader) (Version: - ) ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden Intel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel) Intel® PRO Network Connections 12.1.11.0 (Version: - Intel) Hidden Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle) Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden Jetcast 1.1.1 (HKLM\...\Jetcast) (Version: 1.1.1 - ) JPGAvi 1.07.0.68 (HKLM\...\JPGAvi_is1) (Version: - NDW Ltd) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LockHunter 2.0 beta 2, 32 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich, Ltd) Logitech Legacy USB Camera-stuurprogrammapakket (HKLM\...\legacyqcam_10.51) (Version: 10.51.2023 - ) Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.) Logitech Webcam Software-stuurprogrammapakket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.) Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MassTube 12.0.0.280 Beta 9 (HKLM\...\{622A0A32-9711-43D3-A6F1-B0FC78F1A68A}_is1) (Version: 12.0.0.280 Beta 9 - Havy Alegria) McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.) McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.) MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity) Microsoft .NET Framework 3.5 Language Pack SP1 - nld (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation) Microsoft Office 2000 Professional (HKLM\...\{00010413-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM\...\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}) (Version: 08.05.0822 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden MixVibes STANDARD 6 uninstall (HKLM\...\MixVibes.exe) (Version: - ) Mozilla Firefox 31.0 (x86 nl) (HKLM\...\Mozilla Firefox 31.0 (x86 nl)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version: - ) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyFonts Order M1384822 (HKLM\...\{F564454D-DEBE-0CCE-93C3-FD8DEB975100}) (Version: 1.0 - MyFonts.com, Inc.) MyFonts Order M1491040 (HKLM\...\{3DB2C412-5A5C-157D-C753-FF762B37710C}) (Version: 1.0 - MyFonts.com, Inc.) Nero 9 (HKLM\...\{654844a8-3c8b-4bb7-a858-eaa223f36d5f}) (Version: - Nero AG) Nero Installer (Version: 2.0.0.1 - Nero AG) Hidden neroxml (Version: 1.0.0 - Nero AG) Hidden Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - ) Ogg Codecs 0.81.15562 (HKLM\...\Ogg Codecs) (Version: 0.81.15562 - Xiph.Org) Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}) (Version: 3.36.0 - dotPDN LLC) Pazera Free MP4 to AVI Converter 1.6 (HKLM\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera) PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) ph (Version: 1.0.0 - Your Company Name) Hidden Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Pivot Pro Plugin (Version: 9.50.110 - Portrait Displays, Inc.) Hidden PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - ) PowerISO (HKLM\...\PowerISO) (Version: - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform) Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio) Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio) Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio) Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio) Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio) Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio) Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio) Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.) Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio) Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation) SDK (Version: 2.31.009 - Portrait Displays, Inc.) Hidden Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden SequoiaView (HKLM\...\SequoiaView) (Version: - ) Serif DrawPlus 4.0 (HKLM\...\SerifDrawPlus40) (Version: - ) Sesam Kart 3D NPAPI Viewer (HKCU\...\myVRnpapi) (Version: - ) Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden SimCity 4 Rush Hour (HKLM\...\{01339AE5-04D4-43F8-008E-13AD788DC4F7}) (Version: - ) SIW version 2011.10.29 (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions) Skins (Version: 2007.0731.2234.38497 - ATI) Hidden Skins (Version: 2007.1220.2143.38732 - ATI) Hidden Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SmartControl (HKLM\...\{F4EF231A-7218-41B1-AB84-F5B48B74C50A}) (Version: 2.20.026 - Portrait Displays, Inc.) Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.9.201308081522 - Sony Ericsson Communications AB) Sony Mobile Update Service (HKLM\...\Update Service) (Version: 2.13.5.201304180917 - Sony Mobile Communications AB) Sony PC Companion 2.10.211 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony) SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - ) Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems) Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve) SubSync (HKLM\...\ST6UNST #1) (Version: - ) SWF to MP3 Converter 2.3 build 149 (HKLM\...\SWF to MP3 Converter) (Version: 2.3 build 149 - Hoo Technologies) Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - nld) (Version: - Microsoft Corporation) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TBS WMP Plug-in (HKLM\...\InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}) (Version: 1.00.676 - CNN) TBS WMP Plug-in (Version: 1.00.676 - CNN) Hidden TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.0 - TrueCrypt Foundation) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update voor het stuurprogramma voor Windows Mobile Apparaatcentrum (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation) User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - ) V710 PC Assistant V1.4.2 (HKLM\...\V710 PC Assistant_is1) (Version: - MobTime, Inc.) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VirtuoCity (HKCU\...\VirtuoCity) (Version: - ) Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) WD SmartWare (HKLM\...\{98D451C4-4ACA-4273-BB47-57CFE46B048E}) (Version: 1.4.1.1 - Western Digital) Winamp (HKLM\...\Winamp) (Version: 5.56 - Nullsoft, Inc) Winamp Remote (HKLM\...\Orb) (Version: 2.2008.0508.1530 - Orb Networks) Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Media Tools 4.0 (HKLM\...\Microsoft NetShow Tools 2.0) (Version: - ) Windows Mobile Apparaatcentrum (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation) WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\actxprxy.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}\InprocServer32 -> K:\.\player\WMMP.EXE No File CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}\InprocServer32 -> K:\.\player\WMMP.EXE No File CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}\InprocServer32 -> K:\.\player\WMMP.EXE No File ==================== Restore Points ========================= 16-07-2014 15:49:14 Installed Java 7 Update 65 16-07-2014 15:59:59 Windows Update 18-07-2014 15:13:25 Gepland herstelpunt 19-07-2014 12:17:33 Gepland herstelpunt 19-07-2014 19:43:05 Installed Java 7 Update 65 20-07-2014 18:18:05 Gepland herstelpunt 23-07-2014 18:52:27 Windows Update 23-07-2014 19:46:47 Windows Update 25-07-2014 20:12:27 Installed Equalify v2.5.3 (Stable) 30-07-2014 10:16:49 Windows Update 02-08-2014 08:19:32 Gepland herstelpunt 03-08-2014 13:19:51 Gepland herstelpunt 06-08-2014 14:45:41 Windows Update 08-08-2014 16:35:26 Gepland herstelpunt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 12:23 - 2014-08-06 22:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {147C35EA-FC79-4C74-9908-4394F1FEB45B} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.) Task: {17133D10-2AC8-4093-B5A7-A5FBBC1BA5F2} - System32\Tasks\DivX-online actualiseringsprogramma => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-11-15] () Task: {17F082FB-956D-4678-AF53-EE970A356922} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {1D47FE82-697D-4B68-9DE4-FE9C090CEE50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526 => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.) Task: {2867449F-C1D9-45CF-826E-FEE0BC420EC9} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation) Task: {3AF30E58-AAB7-4A97-920E-C2C9A0279ECE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {5A63FCA9-185F-4681-A2B6-CFFD0DC57E8A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf6c48c3d25d74 => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.) Task: {623EDFA3-94E1-43ED-82D4-340131132BC4} - System32\Tasks\wp_update => C:\Users\Bekker\AppData\Roaming\~wbnvowq.exe Task: {6FF950BE-C9FF-4A94-97C7-5B40B6ACFCDB} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {83717B20-5ABA-4326-AE8E-5F206DCC8A82} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe Task: {8737E8BC-AF39-460C-A6EB-A5623D7835D6} - System32\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.) Task: {89AC14E7-990A-404A-B3C8-BE5629A62FC9} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2013-02-05] (PC-Doctor, Inc.) Task: {B5E986A1-B887-4EC8-A184-148697B9F08C} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION Task: {C8CDD8AF-9485-484E-A931-6E3DA20F712F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {CA50539E-FD11-4FD9-80FD-01CAEF36DB50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.) Task: {CD372113-9F36-4350-BDE0-3150E864A2A5} - System32\Tasks\Google Updater and Installer => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.) Task: {CDB63164-2991-40A7-9A54-8EAFA6457CBD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {D83F4E57-0ED2-4ACD-87D0-C7111DAADF66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.) Task: {DE3AA403-7208-4DC1-8EEF-6346E31F57BE} - System32\Tasks\Sansa Dispatch => C:\Users\Bekker\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2012-08-04] (SanDisk Corporation) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () Task: {E57652C0-7046-46AA-9A4F-08F551BEA136} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {EB06F4CC-E6D8-46E2-8E68-C7154EC463CD} - System32\Tasks\Adobe-online actualiseringsprogramma => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core.job => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526.job => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-09-28 22:28 - 2012-09-18 14:20 - 00083864 _____ () C:\Program Files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll 2010-08-06 17:48 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll 2011-01-27 00:11 - 2011-01-27 00:11 - 00023040 _____ () C:\Windows\system32\atitmpxx.dll 2012-09-28 22:22 - 2012-09-18 14:19 - 00243608 _____ () C:\Program Files\Common Files\Portrait Displays\Shared\dthook.dll 2007-03-02 13:44 - 2007-03-02 13:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll 2007-12-13 13:35 - 2006-09-14 01:20 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll 2013-02-11 21:11 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll 2013-02-11 21:10 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll 2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll 2013-04-22 13:40 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll 2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll 2012-09-28 22:21 - 2012-09-18 14:19 - 00186264 _____ () C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll 2012-09-28 22:25 - 2012-09-18 14:19 - 00120728 _____ () C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll 2013-02-11 21:10 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe 2012-09-28 22:28 - 2012-09-18 14:20 - 00161688 _____ () C:\Program Files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe 2014-07-20 18:07 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll 2014-07-20 18:07 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll 2014-07-20 18:06 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll 2003-08-19 09:20 - 2003-08-19 09:20 - 00180224 _____ () C:\Program Files\Avi2Dvd\Programs\Filters\ac3filter.ax 2014-07-20 18:07 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:88050731 AlternateDataStreams: C:\ProgramData\TEMP:C39E55C5 AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 AlternateDataStreams: C:\Users\Annemieke\Desktop\modem:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Downloads\00030.mp4:TOC.WMV AlternateDataStreams: C:\Users\Bekker\Downloads\00031.mp4:TOC.WMV AlternateDataStreams: C:\Users\Bekker\Downloads\6307628.jpg:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Downloads\Hillbilly Bears (Dutch).mp4:TOC.WMV AlternateDataStreams: C:\Users\Bekker\Downloads\Netherworld - Paris Catacombs (720p).mp4:TOC.WMV AlternateDataStreams: C:\Users\Bekker\Documents\Adobe:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Documents\adobe bestanden:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Documents\Adobe Scripts:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Documents\Downloaded Installations:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Documents\Downloads:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Documents\GomPlayer:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Documents\Mijn ontvangen bestanden:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Documents\Remote Assistance Logs:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Documents\Shareaza Downloads:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Documents\SimCity 4:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Documents\torrents:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Documents\Version Cue:Roxio EMC Stream AlternateDataStreams: C:\Users\Bekker\Documents\werk peter:Roxio EMC Stream ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Adobe Version Cue CS3 => 3 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: TuneUp.UtilitiesSvc => 2 MSCONFIG\Services: YahooAUService => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Bekker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup MSCONFIG\startupfolder: C:^Users^Bekker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk => C:\Windows\pss\Need for Speed™ Undercover Registration.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart /min MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: DriverMax => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent MSCONFIG\startupreg: DriverMax_RESTART => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTART MSCONFIG\startupreg: Google Update => "C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: Orb => "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background MSCONFIG\startupreg: PivotSoftware => "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10 MSCONFIG\startupreg: Spotify => "C:\Users\Bekker\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSCONFIG\startupreg: Steam => "c:\program files\steam\steam.exe" -silent MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe" ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun Minipoort-adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: AQNOMJ78 IDE Controller Description: AQNOMJ78 IDE Controller Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: ay7c64jx Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/04/2014 02:12:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Toepassing met fout Explorer.EXE, versie 6.0.6002.18005, tijdstempel 0x49e01da5, module met fout SHLWAPI.dll, versie 6.0.6002.18738, tijdstempel 0x50ada1fd, uitzonderingscode 0xc0000005, foutmarge 0x00020f29, proces-id 0x930, starttijd van toepassing 0xExplorer.EXE0. Error: (08/04/2014 01:26:27 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/04/2014 01:44:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Toepassing met fout Explorer.exe, versie 6.0.6002.18005, tijdstempel 0x49e01da5, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000, uitzonderingscode 0xc0000005, foutmarge 0x03990fef, proces-id 0x56c, starttijd van toepassing 0xExplorer.exe0. Error: (08/03/2014 08:09:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d, proces-id 0x1944, starttijd van toepassing 0xStreamTransport.exe0. Error: (08/03/2014 08:04:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x000674cf, proces-id 0x1f34, starttijd van toepassing 0xStreamTransport.exe0. Error: (08/03/2014 08:03:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d, proces-id 0x1e38, starttijd van toepassing 0xStreamTransport.exe0. Error: (08/03/2014 08:02:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d, proces-id 0xa20, starttijd van toepassing 0xStreamTransport.exe0. Error: (08/03/2014 08:02:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x000674cf, proces-id 0x9b8, starttijd van toepassing 0xStreamTransport.exe0. Error: (08/03/2014 08:02:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d, proces-id 0x99c, starttijd van toepassing 0xStreamTransport.exe0. Error: (08/03/2014 06:00:33 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: De vermelding <C:\USERS\BEKKER\DOWNLOADS\NERDESIN_A_K_M_-_NETD.MP2T> in de hash-toewijzing kan niet worden bijgewerkt. Context: toepassing , catalogus SystemIndex Details: Een apparaat dat op het systeem is aangesloten, werkt niet. (0x8007001f) System errors: ============= Error: (08/08/2014 10:06:27 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (08/08/2014 03:25:50 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (08/08/2014 03:22:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: ASPI32 bdwfx Error: (08/08/2014 03:21:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (via LRPC) Error: (08/08/2014 03:21:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEEMS-1-5-18LocalHost (via LRPC) Error: (08/08/2014 03:21:35 PM) (Source: bowser) (EventID: 8003) (User: ) Description: De masterbrowser heeft een servermelding ontvangen van computer EXPERIA die meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{677AEE2D-8769-429A-BE7D-FE6BD7FB03. De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen. Error: (08/08/2014 03:20:46 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY) Description: Printer PDFCreator met gedeelde bronnaam PDFCreator kan niet door de afdrukspooler worden gedeeld. Fout 2114. De printer kan niet door anderen in het netwerk worden gebruikt. Error: (08/06/2014 10:12:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart Error: (08/06/2014 10:07:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart Error: (08/06/2014 10:01:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart Microsoft Office Sessions: ========================= Error: (08/04/2014 02:12:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.0.6002.1800549e01da5SHLWAPI.dll6.0.6002.1873850ada1fdc000000500020f2993001cfafdc8306e2d2 Error: (08/04/2014 01:26:27 PM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/04/2014 01:44:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.exe6.0.6002.1800549e01da5unknown0.0.0.000000000c000000503990fef56c01cfaf562e3a0286 Error: (08/03/2014 08:09:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0d194401cfaf45fa885427 Error: (08/03/2014 08:04:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c0000005000674cf1f3401cfaf45566e70e7 Error: (08/03/2014 08:03:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0d1e3801cfaf4527c232e7 Error: (08/03/2014 08:02:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0da2001cfaf451ce289b7 Error: (08/03/2014 08:02:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c0000005000674cf9b801cfaf450ded5847 Error: (08/03/2014 08:02:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0d99c01cfaf449316f6d7 Error: (08/03/2014 06:00:33 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: toepassing , catalogus SystemIndex Details: Een apparaat dat op het systeem is aangesloten, werkt niet. (0x8007001f) C:\USERS\BEKKER\DOWNLOADS\NERDESIN_A_K_M_-_NETD.MP2T CodeIntegrity Errors: =================================== Date: 2014-08-09 15:07:22.766 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-09 15:07:22.207 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-09 15:07:21.633 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-09 15:07:20.874 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-09 01:53:25.388 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-09 01:53:25.021 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-09 01:53:24.664 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-09 01:53:24.335 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-09 01:53:23.260 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-09 01:53:22.943 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. ==================== Memory info =========================== Percentage of memory in use: 73% Total physical RAM: 3325.45 MB Available physical RAM: 892.5 MB Total Pagefile: 6843.88 MB Available Pagefile: 3415.16 MB Total Virtual: 2047.88 MB Available Virtual: 1903.22 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:35.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.2 GB) NTFS Drive m: (My Passport) (Fixed) (Total:465.73 GB) (Free:53.2 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 40000000) Partition 1: (Not Active) - (Size=55 MB) - (Type=DE) Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 0007526A) Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================

FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014 Ran by Bekker (administrator) on PC_VAN_BEKKER on 09-08-2014 15:03:04Running from C:\Users\Bekker\DownloadsPlatform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Nederlands (Nederland)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(AMD) C:\Windows\System32\atieclxx.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Windows\System32\rundll32.exe(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe(Spotify Ltd) C:\Users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Portrait Displays, Inc) C:\Program Files\Philips Display\SmartControl\dthtml.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe(Portrait Displays Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe() C:\Program Files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe(Microsoft Corporation) C:\Windows\System32\sdclt.exe(Microsoft Corporation) C:\Windows\System32\conime.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\cmd.exe(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [spotify Web Helper] => C:\Users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-25] (Spotify Ltd)BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - No FileDPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cabDPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.opentopia.com/support/activex/AxisCamControl.cabDPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cabDPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} http://www.virtuocity.eu/download/v223/virtuocity.cabDPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cabDPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5187/mcfscan.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No FileHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No FileHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 FireFox:========FF ProfilePath: C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464FF Homepage: igoogle.comFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No FileFF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @3dmapview.myvr-software.com/myvrnpapi,version=1.007 - C:\Users\Bekker\AppData\Local\myVRnpapi\npmyvr.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOggX.dll (ESKA)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll (CNN)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\bolcom-nl.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\marktplaats-nl.xmlFF Extension: No Name - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\staged [2014-08-06]FF Extension: DownloadHelper - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]FF Extension: Flash and Video Download - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}(104) [2013-04-11]FF Extension: Gmail Notifier (restartless) - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2013-04-06]FF Extension: NotAwesome - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\notawesome@sidstamm.com.xpi [2013-04-06]FF Extension: FastestFox - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\smarterwiki@wikiatic.com.xpi [2013-04-06]FF Extension: Turn Off the Lights - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\stefanvandamme@stefanvd.net.xpi [2013-10-13]FF Extension: Test Pilot - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\testpilot@labs.mozilla.com.xpi [2013-04-06]FF Extension: Troubleshooter - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\troubleshooter@mozilla.org.xpi [2013-04-06]FF Extension: Session Manager - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-04-06]FF Extension: AVG PrivacyFix - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2013-04-06]FF Extension: Adblock Plus - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-06]FF Extension: ParentalControl Bar - C:\Program Files\Mozilla Firefox\extensions\{B56F37F8-7023-4c2b-B27E-815594CA64E7} [2013-08-17]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-07]FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\FirefoxFF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-10-06]FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-02-08] Chrome: =======CHR HomePage: hxxp://www.netvibes.com/CHR StartupUrls: "hxxp://igoogle.com/"CHR Plugin: (Shockwave Flash) - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)CHR Plugin: (Ogg Player Gecko Plugin) - C:\Program Files\Mozilla Firefox\plugins\npOggX.dll (ESKA)CHR Plugin: (Turner Media Plugin 1.0.0.10) - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll (CNN)CHR Plugin: (thriXXX WebLaunch) - C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll No FileCHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No FileCHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No FileCHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Plugin: (myVR 3D Framework) - C:\Users\Bekker\AppData\Local\myVRnpapi\npmyvr.dll ()CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll No FileCHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll ()CHR Extension: (TooManyTabs for Chrome) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2012-04-03]CHR Extension: (Turn Off the Lights) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-10-13]CHR Extension: (YouTube) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-02]CHR Extension: (Chrome YouTube Downloader) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja [2014-06-07]CHR Extension: (Adblock Plus) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-14]CHR Extension: (Google Zoeken) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-03]CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2014-06-13]CHR Extension: (SiteAdvisor) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-09]CHR Extension: (Hola Beter Internet) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-06-13]CHR Extension: (Tate Art Slideshow) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgfbniacchiboaeoaoaejhggfepbbmkj [2011-09-25]CHR Extension: (Allow Right-Click) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2013-11-17]CHR Extension: (Google Maps) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-11-02]CHR Extension: (Into The Mist) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2013-12-22]CHR Extension: (Google Mail Checker) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-11-02]CHR Extension: (Google Play Books) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2011-09-25]CHR Extension: (Google Wallet) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]CHR Extension: (Gmail) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-27]CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-02-08]CHR StartMenuInternet: Google Chrome - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2008-05-29] (Adobe Systems) [File not signed]R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [137112 2012-09-18] (Portrait Displays, Inc.)R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed]R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed]S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-20] (Macrovision Europe Ltd.) [File not signed]R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-09-26] (Freemake) [File not signed]R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [117552 2012-04-16] (Portrait Displays, Inc.)S4 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]S4 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]S3 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed]S3 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]S3 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows ® Codename Longhorn DDK provider) [File not signed]R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]S3 hwdatacard; C:\Windows\System32\DRIVERS\hwusbmdm.sys [88960 2006-04-07] (Huawei Technologies Co., Ltd.)S3 LTXMD_VAC; C:\Windows\System32\drivers\lmvac.sys [18912 2008-06-30] (Windows ® Codename Longhorn DDK provider)R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.)S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)S3 PCAudi; C:\Windows\System32\drivers\pcaudi.sys [48640 2012-07-09] (Windows ® Win 7 DDK provider) [File not signed]R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [17328 2012-04-16] (Portrait Displays, Inc.)R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2013-03-19] (microOLAP Technologies LTD)R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [33052 2007-08-07] (PowerISO Computing, Inc.) [File not signed]R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-08-08] () [File not signed]S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)U3 aoqzpgyc; C:\Windows\system32\Drivers\aoqzpgyc.sys [0 ] (Microsoft Corporation)U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)S1 ASPI32; No ImagePathS0 bdwfx; System32\drivers\vfgj.sys [X]S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]S3 catchme; \??\C:\Users\Bekker\AppData\Local\Temp\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [X]U3 ay7c64jx; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-09 15:03 - 2014-08-09 15:05 - 00029331 _____ () C:\Users\Bekker\Downloads\FRST.txt2014-08-09 01:32 - 2014-08-09 01:33 - 02347384 _____ (ESET) C:\Users\Bekker\Downloads\esetsmartinstaller_enu (1).exe2014-08-09 00:23 - 2014-08-09 01:14 - 00000072 _____ () C:\Users\Bekker\Desktop\Nieuw tekstdocument.txt2014-08-06 22:16 - 2014-08-06 22:16 - 00019081 _____ () C:\ComboFix.txt2014-08-06 21:58 - 2014-08-06 22:16 - 00000000 ____D () C:\ComboFix2014-08-06 21:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe2014-08-06 21:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe2014-08-06 21:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-08-06 21:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-08-06 21:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-08-06 21:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe2014-08-06 21:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe2014-08-06 21:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe2014-08-06 21:55 - 2014-08-06 22:16 - 00000000 ____D () C:\Qoobox2014-08-06 21:54 - 2014-08-06 22:14 - 00000000 ____D () C:\Windows\erdnt2014-08-06 21:39 - 2014-08-06 21:39 - 05568206 ____R (Swearware) C:\Users\Bekker\Downloads\ComboFix.exe2014-08-06 19:35 - 2014-08-06 19:36 - 00143208 _____ () C:\Windows\Minidump\Mini080614-01.dmp2014-08-06 19:35 - 2014-08-06 19:35 - 283180701 _____ () C:\Windows\MEMORY.DMP2014-08-06 17:10 - 2014-08-09 15:03 - 00000000 ____D () C:\FRST2014-08-06 17:09 - 2014-08-06 17:10 - 01084928 _____ (Farbar) C:\Users\Bekker\Downloads\FRST.exe2014-08-04 18:07 - 2014-08-04 18:07 - 02319191 _____ () C:\Users\Bekker\Desktop\bookmarks04-08-2014.html2014-08-04 17:00 - 2014-08-04 17:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Bekker\Downloads\mbar-1.07.0.1012.exe2014-08-04 16:51 - 2014-08-04 16:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Bekker\Downloads\TDSSKiller.exe2014-08-04 16:45 - 2014-08-04 16:47 - 01361309 _____ () C:\Users\Bekker\Downloads\adwcleaner_3.302.exe2014-08-04 14:48 - 2014-08-04 14:48 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-04 14:47 - 2014-08-04 14:48 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-04 14:45 - 2014-08-04 14:45 - 04806744 _____ () C:\Users\Bekker\Downloads\RogueKiller.exe2014-08-04 14:04 - 2014-08-04 14:04 - 00035752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys2014-08-04 14:04 - 2014-08-04 14:04 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FixZeroAccess2014-08-03 21:50 - 2014-08-08 15:20 - 00005068 _____ () C:\Windows\PFRO.log2014-08-03 20:13 - 2014-08-03 20:16 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FlashStreamHunter2014-07-25 22:14 - 2014-07-25 22:15 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Equalify2014-07-25 22:04 - 2014-08-04 01:13 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Spotify2014-07-25 22:04 - 2014-08-01 17:57 - 00000000 ____D () C:\Users\Bekker\AppData\Local\Spotify2014-07-25 22:04 - 2014-07-25 22:04 - 00001718 _____ () C:\Users\Bekker\Desktop\Spotify.lnk2014-07-25 22:04 - 2014-07-25 22:04 - 00001704 _____ () C:\Users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2014-07-23 21:12 - 2014-07-26 00:27 - 00000000 ____D () C:\Users\Bekker\Desktop\23-07-20142014-07-20 18:12 - 2014-07-20 18:12 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\McAfee2014-07-20 18:08 - 2014-07-20 18:09 - 00541592 _____ (McAfee, Inc.) C:\Users\Bekker\Downloads\MVTInstaller.exe2014-07-20 17:15 - 2014-08-08 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-07-19 22:21 - 2014-07-19 22:21 - 00000830 _____ () C:\Users\Public\Desktop\PDFCreator.lnk2014-07-19 22:21 - 2014-07-19 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator2014-07-19 22:21 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\MSMAPI32.OCX2014-07-19 22:20 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL2014-07-19 21:46 - 2014-07-19 21:45 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-07-19 21:45 - 2014-07-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-16 17:53 - 2014-07-16 17:55 - 29420456 _____ (Oracle Corporation) C:\Users\Bekker\Downloads\jre-7u65-windows-i586.exe2014-07-16 17:52 - 2014-07-19 21:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2014-07-10 10:16 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-10 10:16 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-10 10:16 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-10 10:16 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-10 10:16 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-10 10:16 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-10 10:16 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-10 10:16 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-07-10 10:16 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-10 10:16 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-07-10 10:16 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-07-10 10:16 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-07-10 10:16 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-10 10:16 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-10 10:16 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-10 10:16 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-07-10 10:16 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-10 10:16 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-10 10:16 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-07-10 10:16 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-10 10:16 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-07-10 10:16 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-10 10:16 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-10 10:16 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-09 15:05 - 2014-08-09 15:03 - 00029331 _____ () C:\Users\Bekker\Downloads\FRST.txt2014-08-09 15:03 - 2014-08-06 17:10 - 00000000 ____D () C:\FRST2014-08-09 14:54 - 2014-06-20 17:49 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526.job2014-08-09 14:47 - 2014-05-09 14:34 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a.job2014-08-09 14:22 - 2012-05-09 16:10 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-08-09 13:21 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-08-09 13:21 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-08-09 12:07 - 2010-03-01 21:10 - 01073765 _____ () C:\Windows\WindowsUpdate.log2014-08-09 01:33 - 2014-08-09 01:32 - 02347384 _____ (ESET) C:\Users\Bekker\Downloads\esetsmartinstaller_enu (1).exe2014-08-09 01:33 - 2014-06-28 14:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-09 01:14 - 2014-08-09 00:23 - 00000072 _____ () C:\Users\Bekker\Desktop\Nieuw tekstdocument.txt2014-08-08 23:47 - 2013-05-19 16:48 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415.job2014-08-08 22:32 - 2014-07-20 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-08-08 22:32 - 2014-02-08 19:11 - 00001709 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk2014-08-08 17:54 - 2011-09-25 01:05 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core.job2014-08-08 15:55 - 2014-07-07 16:14 - 00000000 ____D () C:\ProgramData\MCShield2014-08-08 15:24 - 2012-09-28 22:52 - 00001609 _____ () C:\Users\Bekker\Desktop\SmartControl.lnk2014-08-08 15:20 - 2014-08-03 21:50 - 00005068 _____ () C:\Windows\PFRO.log2014-08-08 15:20 - 2014-03-21 23:12 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 22014-08-08 15:20 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-06 22:41 - 2007-12-06 01:40 - 00000012 _____ () C:\Windows\bthservsdp.dat2014-08-06 22:41 - 2006-11-02 15:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-08-06 22:16 - 2014-08-06 22:16 - 00019081 _____ () C:\ComboFix.txt2014-08-06 22:16 - 2014-08-06 21:58 - 00000000 ____D () C:\ComboFix2014-08-06 22:16 - 2014-08-06 21:55 - 00000000 ____D () C:\Qoobox2014-08-06 22:16 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default2014-08-06 22:16 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public2014-08-06 22:14 - 2014-08-06 21:54 - 00000000 ____D () C:\Windows\erdnt2014-08-06 22:12 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini2014-08-06 21:58 - 2008-02-27 12:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-08-06 21:39 - 2014-08-06 21:39 - 05568206 ____R (Swearware) C:\Users\Bekker\Downloads\ComboFix.exe2014-08-06 19:36 - 2014-08-06 19:35 - 00143208 _____ () C:\Windows\Minidump\Mini080614-01.dmp2014-08-06 19:35 - 2014-08-06 19:35 - 283180701 _____ () C:\Windows\MEMORY.DMP2014-08-06 19:35 - 2008-06-29 01:30 - 00000000 ____D () C:\Windows\Minidump2014-08-06 17:10 - 2014-08-06 17:09 - 01084928 _____ (Farbar) C:\Users\Bekker\Downloads\FRST.exe2014-08-04 18:13 - 2012-03-18 15:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2014-08-04 18:10 - 2014-03-15 18:25 - 00000000 ____D () C:\AdwCleaner2014-08-04 18:07 - 2014-08-04 18:07 - 02319191 _____ () C:\Users\Bekker\Desktop\bookmarks04-08-2014.html2014-08-04 18:01 - 2014-03-16 18:14 - 00000000 ____D () C:\Users\Bekker\Desktop\mbar2014-08-04 18:01 - 2014-03-15 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-08-04 17:03 - 2014-06-28 14:23 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-04 17:01 - 2014-08-04 17:00 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Bekker\Downloads\mbar-1.07.0.1012.exe2014-08-04 16:51 - 2014-08-04 16:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Bekker\Downloads\TDSSKiller.exe2014-08-04 16:47 - 2014-08-04 16:45 - 01361309 _____ () C:\Users\Bekker\Downloads\adwcleaner_3.302.exe2014-08-04 14:48 - 2014-08-04 14:48 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-04 14:48 - 2014-08-04 14:47 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-04 14:45 - 2014-08-04 14:45 - 04806744 _____ () C:\Users\Bekker\Downloads\RogueKiller.exe2014-08-04 14:37 - 2013-08-17 18:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-08-04 14:04 - 2014-08-04 14:04 - 00035752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys2014-08-04 14:04 - 2014-08-04 14:04 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FixZeroAccess2014-08-04 01:13 - 2014-07-25 22:04 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Spotify2014-08-03 21:28 - 2011-08-31 20:06 - 00000000 ____D () C:\Program Files\PDFCreator2014-08-03 21:27 - 2013-04-15 20:15 - 00000000 ____D () C:\Users\Bekker\dwhelper2014-08-03 21:17 - 2010-11-06 18:58 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-08-03 21:17 - 2007-12-27 23:34 - 00000000 ____D () C:\Program Files\CCleaner2014-08-03 20:36 - 2014-01-24 21:02 - 00000000 ____D () C:\Program Files\rtmpdump-2.42014-08-03 20:16 - 2014-08-03 20:13 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FlashStreamHunter2014-08-01 17:57 - 2014-07-25 22:04 - 00000000 ____D () C:\Users\Bekker\AppData\Local\Spotify2014-08-01 17:32 - 2014-03-29 23:13 - 00000000 ____D () C:\Users\Bekker\Documents\MassTube2014-07-28 16:08 - 2007-12-19 16:47 - 00002611 _____ () C:\Users\Bekker\Desktop\Microsoft Word.lnk2014-07-27 17:05 - 2010-02-08 22:52 - 00000000 ____D () C:\Program Files\Common Files\McAfee2014-07-26 00:27 - 2014-07-23 21:12 - 00000000 ____D () C:\Users\Bekker\Desktop\23-07-20142014-07-25 22:15 - 2014-07-25 22:14 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Equalify2014-07-25 22:04 - 2014-07-25 22:04 - 00001718 _____ () C:\Users\Bekker\Desktop\Spotify.lnk2014-07-25 22:04 - 2014-07-25 22:04 - 00001704 _____ () C:\Users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2014-07-25 21:04 - 2008-01-20 22:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-23 21:48 - 2010-06-04 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-21 16:56 - 2011-05-20 20:40 - 00135680 _____ () C:\Users\Bekker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-07-20 18:12 - 2014-07-20 18:12 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\McAfee2014-07-20 18:10 - 2010-02-08 22:52 - 00000000 ____D () C:\Program Files\McAfee2014-07-20 18:10 - 2007-12-06 01:48 - 00000000 ____D () C:\ProgramData\McAfee2014-07-20 18:09 - 2014-07-20 18:08 - 00541592 _____ (McAfee, Inc.) C:\Users\Bekker\Downloads\MVTInstaller.exe2014-07-20 18:07 - 2011-09-25 01:06 - 00002069 _____ () C:\Users\Bekker\Desktop\Google Chrome.lnk2014-07-19 22:21 - 2014-07-19 22:21 - 00000830 _____ () C:\Users\Public\Desktop\PDFCreator.lnk2014-07-19 22:21 - 2014-07-19 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator2014-07-19 21:47 - 2013-10-06 22:08 - 00000000 ____D () C:\ProgramData\Oracle2014-07-19 21:45 - 2014-07-19 21:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-07-19 21:45 - 2014-07-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-19 21:45 - 2014-07-16 17:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2014-07-19 14:56 - 2013-04-06 19:03 - 00001912 _____ () C:\Windows\epplauncher.mif2014-07-16 17:55 - 2014-07-16 17:53 - 29420456 _____ (Oracle Corporation) C:\Users\Bekker\Downloads\jre-7u65-windows-i586.exe2014-07-16 17:52 - 2007-12-06 01:41 - 00000000 ____D () C:\Program Files\Java2014-07-13 17:55 - 2010-11-06 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-13 17:55 - 2007-12-27 23:34 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-11 10:26 - 2013-01-20 15:32 - 00000236 _____ () C:\Users\Bekker\datacrow.properties2014-07-10 18:23 - 2006-11-02 14:47 - 04021816 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-10 18:21 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 11:44 - 2013-08-15 23:52 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 11:40 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-09 03:29 ==================== End Of Log ============================

The ESET log file: ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=76f565039610c144ab18f23069462042 # engine=19572 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-08-09 04:58:18 # local_time=2014-08-09 06:58:18 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware' # compatibility_mode=5123 16777214 100 100 1014034 93978914 0 0 # compatibility_mode_1='' # compatibility_mode=5892 16776573 100 100 55521 245093026 0 0 # scanned=465344 # found=2 # cleaned=0 # scan_time=16085 sh=F90B3223684DEAAE59E0D371CCA318834695FEBE ft=1 fh=e2bb850c8e277c01 vn="a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application" ac=I fn="C:\Program Files\SIW\siw.exe" sh=38AC47BDF9BAE0169E707BBF8855088CF3E25C77 ft=1 fh=63abf06912167df6 vn="a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application" ac=I fn="C:\Users\Bekker\Downloads\siw.exe"

The mbam log file: Malwarebytes Anti-Malwarewww.malwarebytes.org Scandatum: 8-8-2014Scantijd: 16:03:44Logbestand: mbam-log-2014-08-08.txtBeheerder: Ja Versie: 2.00.2.1012Malwaredatabase: v2014.08.08.02Rootkitdatabase: v2014.08.04.01Licentie: GratisMalwarebescherming: UitgeschakeldKwaadaardige Website Bescherming: UitgeschakeldSelf-protection: Uitgeschakeld Besturingssysteem: Windows Vista Service Pack 2Processor: x86Bestandssysteem: NTFSGebruiker: Bekker Scantype: BedreigingsscanResultaat: VoltooidObjecten Gescand: 424943Verstreken Tijd: 25 m, 15 s Geheugen: IngeschakeldOpstarten: IngeschakeldBestandssysteem: IngeschakeldArchieven: IngeschakeldRootkits: IngeschakeldDiepgewortelde-Rootkit Scan: IngeschakeldHeuristics: IngeschakeldPOP: WaarschuwenPOA: Ingeschakeld Processen: 0(No malicious items detected) Modules: 0(No malicious items detected) Registersleutels: 0(No malicious items detected) Registerwaardes: 0(No malicious items detected) Registerdata: 0(No malicious items detected) Mappen: 0(No malicious items detected) Bestanden: 0(No malicious items detected) Fysieke Sectoren: 0(No malicious items detected) (end) Eset and the others will follow later.

log file Combofix: ComboFix 14-08-06.02 - Bekker 06-08-2014 22:01:45.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3325.1852 [GMT 2:00]Gestart vanuit: c:\users\Bekker\Downloads\ComboFix.exeAV: McAfee Antivirus en antispyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}SP: McAfee Antivirus en antispyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))..C:\sleep.exec:\users\Bekker\AppData\Local\assembly\tmpc:\users\Bekker\AppData\Roaming\.#c:\users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.urlc:\users\Bekker\Documents\~WRL0005.tmpc:\users\Bekker\Documents\~WRL1380.tmpc:\users\Bekker\Documents\~WRL1637.tmpc:\users\Bekker\Documents\~WRL2569.tmpc:\users\Bekker\Favorites\bookmarks.htmlc:\windows\system32\drivers\etc\hosts.txtc:\windows\system32\windrv.sysc:\windows\wininit.iniM:\install.exe..(((((((((((((((((((( Bestanden Gemaakt van 2014-07-06 to 2014-08-06 ))))))))))))))))))))))))))))))..2014-08-06 20:12 . 2014-08-06 20:12 -------- d-----w- c:\users\Bekker\AppData\Local\temp2014-08-06 15:10 . 2014-08-06 18:21 -------- d-----w- C:\FRST2014-08-06 14:46 . 2014-07-14 02:12 8217224 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05E03334-C2E6-40A3-A60F-E9384A294BE4}\mpengine.dll2014-08-04 16:12 . 2014-08-04 16:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps2014-08-04 12:48 . 2014-08-04 12:48 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys2014-08-04 12:47 . 2014-08-04 12:48 -------- d-----w- c:\programdata\RogueKiller2014-08-04 12:04 . 2014-08-04 12:04 -------- d-----w- c:\users\Bekker\AppData\Roaming\FixZeroAccess2014-08-04 12:04 . 2014-08-04 12:04 35752 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys2014-07-25 20:14 . 2014-07-25 20:15 -------- d-----w- c:\users\Bekker\AppData\Roaming\Equalify2014-07-25 20:04 . 2014-08-01 15:57 -------- d-----w- c:\users\Bekker\AppData\Local\Spotify2014-07-25 20:04 . 2014-08-03 23:13 -------- d-----w- c:\users\Bekker\AppData\Roaming\Spotify2014-07-20 16:12 . 2014-07-20 16:12 -------- d-----w- c:\users\Bekker\AppData\Roaming\McAfee2014-07-19 20:21 . 2014-04-25 15:44 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX2014-07-19 20:20 . 2014-04-25 15:44 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL2014-07-16 15:52 . 2014-07-19 19:45 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-08-04 15:07 . 2014-06-28 12:28 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-08-04 15:03 . 2014-06-28 12:23 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-07-09 07:22 . 2012-05-09 14:10 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-07-09 07:22 . 2012-05-09 14:10 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-06-20 09:21 . 2014-02-08 17:09 62832 ----a-w- c:\windows\system32\drivers\cfwids.sys2014-06-20 09:13 . 2012-05-03 08:27 217224 ----a-w- c:\windows\system32\drivers\mfewfpk.sys2014-06-20 09:13 . 2011-03-17 08:39 179600 ----a-w- c:\windows\system32\mfevtps.exe2014-06-20 09:07 . 2007-12-16 19:19 576048 ----a-w- c:\windows\system32\drivers\mfehidk.sys2014-06-20 09:05 . 2014-06-20 09:05 369248 ----a-w- c:\windows\system32\drivers\mfefirek.sys2014-06-20 09:04 . 2014-02-08 17:09 67816 ----a-w- c:\windows\system32\drivers\mfebopk.sys2014-06-20 09:03 . 2014-02-08 17:09 238176 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2014-06-20 09:02 . 2011-03-17 08:39 135968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2014-06-18 01:11 . 2014-06-18 01:11 10600 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys2014-06-18 01:10 . 2014-06-18 01:10 81296 ----a-w- c:\windows\system32\drivers\mfencrk.sys2014-06-18 01:10 . 2014-06-18 01:10 349192 ----a-w- c:\windows\system32\drivers\mfencbdc.sys2014-05-12 05:26 . 2014-06-28 12:23 51928 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-12 05:25 . 2014-06-28 12:23 23256 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2014-05-23 466656]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2014-04-11 650816]"Spotify Web Helper"="c:\users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-25 1178168].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2012-09-18 120728]"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnkbackup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^Users^Bekker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]backup=c:\windows\pss\Adobe Gamma.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^Bekker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk]backup=c:\windows\pss\Need for Speed™ Undercover Registration.lnk.StartupbackupExtension=.StartupHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]2012-04-04 05:09 446392 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]2012-03-09 15:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberGhost]2014-01-16 16:03 358000 ----a-w- c:\program files\CyberGhost 5\CyberGhost.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]2013-12-23 04:16 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]2013-11-15 00:48 1861968 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]2013-08-12 11:39 7292416 ----a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]2013-08-12 11:39 7292416 ----a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2011-09-24 23:05 136176 ----atw- c:\users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]2006-10-03 11:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]2009-10-14 11:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]2011-06-16 05:55 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]2008-04-01 01:54 507904 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]2010-05-13 15:34 110192 ----a-w- c:\program files\Portrait Displays\Pivot Pro Plugin\pivot_Startup.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]2014-07-25 20:04 6162488 ----a-w- c:\users\Bekker\AppData\Roaming\Spotify\spotify.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]2014-07-25 20:04 1178168 ----a-w- c:\users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]2006-11-10 12:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]2012-10-07 13:15 1353080 ----a-w- c:\program files\Steam\Steam.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe.[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"Google Update"="c:\users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe" /c"SansaDispatch"=c:\users\Bekker\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe"EPSON SX420W Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "c:\windows\TEMP\E_S4E40.tmp" /EF "HKCU""EPSON2E7622 (Epson Stylus SX420W)"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "c:\windows\TEMP\E_S60D6.tmp" /EF "HKCU".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe""Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe""DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001.S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bthsvcs REG_MULTI_SZ BthServWindowsMobile REG_MULTI_SZ wcescomm rapimgrLocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgrLocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.Inhoud van de 'Gedeelde Taken' map.2014-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 07:22].2014-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 07:57].2014-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 07:57].2014-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core.job- c:\users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 23:05].2014-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526.job- c:\users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 23:05]..------- Bijkomende Scan -------.uStart Page = hxxp://igoogle.com/uInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Free YouTube Download - c:\users\Bekker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htmTrusted Zone: dell.comTCP: DhcpNameServer = 192.168.2.254DPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} - hxxp://www.virtuocity.eu/download/v223/virtuocity.cabFF - ProfilePath - c:\users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\FF - prefs.js: browser.startup.homepage - igoogle.com.- - - - ORPHANS VERWIJDERD - - - -.HKCU-Run-DriverMax_RESTART - (no file)SafeBoot-WudfPfSafeBoot-WudfRdMSConfigStartUp-Adobe_ID0EYTHM - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXEMSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exeMSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exeAddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exeAddRemove-Streamripper - c:\program files\Streamripper\Uninstall.exeAddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Bekker\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-08-06 22:12Windows 6.0.6002 Service Pack 2 NTFS.scannen van verborgen processen ... .scannen van verborgen autostart items ... .scannen van verborgen bestanden ... .Scan succesvol afgerondverborgen bestanden: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020200}_0]"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms".--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Voltooingstijd: 2014-08-06 22:16:39ComboFix-quarantined-files.txt 2014-08-06 20:16.Pre-Run: 40.982.188.032 bytes beschikbaarPost-Run: 41.330.077.696 bytes beschikbaar.- - End Of File - - 13D8FA102E99E2DB8DA7E68D43E225A35C616939100B85E558DA92B899A0FC36

Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x86) Version:5-08-2014Ran by Bekker at 2014-08-06 20:01:05Running from C:\Users\Bekker\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Antivirus en antispyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}AS: McAfee Antivirus en antispyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Sansa Media Converter (HKLM\...\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}) (Version: 1.0-B4.256 - )3D Sound Back Beta0.1 (HKLM\...\{39DB116F-E088-486F-B13C-8925ECE7A6E5}) (Version: 0.1 - Realtek Semiconductor Corp.)7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )Aan de slag met Dell (HKLM\...\{2C086D06-187A-4050-ADD4-2F9D033651B4}) (Version: 1.00.0000 - Dell Inc.)AChat 1.12 (HKLM\...\AChat_is1) (Version: - AChat Animation Studios)Adobe Creative Suite 6 Master Collection (HKLM\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) HiddenAdobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) HiddenAdobe Reader X (10.1.10) - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - )Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)Adobe Widget Browser (Version: 2.0.348 - Adobe Systems Incorporated.) HiddenAmazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Astrospiegel Win (HKLM\...\ST5UNST #1) (Version: - )ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )ATI Catalyst Install Manager (HKLM\...\{5968F27A-66E6-171E-5311-0A74D74AAD9B}) (Version: 3.0.812.0 - ATI Technologies, Inc.)Audacity 1.3.5 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)Avi2Dvd 0.4.5 beta (HKLM\...\Avi2Dvd) (Version: 0.4.5 beta - TrustFm)AviSynth 2.5 (HKLM\...\AviSynth) (Version: - )bl (Version: 1.0.0 - Your Company Name) HiddenBrowser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)BSC Cleanitol TM (HKCU\...\BSC Cleanitol TM) (Version: - )Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 3.1.0.22 - )Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.0.0.8 - )Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.0.1.16 - )Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.1.15 - )Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - )Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.0.0.5 - )Canon Utilities RAW Image Converter (HKLM\...\Canon Utilities RAW Image Converter) (Version: - )Canon Utilities RemoteCapture 1.4 (HKLM\...\RemoteCapture) (Version: - )Canon Utilities RemoteCapture DC (HKLM\...\RemoteCaptureDC) (Version: 3.0.1.8 - )Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - )Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - )Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Core Implementation (Version: 2007.1220.2143.38732 - ATI) HiddenCatalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Full Existing (Version: 2007.1220.2143.38732 - ATI) HiddenCatalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Full New (Version: 2007.1220.2143.38732 - ATI) HiddenCatalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Light (Version: 2007.1220.2143.38732 - ATI) HiddenCatalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Previews Common (Version: 2007.1220.2143.38732 - ATI) HiddenCatalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Previews Vista (Version: 2007.1220.2143.38732 - ATI) HiddenCatalyst Control Center InstallProxy (Version: 2011.0126.1749.31909 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) HiddenCCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help English (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help French (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help German (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Italian (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Korean (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Polish (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Thai (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hiddenccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hiddenccc-core-static (Version: 2007.1220.2143.38732 - Uw bedrijfsnaam) Hiddenccc-utility (Version: 2007.0731.2234.38497 - ATI) Hiddenccc-utility (Version: 2007.1220.2143.38732 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)Coca-Cola Zero Screen Saver (HKLM\...\Coca-Cola Zero) (Version: - )Compatibiliteitspakket voor het 2007 Microsoft Office system (HKLM\...\{90120000-0020-0413-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)CPUID HWMonitor 1.15 (HKLM\...\CPUID HWMonitor_is1) (Version: - )Creevity Mp3 Cover Downloader (HKLM\...\Mp3 Cover Downloader_is1) (Version: 1.4.0 - Diego Alicata)CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version: - CyberGhost S.R.L.)D3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.125 - PC-Doctor, Inc.)Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 4.0.5.6 - Dell)DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)DriverMax 7 (HKLM\...\DMX5_is1) (Version: 7.16.0.120 - Innovative Solutions)Empire: Total War Demo (HKLM\...\Steam App 10620) (Version: - The Creative Assembly)EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version: - SEIKO EPSON Corporation)Equalify v2.5.3 (Stable) (HKLM\...\{33EC4F70-9F4B-406F-BB2A-F75A285E927D}) (Version: 2.5.3.0 - Equalify)ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version: - )Express Burn (HKLM\...\ExpressBurn) (Version: - NCH Software)Express Rip (HKLM\...\ExpressRip) (Version: - NCH Swift Sound)FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )Folder Lock (HKCU\...\FolderLock6) (Version: - New Sofware.net Inc.)Free WebM to AVI Converter 1.0 (HKLM\...\{38B50CEC-C683-404D-BAD7-48CBCBFF981B}_is1) (Version: - PolySoft Solutions)Free YouTube Download version 3.0.18.1123 (HKLM\...\Free YouTube Download_is1) (Version: - DVDVideoSoft Ltd.)Freemake Video Converter versie 4.0.4 (HKLM\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)gmax (HKLM\...\{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}) (Version: 4.4.0.125 - Discreet)GOM Audio (HKLM\...\GomAudio) (Version: 2.0.5.0138 - Gretech Corporation)GOM Player (HKLM\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)Google SketchUp 6 (HKLM\...\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}) (Version: 6.0.01313 - Google)Google SketchUp 6 (Version: 6.4.112 - Google) HiddenGoogle Update Helper (Version: 1.3.24.15 - Google Inc.) HiddenGoogle Video Uploader (HKLM\...\Google Video Uploader) (Version: - )ImagXpress (Version: 7.0.74.0 - Nero AG) HiddenIntel® PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)Intel® PRO Network Connections 12.1.11.0 (Version: - Intel) HiddenJava 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) HiddenJetcast 1.1.1 (HKLM\...\Jetcast) (Version: 1.1.1 - )JPGAvi 1.07.0.68 (HKLM\...\JPGAvi_is1) (Version: - NDW Ltd)Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLockHunter 2.0 beta 2, 32 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich, Ltd)Logitech Legacy USB Camera-stuurprogrammapakket (HKLM\...\legacyqcam_10.51) (Version: 10.51.2023 - )Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)Logitech Webcam Software-stuurprogrammapakket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)MassTube 12.0.0.280 Beta 9 (HKLM\...\{622A0A32-9711-43D3-A6F1-B0FC78F1A68A}_is1) (Version: 12.0.0.280 Beta 9 - Havy Alegria)McAfee AntiVirus Plus (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)Microsoft .NET Framework 3.5 Language Pack SP1 - nld (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (NLD) (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)Microsoft Office 2000 Professional (HKLM\...\{00010413-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works (HKLM\...\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}) (Version: 08.05.0822 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) HiddenMixVibes STANDARD 6 uninstall (HKLM\...\MixVibes.exe) (Version: - )Mozilla Firefox 31.0 (x86 nl) (HKLM\...\Mozilla Firefox 31.0 (x86 nl)) (Version: 31.0 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version: - )MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MyFonts Order M1384822 (HKLM\...\{F564454D-DEBE-0CCE-93C3-FD8DEB975100}) (Version: 1.0 - MyFonts.com, Inc.)MyFonts Order M1491040 (HKLM\...\{3DB2C412-5A5C-157D-C753-FF762B37710C}) (Version: 1.0 - MyFonts.com, Inc.)Nero 9 (HKLM\...\{654844a8-3c8b-4bb7-a858-eaa223f36d5f}) (Version: - Nero AG)Nero Installer (Version: 2.0.0.1 - Nero AG) Hiddenneroxml (Version: 1.0.0 - Nero AG) HiddenNokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )Ogg Codecs 0.81.15562 (HKLM\...\Ogg Codecs) (Version: 0.81.15562 - Xiph.Org)Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}) (Version: 3.36.0 - dotPDN LLC)Pazera Free MP4 to AVI Converter 1.6 (HKLM\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) HiddenPDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)ph (Version: 1.0.0 - Your Company Name) HiddenPicasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)Pivot Pro Plugin (Version: 9.50.110 - Portrait Displays, Inc.) HiddenPowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )PowerISO (HKLM\...\PowerISO) (Version: - )Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)SDK (Version: 2.31.009 - Portrait Displays, Inc.) HiddenSegoe UI (Version: 15.4.2271.0615 - Microsoft Corp) HiddenSequoiaView (HKLM\...\SequoiaView) (Version: - )Serif DrawPlus 4.0 (HKLM\...\SerifDrawPlus40) (Version: - )Sesam Kart 3D NPAPI Viewer (HKCU\...\myVRnpapi) (Version: - )Shared C Run-time for x86 (Version: 10.0.0 - McAfee) HiddenSimCity 4 Rush Hour (HKLM\...\{01339AE5-04D4-43F8-008E-13AD788DC4F7}) (Version: - )SIW version 2011.10.29 (HKLM\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)Skins (Version: 2007.0731.2234.38497 - ATI) HiddenSkins (Version: 2007.1220.2143.38732 - ATI) HiddenSkype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)SmartControl (HKLM\...\{F4EF231A-7218-41B1-AB84-F5B48B74C50A}) (Version: 2.20.026 - Portrait Displays, Inc.)Sonic Activation Module (Version: 1.0 - Sonic Solutions) HiddenSony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.9.201308081522 - Sony Ericsson Communications AB)Sony Mobile Update Service (HKLM\...\Update Service) (Version: 2.13.5.201304180917 - Sony Mobile Communications AB)Sony PC Companion 2.10.211 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)SubSync (HKLM\...\ST6UNST #1) (Version: - )SWF to MP3 Converter 2.3 build 149 (HKLM\...\SWF to MP3 Converter) (Version: 2.3 build 149 - Hoo Technologies)Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - nld) (Version: - Microsoft Corporation)TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )TBS WMP Plug-in (HKLM\...\InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}) (Version: 1.00.676 - CNN)TBS WMP Plug-in (Version: 1.00.676 - CNN) HiddenTrueCrypt (HKLM\...\TrueCrypt) (Version: 7.0 - TrueCrypt Foundation)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update voor het stuurprogramma voor Windows Mobile Apparaatcentrum (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )V710 PC Assistant V1.4.2 (HKLM\...\V710 PC Assistant_is1) (Version: - MobTime, Inc.)VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) HiddenVirtuoCity (HKCU\...\VirtuoCity) (Version: - )Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) HiddenVisual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)WD SmartWare (HKLM\...\{98D451C4-4ACA-4273-BB47-57CFE46B048E}) (Version: 1.4.1.1 - Western Digital)Winamp (HKLM\...\Winamp) (Version: 5.56 - Nullsoft, Inc)Winamp Remote (HKLM\...\Orb) (Version: 2.2008.0508.1530 - Orb Networks)Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)Windows Media Tools 4.0 (HKLM\...\Microsoft NetShow Tools 2.0) (Version: - )Windows Mobile Apparaatcentrum (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)WinRAR (HKLM\...\WinRAR archiver) (Version: - )Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\actxprxy.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}\InprocServer32 -> K:\.\player\WMMP.EXE No FileCustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}\InprocServer32 -> K:\.\player\WMMP.EXE No FileCustomCLSID: HKU\S-1-5-21-2418620012-3055082709-3329518089-1000_Classes\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}\InprocServer32 -> K:\.\player\WMMP.EXE No File ==================== Restore Points ========================= 16-07-2014 15:49:14 Installed Java 7 Update 6516-07-2014 15:59:59 Windows Update18-07-2014 15:13:25 Gepland herstelpunt19-07-2014 12:17:33 Gepland herstelpunt19-07-2014 19:43:05 Installed Java 7 Update 6520-07-2014 18:18:05 Gepland herstelpunt23-07-2014 18:52:27 Windows Update23-07-2014 19:46:47 Windows Update25-07-2014 20:12:27 Installed Equalify v2.5.3 (Stable)30-07-2014 10:16:49 Windows Update02-08-2014 08:19:32 Gepland herstelpunt03-08-2014 13:19:51 Gepland herstelpunt06-08-2014 14:45:41 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 12:23 - 2009-09-06 14:07 - 00328618 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.100888290cs.com127.0.0.1 100888290cs.com127.0.0.1 www.10sek.com127.0.0.1 10sek.com127.0.0.1 www.123topsearch.com127.0.0.1 123topsearch.com127.0.0.1 www.132.com127.0.0.1 132.com127.0.0.1 www.136136.net127.0.0.1 136136.net127.0.0.1 www.163ns.com127.0.0.1 163ns.com127.0.0.1 171203.com127.0.0.1 17-plus.com127.0.0.1 www.1800searchonline.com127.0.0.1 1800searchonline.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {147C35EA-FC79-4C74-9908-4394F1FEB45B} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.)Task: {17133D10-2AC8-4093-B5A7-A5FBBC1BA5F2} - System32\Tasks\DivX-online actualiseringsprogramma => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-11-15] ()Task: {17F082FB-956D-4678-AF53-EE970A356922} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {1D47FE82-697D-4B68-9DE4-FE9C090CEE50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526 => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)Task: {2867449F-C1D9-45CF-826E-FEE0BC420EC9} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-11] (Oracle Corporation)Task: {3AF30E58-AAB7-4A97-920E-C2C9A0279ECE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)Task: {5A63FCA9-185F-4681-A2B6-CFFD0DC57E8A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf6c48c3d25d74 => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)Task: {623EDFA3-94E1-43ED-82D4-340131132BC4} - System32\Tasks\wp_update => C:\Users\Bekker\AppData\Roaming\~wbnvowq.exeTask: {64A18718-BFED-4DDE-A98E-C1C0130D34D5} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exeTask: {6FF950BE-C9FF-4A94-97C7-5B40B6ACFCDB} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {83717B20-5ABA-4326-AE8E-5F206DCC8A82} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exeTask: {86C6E958-311D-493D-8EE9-79E939387ACD} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exeTask: {8737E8BC-AF39-460C-A6EB-A5623D7835D6} - System32\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415 => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.)Task: {89AC14E7-990A-404A-B3C8-BE5629A62FC9} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2013-02-05] (PC-Doctor, Inc.)Task: {B5E986A1-B887-4EC8-A184-148697B9F08C} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTIONTask: {C8CDD8AF-9485-484E-A931-6E3DA20F712F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)Task: {CA50539E-FD11-4FD9-80FD-01CAEF36DB50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)Task: {CD372113-9F36-4350-BDE0-3150E864A2A5} - System32\Tasks\Google Updater and Installer => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25] (Google Inc.)Task: {CDB63164-2991-40A7-9A54-8EAFA6457CBD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {D83F4E57-0ED2-4ACD-87D0-C7111DAADF66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.)Task: {DE3AA403-7208-4DC1-8EEF-6346E31F57BE} - System32\Tasks\Sansa Dispatch => C:\Users\Bekker\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2012-08-04] (SanDisk Corporation)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()Task: {E57652C0-7046-46AA-9A4F-08F551BEA136} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {EB06F4CC-E6D8-46E2-8E68-C7154EC463CD} - System32\Tasks\Adobe-online actualiseringsprogramma => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core.job => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526.job => C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe ==================== Loaded Modules (whitelisted) ============= 2010-08-06 17:48 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll2012-09-28 22:22 - 2012-09-18 14:19 - 00243608 _____ () C:\Program Files\Common Files\Portrait Displays\Shared\dthook.dll2011-01-27 00:11 - 2011-01-27 00:11 - 00023040 _____ () C:\Windows\system32\atitmpxx.dll2014-03-21 23:13 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll2014-03-21 23:13 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl2014-03-21 23:13 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl2014-03-21 23:13 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl2014-03-21 23:13 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll2013-02-11 21:11 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll2013-02-11 21:10 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll2013-04-22 13:40 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll2013-05-14 09:38 - 2013-05-14 09:38 - 00607744 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll2013-02-11 21:10 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe2007-12-13 13:35 - 2006-09-14 01:20 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll2014-07-20 18:07 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll2014-07-20 18:07 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll2014-07-20 18:06 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll1999-02-01 21:10 - 1999-02-01 21:10 - 00057403 _____ () C:\Program Files\Microsoft Office\Office\BLNMGRPS.DLL1999-02-02 00:39 - 1999-02-02 00:39 - 00073785 _____ () C:\Program Files\Microsoft Office\Office\BLNMGR.DLL2014-07-20 18:07 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll2003-08-19 09:20 - 2003-08-19 09:20 - 00180224 _____ () C:\Program Files\Avi2Dvd\Programs\Filters\ac3filter.ax ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:88050731AlternateDataStreams: C:\ProgramData\TEMP:C39E55C5AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2AlternateDataStreams: C:\Users\Annemieke\Desktop\modem:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Downloads\00030.mp4:TOC.WMVAlternateDataStreams: C:\Users\Bekker\Downloads\00031.mp4:TOC.WMVAlternateDataStreams: C:\Users\Bekker\Downloads\6307628.jpg:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Downloads\Hillbilly Bears (Dutch).mp4:TOC.WMVAlternateDataStreams: C:\Users\Bekker\Downloads\Netherworld - Paris Catacombs (720p).mp4:TOC.WMVAlternateDataStreams: C:\Users\Bekker\Documents\Adobe:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\adobe bestanden:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Adobe Scripts:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Downloaded Installations:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Downloads:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\GomPlayer:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Mijn ontvangen bestanden:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Remote Assistance Logs:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Shareaza Downloads:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\SimCity 4:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\torrents:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\Version Cue:Roxio EMC StreamAlternateDataStreams: C:\Users\Bekker\Documents\werk peter:Roxio EMC Stream ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Adobe Version Cue CS3 => 3MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: TuneUp.UtilitiesSvc => 2MSCONFIG\Services: YahooAUService => 2MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartupMSCONFIG\startupfolder: C:^Users^Bekker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.StartupMSCONFIG\startupfolder: C:^Users^Bekker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Need for Speed™ Undercover Registration.lnk => C:\Windows\pss\Need for Speed™ Undercover Registration.lnk.StartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginMSCONFIG\startupreg: Adobe_ID0EYTHM => C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXEMSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart /minMSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorunMSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exeMSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOWMSCONFIG\startupreg: DriverMax => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agentMSCONFIG\startupreg: DriverMax_RESTART => "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTARTMSCONFIG\startupreg: Google Update => "C:\Users\Bekker\AppData\Local\Google\Update\GoogleUpdate.exe" /cMSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startMSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hideMSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quietMSCONFIG\startupreg: Orb => "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /backgroundMSCONFIG\startupreg: PivotSoftware => "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"MSCONFIG\startupreg: Spotify => "C:\Users\Bekker\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartMSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeMSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"MSCONFIG\startupreg: Steam => "c:\program files\steam\steam.exe" -silentMSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe" ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Tun Minipoort-adapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunmpProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: AQNOMJ78 IDE ControllerDescription: AQNOMJ78 IDE ControllerClass Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}Manufacturer: Service: amwmtxfzProblem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: TAP-Windows Adapter V9Description: TAP-Windows Adapter V9Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: TAP-Windows Provider V9Service: tap0901Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (08/04/2014 02:12:37 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Toepassing met fout Explorer.EXE, versie 6.0.6002.18005, tijdstempel 0x49e01da5, module met fout SHLWAPI.dll, versie 6.0.6002.18738, tijdstempel 0x50ada1fd, uitzonderingscode 0xc0000005, foutmarge 0x00020f29,proces-id 0x930, starttijd van toepassing 0xExplorer.EXE0. Error: (08/04/2014 01:26:27 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/04/2014 01:44:18 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Toepassing met fout Explorer.exe, versie 6.0.6002.18005, tijdstempel 0x49e01da5, module met fout unknown, versie 0.0.0.0, tijdstempel 0x00000000, uitzonderingscode 0xc0000005, foutmarge 0x03990fef,proces-id 0x56c, starttijd van toepassing 0xExplorer.exe0. Error: (08/03/2014 08:09:02 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d,proces-id 0x1944, starttijd van toepassing 0xStreamTransport.exe0. Error: (08/03/2014 08:04:28 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x000674cf,proces-id 0x1f34, starttijd van toepassing 0xStreamTransport.exe0. Error: (08/03/2014 08:03:47 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d,proces-id 0x1e38, starttijd van toepassing 0xStreamTransport.exe0. Error: (08/03/2014 08:02:49 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d,proces-id 0xa20, starttijd van toepassing 0xStreamTransport.exe0. Error: (08/03/2014 08:02:26 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x000674cf,proces-id 0x9b8, starttijd van toepassing 0xStreamTransport.exe0. Error: (08/03/2014 08:02:02 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Toepassing met fout StreamTransport.exe, versie 1.1.6.1, tijdstempel 0x2a425e19, module met fout ntdll.dll, versie 6.0.6002.18881, tijdstempel 0x51da3e27, uitzonderingscode 0xc0000005, foutmarge 0x00067f0d,proces-id 0x99c, starttijd van toepassing 0xStreamTransport.exe0. Error: (08/03/2014 06:00:33 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: De vermelding <C:\USERS\BEKKER\DOWNLOADS\NERDESIN_A_K_M_-_NETD.MP2T> in de hash-toewijzing kan niet worden bijgewerkt. Context: toepassing , catalogus SystemIndex Details:Een apparaat dat op het systeem is aangesloten, werkt niet. (0x8007001f) System errors:=============Error: (08/06/2014 07:38:34 PM) (Source: bowser) (EventID: 8003) (User: )Description: De masterbrowser heeft een servermelding ontvangen van computer EXPERIAdie meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{677AEE2D-8769-429A-BE7D-FE6BD7FB03. De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen. Error: (08/06/2014 07:37:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (via LRPC) Error: (08/06/2014 07:37:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEEMS-1-5-18LocalHost (via LRPC) Error: (08/06/2014 07:36:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: ASPI32bdwfx Error: (08/06/2014 07:35:59 PM) (Source: EventLog) (EventID: 6008) (User: )Description: De vorige afsluiting van het systeem om 19:34:11 op 6-8-2014 is onverwacht gebeurd. Error: (08/06/2014 04:43:28 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (08/06/2014 04:41:18 PM) (Source: bowser) (EventID: 8003) (User: )Description: De masterbrowser heeft een servermelding ontvangen van computer EXPERIAdie meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{677AEE2D-8769-429A-BE7D-FE6BD7FB03. De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen. Error: (08/06/2014 04:39:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (via LRPC) Error: (08/06/2014 04:39:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: toepassingsspecifiekLokaalStarten{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEEMS-1-5-18LocalHost (via LRPC) Error: (08/06/2014 04:38:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: ASPI32bdwfx Microsoft Office Sessions:=========================Error: (08/04/2014 02:12:37 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.0.6002.1800549e01da5SHLWAPI.dll6.0.6002.1873850ada1fdc000000500020f2993001cfafdc8306e2d2 Error: (08/04/2014 01:26:27 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (08/04/2014 01:44:18 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.exe6.0.6002.1800549e01da5unknown0.0.0.000000000c000000503990fef56c01cfaf562e3a0286 Error: (08/03/2014 08:09:02 PM) (Source: Application Error) (EventID: 1000) (User: )Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0d194401cfaf45fa885427 Error: (08/03/2014 08:04:28 PM) (Source: Application Error) (EventID: 1000) (User: )Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c0000005000674cf1f3401cfaf45566e70e7 Error: (08/03/2014 08:03:47 PM) (Source: Application Error) (EventID: 1000) (User: )Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0d1e3801cfaf4527c232e7 Error: (08/03/2014 08:02:49 PM) (Source: Application Error) (EventID: 1000) (User: )Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0da2001cfaf451ce289b7 Error: (08/03/2014 08:02:26 PM) (Source: Application Error) (EventID: 1000) (User: )Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c0000005000674cf9b801cfaf450ded5847 Error: (08/03/2014 08:02:02 PM) (Source: Application Error) (EventID: 1000) (User: )Description: StreamTransport.exe1.1.6.12a425e19ntdll.dll6.0.6002.1888151da3e27c000000500067f0d99c01cfaf449316f6d7 Error: (08/03/2014 06:00:33 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: Context: toepassing , catalogus SystemIndex Details:Een apparaat dat op het systeem is aangesloten, werkt niet. (0x8007001f)C:\USERS\BEKKER\DOWNLOADS\NERDESIN_A_K_M_-_NETD.MP2T CodeIntegrity Errors:=================================== Date: 2014-08-06 20:00:14.028 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-06 20:00:13.288 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-06 20:00:12.552 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-06 20:00:11.856 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-06 19:37:23.703 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-06 19:37:23.423 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-06 19:37:23.095 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-06 19:37:22.783 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-06 19:37:19.647 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. Date: 2014-08-06 19:37:19.335 Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem. ==================== Memory info =========================== Percentage of memory in use: 80%Total physical RAM: 3325.45 MBAvailable physical RAM: 644.19 MBTotal Pagefile: 6843.88 MBAvailable Pagefile: 3406.36 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1912.01 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:38.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.2 GB) NTFSDrive m: (My Passport) (Fixed) (Total:465.73 GB) (Free:50.01 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 40000000)Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 0007526A)Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Thanks for the quick response. FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014Ran by Bekker (administrator) on PC_VAN_BEKKER on 06-08-2014 19:56:51Running from C:\Users\Bekker\DownloadsPlatform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Nederlands (Nederland)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(AMD) C:\Windows\System32\atieclxx.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe(Spotify Ltd) C:\Users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe(Portrait Displays Inc.) C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe(Microsoft Corporation) C:\Windows\System32\sdclt.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\EXCEL.EXE(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE(Microsoft Corporation) C:\Windows\System32\cmd.exe(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe(Microsoft Corporation) C:\Windows\System32\conime.exe(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe(Microsoft Corporation) C:\Windows\MSAgent\AgentSvr.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [DriverMax_RESTART] => [X]HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\Run: [spotify Web Helper] => C:\Users\Bekker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-25] (Spotify Ltd)HKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\MountPoints2: J - J:\Autorun.exeHKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\MountPoints2: {05aa1590-baf7-11dc-b656-001aa09f57c4} - K:\Autorun.exeHKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\MountPoints2: {b2d03046-f446-11dc-a576-001aa09f57c4} - P:\Autorun.exeHKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...\MountPoints2: {d78981b8-0f02-11e2-b661-001aa09f57c4} - L:\Startme.exeHKU\S-1-5-21-2418620012-3055082709-3329518089-1000\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?IFEO\Acrobat.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"IFEO\acrodist.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"IFEO\formdesigner.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"IFEO\isuspm.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"IFEO\mydvd9.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"IFEO\videowave9.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - No FileDPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldnl-nl.cabDPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.opentopia.com/support/activex/AxisCamControl.cabDPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cabDPF: {DC8B04D7-DFBE-46B4-BAB6-61981E896C64} http://www.virtuocity.eu/download/v223/virtuocity.cabDPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-nl.cabDPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5187/mcfscan.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No FileHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No FileHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.2.254 FireFox:========FF ProfilePath: C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464FF Homepage: igoogle.comFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No FileFF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @3dmapview.myvr-software.com/myvrnpapi,version=1.007 - C:\Users\Bekker\AppData\Local\myVRnpapi\npmyvr.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Bekker\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOggX.dll (ESKA)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll (CNN)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\bolcom-nl.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\marktplaats-nl.xmlFF Extension: DownloadHelper - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-28]FF Extension: Flash and Video Download - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}(104) [2013-04-11]FF Extension: Gmail Notifier (restartless) - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2013-04-06]FF Extension: NotAwesome - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\notawesome@sidstamm.com.xpi [2013-04-06]FF Extension: FastestFox - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\smarterwiki@wikiatic.com.xpi [2013-04-06]FF Extension: Turn Off the Lights - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\stefanvandamme@stefanvd.net.xpi [2013-10-13]FF Extension: Test Pilot - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\testpilot@labs.mozilla.com.xpi [2013-04-06]FF Extension: Troubleshooter - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\troubleshooter@mozilla.org.xpi [2013-04-06]FF Extension: Session Manager - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-04-06]FF Extension: AVG PrivacyFix - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2013-04-06]FF Extension: Adblock Plus - C:\Users\Bekker\AppData\Roaming\Mozilla\Firefox\Profiles\idsqbua3.default-1365275137464\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-06]FF Extension: ParentalControl Bar - C:\Program Files\Mozilla Firefox\extensions\{B56F37F8-7023-4c2b-B27E-815594CA64E7} [2013-08-17]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-07]FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\FirefoxFF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-10-06]FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-02-08] Chrome: =======CHR HomePage: hxxp://www.netvibes.com/CHR StartupUrls: "hxxp://igoogle.com/"CHR Plugin: (Shockwave Flash) - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)CHR Plugin: (Ogg Player Gecko Plugin) - C:\Program Files\Mozilla Firefox\plugins\npOggX.dll (ESKA)CHR Plugin: (Turner Media Plugin 1.0.0.10) - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll (CNN)CHR Plugin: (thriXXX WebLaunch) - C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll No FileCHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No FileCHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No FileCHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Plugin: (myVR 3D Framework) - C:\Users\Bekker\AppData\Local\myVRnpapi\npmyvr.dll ()CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll No FileCHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll ()CHR Extension: (TooManyTabs for Chrome) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2012-04-03]CHR Extension: (Turn Off the Lights) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-10-13]CHR Extension: (YouTube) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-02]CHR Extension: (Chrome YouTube Downloader) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja [2014-06-07]CHR Extension: (Adblock Plus) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-14]CHR Extension: (Google Zoeken) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-03]CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2014-06-13]CHR Extension: (SiteAdvisor) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-09]CHR Extension: (Hola Beter Internet) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-06-13]CHR Extension: (Tate Art Slideshow) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgfbniacchiboaeoaoaejhggfepbbmkj [2011-09-25]CHR Extension: (Allow Right-Click) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2013-11-17]CHR Extension: (Google Maps) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-11-02]CHR Extension: (Into The Mist) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2013-12-22]CHR Extension: (Google Mail Checker) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-11-02]CHR Extension: (Google Play Books) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2011-09-25]CHR Extension: (Google Wallet) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]CHR Extension: (Gmail) - C:\Users\Bekker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-27]CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-02-08]CHR StartMenuInternet: Google Chrome - C:\Users\Bekker\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2008-05-29] (Adobe Systems) [File not signed]R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [137112 2012-09-18] (Portrait Displays, Inc.)R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed]R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed]S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2007-12-20] (Macrovision Europe Ltd.) [File not signed]R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-09-26] (Freemake) [File not signed]R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-06-18] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [117552 2012-04-16] (Portrait Displays, Inc.)S4 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]S4 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]S3 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [237056 2010-09-08] (WDC) [File not signed]S3 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]S3 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2010-09-08] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)R2 cpuz132; C:\Windows\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows ® Codename Longhorn DDK provider) [File not signed]R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]S3 hwdatacard; C:\Windows\System32\DRIVERS\hwusbmdm.sys [88960 2006-04-07] (Huawei Technologies Co., Ltd.)S3 LTXMD_VAC; C:\Windows\System32\drivers\lmvac.sys [18912 2008-06-30] (Windows ® Codename Longhorn DDK provider)R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-06-18] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-06-18] (McAfee, Inc.)S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)S3 PCAudi; C:\Windows\System32\drivers\pcaudi.sys [48640 2012-07-09] (Windows ® Win 7 DDK provider) [File not signed]R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [17328 2012-04-16] (Portrait Displays, Inc.)R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2013-03-19] (microOLAP Technologies LTD)R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [33052 2007-08-07] (PowerISO Computing, Inc.) [File not signed]R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)R0 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-08-08] () [File not signed]S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)U3 a3m08kgp; C:\Windows\system32\Drivers\a3m08kgp.sys [0 ] (Microsoft Corporation)S1 ASPI32; No ImagePathS0 bdwfx; System32\drivers\vfgj.sys [X]S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [X]U3 amwmtxfz; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-06 19:56 - 2014-08-06 19:59 - 00031489 _____ () C:\Users\Bekker\Downloads\FRST.txt2014-08-06 19:35 - 2014-08-06 19:36 - 00143208 _____ () C:\Windows\Minidump\Mini080614-01.dmp2014-08-06 19:35 - 2014-08-06 19:35 - 283180701 _____ () C:\Windows\MEMORY.DMP2014-08-06 17:10 - 2014-08-06 19:57 - 00000000 ____D () C:\FRST2014-08-06 17:09 - 2014-08-06 17:10 - 01084928 _____ (Farbar) C:\Users\Bekker\Downloads\FRST.exe2014-08-04 18:07 - 2014-08-04 18:07 - 02319191 _____ () C:\Users\Bekker\Desktop\bookmarks04-08-2014.html2014-08-04 17:00 - 2014-08-04 17:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Bekker\Downloads\mbar-1.07.0.1012.exe2014-08-04 16:51 - 2014-08-04 16:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Bekker\Downloads\TDSSKiller.exe2014-08-04 16:45 - 2014-08-04 16:47 - 01361309 _____ () C:\Users\Bekker\Downloads\adwcleaner_3.302.exe2014-08-04 14:48 - 2014-08-04 14:48 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-04 14:47 - 2014-08-04 14:48 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-04 14:45 - 2014-08-04 14:45 - 04806744 _____ () C:\Users\Bekker\Downloads\RogueKiller.exe2014-08-04 14:04 - 2014-08-04 14:04 - 00035752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys2014-08-04 14:04 - 2014-08-04 14:04 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FixZeroAccess2014-08-03 21:50 - 2014-08-04 18:13 - 00001546 _____ () C:\Windows\PFRO.log2014-08-03 20:13 - 2014-08-03 20:16 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FlashStreamHunter2014-07-25 22:14 - 2014-07-25 22:15 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Equalify2014-07-25 22:04 - 2014-08-04 01:13 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Spotify2014-07-25 22:04 - 2014-08-01 17:57 - 00000000 ____D () C:\Users\Bekker\AppData\Local\Spotify2014-07-25 22:04 - 2014-07-25 22:04 - 00001718 _____ () C:\Users\Bekker\Desktop\Spotify.lnk2014-07-25 22:04 - 2014-07-25 22:04 - 00001704 _____ () C:\Users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2014-07-23 21:12 - 2014-07-26 00:27 - 00000000 ____D () C:\Users\Bekker\Desktop\23-07-20142014-07-20 18:12 - 2014-07-20 18:12 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\McAfee2014-07-20 18:08 - 2014-07-20 18:09 - 00541592 _____ (McAfee, Inc.) C:\Users\Bekker\Downloads\MVTInstaller.exe2014-07-20 17:15 - 2014-08-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-07-19 22:21 - 2014-07-19 22:21 - 00000830 _____ () C:\Users\Public\Desktop\PDFCreator.lnk2014-07-19 22:21 - 2014-07-19 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator2014-07-19 22:21 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\MSMAPI32.OCX2014-07-19 22:20 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL2014-07-19 21:46 - 2014-07-19 21:45 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-07-19 21:45 - 2014-07-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-16 17:53 - 2014-07-16 17:55 - 29420456 _____ (Oracle Corporation) C:\Users\Bekker\Downloads\jre-7u65-windows-i586.exe2014-07-16 17:52 - 2014-07-19 21:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2014-07-10 10:16 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-10 10:16 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-10 10:16 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-10 10:16 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-10 10:16 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-10 10:16 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-10 10:16 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-10 10:16 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-07-10 10:16 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-10 10:16 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-07-10 10:16 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-07-10 10:16 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-07-10 10:16 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-10 10:16 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-10 10:16 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-10 10:16 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-07-10 10:16 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-10 10:16 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-10 10:16 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-07-10 10:16 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-10 10:16 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-07-10 10:16 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-10 10:16 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-10 10:16 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-07 16:16 - 2014-07-07 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield2014-07-07 16:14 - 2014-08-06 19:39 - 00000000 ____D () C:\ProgramData\MCShield2014-07-07 16:14 - 2014-07-07 16:16 - 00000000 ____D () C:\Program Files\MCShield2014-07-07 16:05 - 2014-07-07 16:05 - 02856736 _____ (MyCity) C:\Users\Bekker\Downloads\MCShield-Setup.exe2014-07-07 14:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll2014-07-07 14:22 - 2014-03-06 23:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Users\Bekker\Downloads\procexp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-06 19:59 - 2014-08-06 19:56 - 00031489 _____ () C:\Users\Bekker\Downloads\FRST.txt2014-08-06 19:57 - 2014-08-06 17:10 - 00000000 ____D () C:\FRST2014-08-06 19:54 - 2014-06-20 17:49 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000UA1cf8c9f3d2ae526.job2014-08-06 19:47 - 2014-05-09 14:34 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6b82f6ad609a.job2014-08-06 19:42 - 2014-07-20 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-08-06 19:42 - 2014-02-08 19:11 - 00001709 _____ () C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk2014-08-06 19:41 - 2010-03-01 21:10 - 02086280 _____ () C:\Windows\WindowsUpdate.log2014-08-06 19:39 - 2014-07-07 16:14 - 00000000 ____D () C:\ProgramData\MCShield2014-08-06 19:38 - 2012-09-28 22:52 - 00001609 _____ () C:\Users\Bekker\Desktop\SmartControl.lnk2014-08-06 19:36 - 2014-08-06 19:35 - 00143208 _____ () C:\Windows\Minidump\Mini080614-01.dmp2014-08-06 19:36 - 2014-03-21 23:15 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job2014-08-06 19:36 - 2013-05-19 16:48 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce549fea675415.job2014-08-06 19:36 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-06 19:36 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-08-06 19:36 - 2006-11-02 14:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-08-06 19:35 - 2014-08-06 19:35 - 283180701 _____ () C:\Windows\MEMORY.DMP2014-08-06 19:35 - 2008-06-29 01:30 - 00000000 ____D () C:\Windows\Minidump2014-08-06 19:22 - 2012-05-09 16:10 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-08-06 17:54 - 2011-09-25 01:05 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2418620012-3055082709-3329518089-1000Core.job2014-08-06 17:10 - 2014-08-06 17:09 - 01084928 _____ (Farbar) C:\Users\Bekker\Downloads\FRST.exe2014-08-04 18:16 - 2007-12-06 01:40 - 00000012 _____ () C:\Windows\bthservsdp.dat2014-08-04 18:16 - 2006-11-02 15:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-08-04 18:13 - 2014-08-03 21:50 - 00001546 _____ () C:\Windows\PFRO.log2014-08-04 18:13 - 2012-03-18 15:47 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2014-08-04 18:10 - 2014-03-15 18:25 - 00000000 ____D () C:\AdwCleaner2014-08-04 18:07 - 2014-08-04 18:07 - 02319191 _____ () C:\Users\Bekker\Desktop\bookmarks04-08-2014.html2014-08-04 18:01 - 2014-03-16 18:14 - 00000000 ____D () C:\Users\Bekker\Desktop\mbar2014-08-04 18:01 - 2014-03-15 16:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-08-04 17:07 - 2014-06-28 14:28 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-04 17:03 - 2014-06-28 14:23 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-04 17:01 - 2014-08-04 17:00 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Bekker\Downloads\mbar-1.07.0.1012.exe2014-08-04 16:51 - 2014-08-04 16:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Bekker\Downloads\TDSSKiller.exe2014-08-04 16:47 - 2014-08-04 16:45 - 01361309 _____ () C:\Users\Bekker\Downloads\adwcleaner_3.302.exe2014-08-04 14:48 - 2014-08-04 14:48 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-08-04 14:48 - 2014-08-04 14:47 - 00000000 ____D () C:\ProgramData\RogueKiller2014-08-04 14:45 - 2014-08-04 14:45 - 04806744 _____ () C:\Users\Bekker\Downloads\RogueKiller.exe2014-08-04 14:37 - 2013-08-17 18:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-08-04 14:04 - 2014-08-04 14:04 - 00035752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys2014-08-04 14:04 - 2014-08-04 14:04 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FixZeroAccess2014-08-04 01:13 - 2014-07-25 22:04 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Spotify2014-08-03 21:28 - 2011-08-31 20:06 - 00000000 ____D () C:\Program Files\PDFCreator2014-08-03 21:27 - 2013-04-15 20:15 - 00000000 ____D () C:\Users\Bekker\dwhelper2014-08-03 21:17 - 2010-11-06 18:58 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-08-03 21:17 - 2007-12-27 23:34 - 00000000 ____D () C:\Program Files\CCleaner2014-08-03 20:36 - 2014-01-24 21:02 - 00000000 ____D () C:\Program Files\rtmpdump-2.42014-08-03 20:16 - 2014-08-03 20:13 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\FlashStreamHunter2014-08-01 17:57 - 2014-07-25 22:04 - 00000000 ____D () C:\Users\Bekker\AppData\Local\Spotify2014-08-01 17:32 - 2014-03-29 23:13 - 00000000 ____D () C:\Users\Bekker\Documents\MassTube2014-07-28 16:08 - 2007-12-19 16:47 - 00002611 _____ () C:\Users\Bekker\Desktop\Microsoft Word.lnk2014-07-27 17:05 - 2010-02-08 22:52 - 00000000 ____D () C:\Program Files\Common Files\McAfee2014-07-26 00:27 - 2014-07-23 21:12 - 00000000 ____D () C:\Users\Bekker\Desktop\23-07-20142014-07-25 22:15 - 2014-07-25 22:14 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Equalify2014-07-25 22:04 - 2014-07-25 22:04 - 00001718 _____ () C:\Users\Bekker\Desktop\Spotify.lnk2014-07-25 22:04 - 2014-07-25 22:04 - 00001704 _____ () C:\Users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2014-07-25 21:04 - 2008-01-20 22:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-23 21:48 - 2010-06-04 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-21 16:56 - 2011-05-20 20:40 - 00135680 _____ () C:\Users\Bekker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-07-20 18:12 - 2014-07-20 18:12 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\McAfee2014-07-20 18:10 - 2010-02-08 22:52 - 00000000 ____D () C:\Program Files\McAfee2014-07-20 18:10 - 2007-12-06 01:48 - 00000000 ____D () C:\ProgramData\McAfee2014-07-20 18:09 - 2014-07-20 18:08 - 00541592 _____ (McAfee, Inc.) C:\Users\Bekker\Downloads\MVTInstaller.exe2014-07-20 18:07 - 2011-09-25 01:06 - 00002069 _____ () C:\Users\Bekker\Desktop\Google Chrome.lnk2014-07-19 22:21 - 2014-07-19 22:21 - 00000830 _____ () C:\Users\Public\Desktop\PDFCreator.lnk2014-07-19 22:21 - 2014-07-19 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator2014-07-19 21:47 - 2013-10-06 22:08 - 00000000 ____D () C:\ProgramData\Oracle2014-07-19 21:45 - 2014-07-19 21:46 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-07-19 21:45 - 2014-07-19 21:45 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-07-19 21:45 - 2014-07-19 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-19 21:45 - 2014-07-16 17:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2014-07-19 14:56 - 2013-04-06 19:03 - 00001912 _____ () C:\Windows\epplauncher.mif2014-07-16 17:55 - 2014-07-16 17:53 - 29420456 _____ (Oracle Corporation) C:\Users\Bekker\Downloads\jre-7u65-windows-i586.exe2014-07-16 17:52 - 2007-12-06 01:41 - 00000000 ____D () C:\Program Files\Java2014-07-13 17:55 - 2010-11-06 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-13 17:55 - 2007-12-27 23:34 - 00000000 ____D () C:\Users\Bekker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-11 10:26 - 2013-01-20 15:32 - 00000236 _____ () C:\Users\Bekker\datacrow.properties2014-07-10 18:23 - 2006-11-02 14:47 - 04021816 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-10 18:21 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-10 11:44 - 2013-08-15 23:52 - 00000000 ____D () C:\Windows\system32\MRT2014-07-10 11:40 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2014-07-09 09:22 - 2012-05-09 16:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-07-09 09:22 - 2012-05-09 16:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-07-09 09:16 - 2008-02-07 17:38 - 01618956 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-09 09:16 - 2006-11-02 18:11 - 00721388 _____ () C:\Windows\system32\perfh013.dat2014-07-09 09:16 - 2006-11-02 18:11 - 00150338 _____ () C:\Windows\system32\perfc013.dat2014-07-07 16:16 - 2014-07-07 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield2014-07-07 16:16 - 2014-07-07 16:14 - 00000000 ____D () C:\Program Files\MCShield2014-07-07 16:05 - 2014-07-07 16:05 - 02856736 _____ (MyCity) C:\Users\Bekker\Downloads\MCShield-Setup.exe Some content of TEMP:====================C:\Users\Annemieke\AppData\Local\Temp\FlashPlayerUpdate.exeC:\Users\Annemieke\AppData\Local\Temp\FlashPlayerUpdate01.exeC:\Users\Bekker\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-06 19:42 ==================== End Of Log ============================

Hi, My latest scan with mbam found a backdoor bot and quarantined it. I want to be sure that (in the end) I have a clean pc so I hope u can help me with that. First question: Is a reinstall of windows necessary? And second question: Can it affect external drives? Here is the log: Malwarebytes Anti-Malware www.malwarebytes.org Scandatum: 4-8-2014 Scantijd: 1:44:43 Logbestand: backdoorbot.txt Beheerder: Ja Versie: 2.00.2.1012 Malwaredatabase: v2014.08.03.08 Rootkitdatabase: v2014.08.01.01 Licentie: Gratis Malwarebescherming: Uitgeschakeld Kwaadaardige Website Bescherming: Uitgeschakeld Self-protection: Uitgeschakeld Besturingssysteem: Windows Vista Service Pack 2 Processor: x86 Bestandssysteem: NTFS Gebruiker: Bekker Scantype: Bedreigingsscan Resultaat: Voltooid Objecten Gescand: 377423 Verstreken Tijd: 24 m, 10 s Geheugen: Ingeschakeld Opstarten: Ingeschakeld Bestandssysteem: Ingeschakeld Archieven: Ingeschakeld Rootkits: Ingeschakeld Diepgewortelde-Rootkit Scan: Ingeschakeld Heuristics: Ingeschakeld POP: Waarschuwen POA: Ingeschakeld Processen: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registersleutels: 0 (No malicious items detected) Registerwaardes: 0 (No malicious items detected) Registerdata: 0 (No malicious items detected) Mappen: 0 (No malicious items detected) Bestanden: 1 Backdoor.Bot, C:\$RECYCLE.BIN\S-1-5-21-2418620012-3055082709-3329518089-1000\$RTLJEOZ.zip, In Quarantaine, [9cceb60b5c1fbb7bcf64fd583fc38a76], Fysieke Sectoren: 0 (No malicious items detected) (end) B-Daan