OTL logfile created on: 18-12-2013 17:48:43 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pieter en anja\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3,25 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 54,80% Memory free 6,68 Gb Paging File | 5,07 Gb Available in Paging File | 75,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 423,05 Gb Free Space | 73,42% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,31 Gb Free Space | 51,58% Space Free | Partition Type: FAT32 Computer Name: WERKGROEP | User Name: pieter en anja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-12-18 17:38:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pieter en anja\Downloads\OTL(1).exe PRC - [2013-12-04 11:54:27 | 000,574,120 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files\iSafe\iSafeTray.exe PRC - [2013-12-04 11:54:20 | 000,767,144 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files\iSafe\iSafeSvc2.exe PRC - [2013-12-04 11:54:12 | 000,390,824 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files\iSafe\iSafeSvc.exe PRC - [2013-11-18 18:55:21 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\pieter en anja\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013-11-07 13:58:12 | 000,103,112 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2013-10-23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013-10-23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2013-06-12 15:36:14 | 038,142,582 | ---- | M] (KPN) -- C:\Program Files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe PRC - [2013-04-29 23:24:04 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2013-01-31 15:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Program Files\FilesFrog Update Checker\update_checker.exe PRC - [2012-11-13 10:11:56 | 001,405,544 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\Tray\FightersTray.exe PRC - [2012-10-26 07:49:04 | 000,202,752 | ---- | M] () -- C:\Users\pieter en anja\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe PRC - [2012-07-04 07:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012-07-04 07:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011-02-25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009-07-27 03:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-02-10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2009-01-30 18:36:14 | 000,044,176 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe PRC - [2007-07-11 15:09:48 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe PRC - [2007-06-15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe PRC - [2007-05-10 12:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe PRC - [2006-10-11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-12-04 11:54:44 | 000,185,000 | ---- | M] () -- C:\Program Files\iSafe\libpng.dll MOD - [2013-10-12 08:14:10 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll MOD - [2013-10-12 08:12:37 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll MOD - [2013-10-12 08:12:23 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ab40b51ac49fbee9a48b5b74ff78d5d6\System.Core.ni.dll MOD - [2013-10-12 08:12:17 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f228cc72a6647716127cd44ca416e6dc\PresentationFramework.ni.dll MOD - [2013-10-12 08:11:57 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2482534bee5c520cdfe9c8f7df6a92f\PresentationCore.ni.dll MOD - [2013-10-12 08:11:11 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c16ade1485996fa4981edc7df436a15b\WindowsBase.ni.dll MOD - [2013-08-15 16:48:04 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\1c782ef2a81ad2e6799c3bc38c8c7ec4\WindowsFormsIntegration.ni.dll MOD - [2013-08-15 13:04:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll MOD - [2013-08-15 13:04:08 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll MOD - [2013-08-15 06:50:12 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll MOD - [2013-08-15 06:49:45 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll MOD - [2013-08-15 06:47:47 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll MOD - [2013-07-28 08:53:41 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1c652846fd833029362d4e9f8906d619\UIAutomationProvider.ni.dll MOD - [2013-07-28 08:48:43 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll MOD - [2013-07-28 08:47:58 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll MOD - [2013-06-18 15:49:28 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2013-04-29 23:24:10 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2013-04-29 23:08:08 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2012-10-26 07:49:04 | 000,202,752 | ---- | M] () -- C:\Users\pieter en anja\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe MOD - [2012-07-04 06:09:18 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2011-11-01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011-11-01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009-03-31 19:04:19 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_nl_b77a5c561934e089\System.resources.dll MOD - [2009-03-31 19:04:18 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll MOD - [2009-02-28 00:54:40 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_nl_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009-01-07 15:05:50 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2009-01-07 15:05:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2009-01-07 15:05:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2009-01-07 15:05:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2007-07-11 15:09:48 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe MOD - [2007-05-10 12:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -- (BitGuard) SRV - File not found [Auto | Stopped] -- C:\Windows\TEMP\0114881387384327mcinst.exe -- (0114881387384327mcinstcleanup) SRV - [2013-12-13 07:02:00 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-12-11 19:12:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-12-04 11:54:12 | 000,390,824 | ---- | M] (Elex do Brasil Participações Ltda) [Auto | Running] -- C:\Program Files\iSafe\iSafeSvc.exe -- (iSafeService) SRV - [2013-11-07 13:58:12 | 000,103,112 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2013-10-23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013-10-23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013-04-29 23:24:04 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012-07-13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-07-04 07:20:42 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011-11-16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011-02-28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011-02-25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010-03-18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009-02-10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-06-15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -- (Profos) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2013-12-04 11:55:00 | 000,054,784 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Program Files\iSafe\iSafeNetFilter.sys -- (iSafeNetFilter) DRV - [2013-12-04 11:54:52 | 000,179,840 | ---- | M] (Elex do Brasil Participações Ltda) [File_System | On_Demand | Running] -- C:\Program Files\iSafe\iSafeKrnl.sys -- (iSafeKrnl) DRV - [2013-09-27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2013-01-15 11:11:18 | 000,075,776 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService) DRV - [2012-07-04 07:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012-07-04 07:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012-07-04 06:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012-03-05 16:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1) DRV - [2010-06-23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010-02-18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2008-11-11 18:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008-10-03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008-04-28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2008-02-19 09:26:00 | 010,422,016 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007-10-12 02:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2007-09-21 09:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2006-02-20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV - [2005-02-23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9} IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 CC 17 AC 4E 73 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found IE - HKCU\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}\InprocServer32 File not found IE - HKCU\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9} IE - HKCU\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7MEDB_nl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=pZX1H3u9P8N3JFUAsNPPRj281iY?q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: youtubemp3%40email.com:2.1 FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster%40jeremy.d.gregorio.com:3.0.4 FF - prefs.js..extensions.enabledAddons: %7B97A78363-B868-4B48-AC91-A783A31215AF%7D:2.0.1 FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - prefs.js..keyword.URL: "" FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files\HBLite\bin\11.0.264.0\firefox\extensions FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013-12-18 17:42:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-09-30 21:08:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-09-30 21:08:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-09-30 21:08:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-09-30 21:08:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2011-07-03 14:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pieter en anja\AppData\Roaming\mozilla\Extensions [2010-09-12 09:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pieter en anja\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2013-12-17 21:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pieter en anja\AppData\Roaming\mozilla\Firefox\Profiles\iy4wii2d.default\extensions [2010-04-28 20:19:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pieter en anja\AppData\Roaming\mozilla\Firefox\Profiles\iy4wii2d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013-10-06 11:09:33 | 000,000,000 | ---D | M] (AppsHat) -- C:\Users\pieter en anja\AppData\Roaming\mozilla\Firefox\Profiles\iy4wii2d.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF} [2013-11-16 22:01:45 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\pieter en anja\AppData\Roaming\mozilla\Firefox\Profiles\iy4wii2d.default\extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2013-03-23 10:09:09 | 000,005,286 | ---- | M] () (No name found) -- C:\Users\pieter en anja\AppData\Roaming\mozilla\firefox\profiles\iy4wii2d.default\extensions\youtubemp3@email.com.xpi [2013-10-10 20:36:09 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\pieter en anja\AppData\Roaming\mozilla\firefox\profiles\iy4wii2d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-18 17:43:17 | 000,000,609 | ---- | M] () -- C:\Users\pieter en anja\AppData\Roaming\mozilla\firefox\profiles\iy4wii2d.default\searchplugins\Google.xml [2013-12-04 21:26:38 | 000,003,745 | ---- | M] () -- C:\Users\pieter en anja\AppData\Roaming\mozilla\firefox\profiles\iy4wii2d.default\searchplugins\safeguard-secure-search.xml [2013-12-15 18:52:24 | 000,002,294 | ---- | M] () -- C:\Users\pieter en anja\AppData\Roaming\mozilla\firefox\profiles\iy4wii2d.default\searchplugins\zoekennl.xml [2013-12-17 21:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013-09-30 21:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{129b29a3-f554-444b-aa12-8ead59836cc8} [2013-09-30 21:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013-12-13 07:02:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013-12-18 17:42:36 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: about:blank CHR - Extension: No name found = C:\Users\pieter en anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\pieter en anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\pieter en anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ CHR - Extension: No name found = C:\Users\pieter en anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS) O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe () O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) O4 - HKLM..\Run: [KPN Assistent] C:\Program Files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe (KPN) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [FLV Player] C:\Users\pieter en anja\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe () O4 - HKCU..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKCU..\Run: [Spotify] C:\Users\pieter en anja\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\pieter en anja\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Visit AppsHat.com - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files\Minibar\Minibar.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41D94799-719D-4621-ABBB-CAC4CDA9E157}: DhcpNameServer = 192.168.2.254 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - AppInit_DLLs: (c:\docume~1\ settings\all users\application data\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} c:\docume~1\ c:\progra~1\google\google~1\goec62~1.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\pieter en anja\Documents\P1000290.JPG O24 - Desktop BackupWallPaper: C:\Users\pieter en anja\Documents\P1000290.JPG O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-12-17 21:43:04 | 000,000,000 | ---D | C] -- C:\_OTL [2013-12-16 20:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013-12-16 20:39:26 | 000,000,000 | ---D | C] -- C:\Users\pieter en anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013-12-16 20:13:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013-12-16 19:32:41 | 000,000,000 | ---D | C] -- C:\zoek [2013-12-14 09:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013-12-12 17:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis [2013-12-11 19:38:46 | 000,000,000 | ---D | C] -- C:\zoek_backup [2013-12-08 15:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2013-12-08 15:35:38 | 000,000,000 | ---D | C] -- C:\rsit [2013-12-07 15:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic [2013-12-07 10:54:27 | 000,000,000 | ---D | C] -- C:\Users\pieter en anja\AppData\Roaming\eCyber [2013-12-07 10:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC [2013-12-07 10:53:58 | 000,000,000 | ---D | C] -- C:\Users\pieter en anja\AppData\Roaming\iSafe [2013-12-07 10:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\iSafe [2013-12-04 21:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB [2013-12-01 14:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013-12-01 14:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013-12-01 13:50:55 | 000,000,000 | ---D | C] -- C:\Users\pieter en anja\AppData\Local\AMD [2013-12-01 13:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2013-12-01 13:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013-12-01 13:44:23 | 000,163,840 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll [2013-12-01 13:44:23 | 000,058,368 | ---- | C] (AMD) -- C:\Windows\System32\coinst_8.97.100.3.dll [2013-12-01 13:44:22 | 000,020,992 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll [2013-12-01 13:44:21 | 000,453,632 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe [2013-12-01 13:44:21 | 000,217,088 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe [2013-12-01 12:28:51 | 000,000,000 | ---D | C] -- C:\AMD [2011-11-13 12:10:18 | 002,701,696 | ---- | C] (mquadr.at software engineering und consulting GmbH) -- C:\ProgramData\UpdateKPNAssistent.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-12-18 17:45:37 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-pieter en anja-Startup.job [2013-12-18 17:43:16 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-pieter en anja-Notification.job [2013-12-18 17:43:03 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013-12-18 17:43:03 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013-12-18 17:43:01 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-12-18 17:42:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-12-18 17:12:15 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-12-18 17:08:43 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-12-14 09:10:40 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013-12-14 08:13:53 | 000,322,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013-12-13 14:29:14 | 002,088,960 | ---- | M] () -- C:\Users\pieter en anja\LeaSrFin.mde [2013-12-07 12:00:46 | 000,046,080 | ---- | M] () -- C:\Windows\System32\umstartup.etl [2013-12-07 11:33:09 | 000,000,680 | ---- | M] () -- C:\Users\pieter en anja\AppData\Local\d3d9caps.dat [2013-12-07 10:53:59 | 000,001,581 | ---- | M] () -- C:\Users\Public\Desktop\YAC.lnk [2013-12-06 07:37:57 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013-11-21 17:30:50 | 000,718,960 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2013-11-21 17:30:50 | 000,632,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-11-21 17:30:50 | 000,149,074 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2013-11-21 17:30:50 | 000,118,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-12-14 09:10:40 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013-12-07 10:53:59 | 000,001,581 | ---- | C] () -- C:\Users\Public\Desktop\YAC.lnk [2013-12-01 13:44:20 | 000,246,000 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb [2013-10-29 23:04:21 | 000,007,536 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak [2013-10-29 23:04:21 | 000,007,536 | ---- | C] () -- C:\ProgramData\NanoRepository.bin [2013-10-09 18:45:51 | 005,214,208 | ---- | C] () -- C:\Users\pieter en anja\s-1-5-21-1536129336-130342614-3972474088-1000.rrr [2013-05-22 19:34:58 | 000,000,054 | ---- | C] () -- C:\Users\pieter en anja\jagex_cl_runescape_LIVE1.dat [2013-04-30 03:46:36 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2012-10-29 19:52:00 | 000,000,680 | ---- | C] () -- C:\Users\pieter en anja\AppData\Local\d3d9caps.dat [2012-07-31 21:28:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl [2012-07-04 02:32:18 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012-06-27 21:03:44 | 617,686,037 | ---- | C] () -- C:\Users\pieter en anja\WeTransfer-IF0o7peG.zip [2012-06-15 12:08:55 | 111,526,769 | ---- | C] () -- C:\Users\pieter en anja\WeTransfer-mILiVq13.zip [2012-04-16 14:55:23 | 639,657,680 | ---- | C] () -- C:\Users\pieter en anja\WeTransfer-9xmdd4S9.zip [2012-03-06 18:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011-11-03 17:17:06 | 000,000,032 | ---- | C] () -- C:\Users\pieter en anja\jagex_cl_runescape_LIVE.dat [2011-06-17 18:44:28 | 000,000,553 | ---- | C] () -- C:\Users\pieter en anja\KPN_wlan_data.psk [2010-05-09 13:21:18 | 000,000,000 | ---- | C] () -- C:\Users\pieter en anja\jagex__preferences3.dat [2009-11-19 14:21:29 | 002,088,960 | ---- | C] () -- C:\Users\pieter en anja\LeaSrFin.mde [2009-11-11 20:08:44 | 000,000,042 | ---- | C] () -- C:\Users\pieter en anja\AppData\Roaming\default.pls [2009-09-03 16:58:43 | 000,000,099 | ---- | C] () -- C:\Users\pieter en anja\jagex_runescape_preferences2.dat [2009-08-30 14:44:30 | 000,000,046 | ---- | C] () -- C:\Users\pieter en anja\jagex_runescape_preferences.dat [2009-07-23 16:36:41 | 001,735,270 | ---- | C] () -- C:\Program Files\WinRAR.rar [2009-04-17 22:06:40 | 000,001,024 | ---- | C] () -- C:\Users\pieter en anja\.rnd [2009-03-08 20:57:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009-02-16 18:47:18 | 000,000,258 | ---- | C] () -- C:\Users\pieter en anja\AppData\Roaming\wklnhst.dat [2009-02-12 18:40:18 | 000,072,192 | ---- | C] () -- C:\Users\pieter en anja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013-11-27 18:19:09 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\.minecraft [2012-07-01 18:21:55 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\AVG [2010-12-19 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\AVG10 [2013-10-20 11:12:34 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Babylon [2012-01-23 20:05:19 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Bandoo [2013-03-07 19:50:02 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Belastingdienst [2009-06-02 19:33:45 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\BullGuard [2013-11-07 14:42:05 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Canon [2012-11-10 11:21:30 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\DriverCure [2013-12-07 10:54:27 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\eCyber [2011-11-21 22:02:15 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\EurekaLog [2013-06-22 07:05:25 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Fighters [2013-12-16 20:07:05 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\iSafe [2013-04-14 09:01:43 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\NCdownloader [2009-09-05 09:22:32 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Panasonic [2009-11-26 18:44:26 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Panda Security [2013-12-07 12:45:09 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\ParetoLogic [2012-01-21 12:59:18 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Product_RM [2012-01-21 14:35:09 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Registry Mechanic [2009-03-01 15:26:01 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\ScanSoft [2013-12-18 17:45:02 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Spotify [2011-03-10 07:34:16 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\SurfSecret Privacy Suite [2009-02-26 20:15:22 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Template [2012-10-29 23:09:41 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\TuneUp Software [2012-03-29 17:46:22 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Unity [2012-02-27 19:12:19 | 000,000,000 | ---D | M] -- C:\Users\pieter en anja\AppData\Roaming\Windows Live Writer [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2011-02-28 08:10:53 | 000,000,000 | ---D | M](C:\Windows\System32\?????8??????) -- C:\Windows\System32\ɏ髂睚ሊ8￾￿獒睠玅睠 [2011-02-28 08:10:53 | 000,000,000 | ---D | C](C:\Windows\System32\?????8??????) -- C:\Windows\System32\ɏ髂睚ሊ8￾￿獒睠玅睠 [2010-03-18 14:47:25 | 000,000,000 | ---D | M](C:\Windows\System32\?) -- C:\Windows\System32\ɺ [2010-03-18 14:47:25 | 000,000,000 | ---D | C](C:\Windows\System32\?) -- C:\Windows\System32\ɺ [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 961 bytes -> C:\Users\pieter en anja\Documents\E-mail met bijlage (attachment)_ meivakantie 2009.eml:OECustomProperty @Alternate Data Stream - 2149 bytes -> C:\Users\pieter en anja\Documents\Fw_ Doorst__ Fwd_ Fw_ Fwd_ FW_ Chippendale Dancers from around the world !.eml:OECustomProperty @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4 @Alternate Data Stream - 1147 bytes -> C:\Users\pieter en anja\Documents\RE_ festiviteiten van Dommelrode.eml:OECustomProperty @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report >