Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03 Ran by pieter en anja (administrator) on WERKGROEP on 18-01-2014 18:58:30 Running from C:\Users\pieter en anja\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Dutch Standard Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () C:\Program Files\Cyberlink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\conime.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe () C:\Windows\FixCamera.exe () C:\Windows\vsnpstd3.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (KPN) C:\Program Files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Spotify Ltd) C:\Users\pieter en anja\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Panasonic Corporation) C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6695456 2008-12-02] (Realtek Semiconductor) HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-08] (Google) HKLM\...\Run: [Google EULA Launcher] - C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe [20480 2008-10-14] (Google) HKLM\...\Run: [OpwareSE4] - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.) HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-12-02] (Nero AG) HKLM\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-07-11] () HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [835584 2007-05-10] () HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [KPN Assistent] - C:\Program Files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe [38142582 2013-06-12] (KPN) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [Spotify Web Helper] - C:\Users\pieter en anja\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-18] (Spotify Ltd) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-02-11] (Google Inc.) HKCU\...\Run: [Spotify] - C:\Users\pieter en anja\AppData\Roaming\Spotify\spotify.exe [6118400 2014-01-18] (Spotify Ltd) HKCU\...\Policies\Explorer: [NoInstrumentation] 1 HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-08] (Google) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x31CC17AC4E73CB01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - (No Name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}&rlz=1I7MEDB_nl SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}&rlz=1I7MEDB_nl SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: No Name - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File BHO: No Name - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - No File BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File BHO: No Name - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - No File BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO: No Name - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File Toolbar: HKLM - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Toolbar: HKLM - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File Toolbar: HKLM - No Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 FireFox: ======== FF ProfilePath: C:\Users\pieter en anja\AppData\Roaming\Mozilla\Firefox\Profiles\iy4wii2d.default FF NewTab: about:blank FF SearchEngineOrder.1: Google FF NetworkProxy: "gopher", "" FF NetworkProxy: "gopher_port", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No File FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll No File FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll No File FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll No File FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File FF Plugin: @unity3d.com/UnityPlayer - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll No File FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF SearchPlugin: C:\Users\pieter en anja\AppData\Roaming\Mozilla\Firefox\Profiles\iy4wii2d.default\searchplugins\zoekennl.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\bolcom-nl.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\marktplaats-nl.xml FF Extension: Microsoft .NET Framework Assistant - C:\Users\pieter en anja\AppData\Roaming\Mozilla\Firefox\Profiles\iy4wii2d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28] FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{129b29a3-f554-444b-aa12-8ead59836cc8} [2013-09-30] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: No Name - C:\Program Files\McAfee\SiteAdvisor [2012-08-31] FF HKCU\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: about:blank CHR DefaultSearchKeyword: google CHR DefaultSearchURL: http://www.google.com/search?q={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Bandoo) - C:\Users\pieter en anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll No File CHR Plugin: (AVG Internet Security) - C:\Users\pieter en anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll No File CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll No File CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Unity Player) - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File CHR Extension: (YouTube) - C:\Users\pieter en anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21] CHR Extension: (Google Search) - C:\Users\pieter en anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21] CHR Extension: (Google Wallet) - C:\Users\pieter en anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\pieter en anja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21] ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-04-29] (Advanced Micro Devices, Inc.) R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-08] (Google) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] () R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [103112 2013-11-07] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation) R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [241734 2008-06-28] () S2 0114881387384327mcinstcleanup; C:\Windows\TEMP\0114881387384327mcinst.exe -cleanup -nolog [x] ==================== Drivers (Whitelisted) ==================== R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2008-10-03] (Advanced Micro Devices, Inc) R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [10632 2007-10-12] (Advanced Micro Devices) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [45184 2012-03-05] (Advanced Micro Devices) R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [75776 2013-01-15] (Advanced Micro Devices) R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [554496 2007-09-21] (Ralink Technology Corp.) S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10422016 2008-02-19] (Sonix Co. Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\Users\PIETER~1\AppData\Local\Temp\catchme.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-18 18:58 - 2014-01-18 18:58 - 00034770 _____ C:\Users\pieter en anja\Documents\FRST.txt 2014-01-18 18:53 - 2014-01-18 18:55 - 00033346 _____ C:\Users\pieter en anja\Downloads\Addition.txt 2014-01-18 18:50 - 2014-01-18 18:59 - 00019713 _____ C:\Users\pieter en anja\Downloads\FRST.txt 2014-01-18 18:50 - 2014-01-18 18:50 - 01220608 _____ (Farbar) C:\Users\pieter en anja\Downloads\FRST.exe 2014-01-18 18:50 - 2014-01-18 18:50 - 00000000 ____D C:\FRST 2014-01-18 12:17 - 2014-01-18 12:17 - 00080023 _____ C:\Users\pieter en anja\Documents\zoek-results.txt2014-5.txt 2014-01-18 11:47 - 2014-01-18 11:37 - 00024064 _____ C:\Windows\zoek-delete.exe 2014-01-18 11:38 - 2014-01-16 21:12 - 00001390 _____ C:\zoek-results2014-01-16-201234.log 2014-01-16 21:37 - 2014-01-16 21:37 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\pieter en anja\Desktop\tdsskiller.exe 2014-01-16 21:32 - 2014-01-16 21:32 - 00001390 _____ C:\Users\pieter en anja\Documents\zoek-results.txt2014-4.txt 2014-01-16 21:09 - 2014-01-15 20:42 - 00006051 _____ C:\zoek-results2014-01-15-194219.log 2014-01-15 20:45 - 2014-01-15 20:45 - 00006051 _____ C:\Users\pieter en anja\Documents\zoek-results.txt2014-3.txt 2014-01-15 20:19 - 2014-01-14 21:11 - 00001095 _____ C:\zoek-results2014-01-14-201101.log 2014-01-14 21:12 - 2014-01-14 21:12 - 00001095 _____ C:\Users\pieter en anja\Documents\zoek-results.txt2014-2.txt 2014-01-14 21:05 - 2014-01-13 20:32 - 00017010 _____ C:\zoek-results2014-01-13-193241.log 2014-01-13 20:35 - 2014-01-13 20:35 - 00017010 _____ C:\Users\pieter en anja\Documents\zoek-results.txt2014-1.txt 2014-01-13 20:02 - 2014-01-13 19:57 - 00020392 _____ C:\zoek-results2014-01-13-185707.log 2014-01-13 19:59 - 2014-01-13 19:59 - 00020392 _____ C:\Users\pieter en anja\Documents\zoek-results.txt2014.txt 2014-01-13 19:45 - 2013-12-16 19:33 - 00000692 _____ C:\zoek-results2013-12-16-183316.log 2014-01-13 19:30 - 2014-01-13 19:30 - 01281536 _____ C:\Users\pieter en anja\Desktop\zoek.exe 2014-01-12 12:41 - 2014-01-12 12:41 - 00819160 _____ (Google Inc.) C:\Users\pieter en anja\Downloads\GoogleEarthPluginSetup.exe 2014-01-12 10:43 - 2014-01-12 10:43 - 00000000 ____D C:\Users\pieter en anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GCH Guitar academy 2014-01-12 10:43 - 2014-01-12 10:43 - 00000000 ____D C:\Program Files\GCH Guitar academy 2014-01-12 10:42 - 2014-01-12 10:42 - 03616839 _____ C:\Users\pieter en anja\Downloads\Tuner setup.exe 2014-01-08 20:58 - 2014-01-08 20:58 - 00000000 ___SD C:\ComboFix 2014-01-08 20:57 - 2014-01-08 20:58 - 00000000 ___SD C:\32788R22FWJFW 2014-01-08 20:52 - 2014-01-08 20:52 - 00423263 _____ C:\Users\pieter en anja\Downloads\Anne Frank powerpoint frans en björn.pptx 2014-01-08 20:19 - 2014-01-08 20:19 - 00012043 _____ C:\ComboFix.txt 2014-01-07 20:57 - 2014-01-08 20:47 - 00423263 _____ C:\Users\pieter en anja\Documents\Anne Frank powerpoint frans en björn.pptx 2014-01-04 16:05 - 2014-01-04 16:05 - 00012232 _____ C:\Users\pieter en anja\Documents\AdwCleaner[S0].txt 2014-01-04 14:51 - 2014-01-11 11:23 - 00000000 ____D C:\AdwCleaner 2014-01-04 14:50 - 2014-01-04 14:50 - 00000581 _____ C:\Users\pieter en anja\Desktop\adwcleaner.exe - Snelkoppeling.lnk 2014-01-04 14:49 - 2014-01-04 14:49 - 01233962 _____ C:\Users\pieter en anja\Downloads\adwcleaner.exe 2014-01-04 14:00 - 2014-01-04 14:01 - 00002044 _____ C:\Users\pieter en anja\Documents\CFScript-1txt.txt 2014-01-04 10:03 - 2014-01-08 19:51 - 00002044 _____ C:\Users\pieter en anja\Documents\CFScript.txt 2014-01-04 09:08 - 2014-01-18 11:48 - 00006386 _____ C:\Windows\PFRO.log 2014-01-03 13:42 - 2014-01-08 20:58 - 00000000 ____D C:\Qoobox 2014-01-03 13:42 - 2014-01-03 13:57 - 00000000 ____D C:\Windows\erdnt 2014-01-03 13:42 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2014-01-03 13:42 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2014-01-03 13:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-01-03 13:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-01-03 13:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-01-03 13:42 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2014-01-03 13:42 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2014-01-03 13:42 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2014-01-03 13:41 - 2014-01-08 19:54 - 05162489 ____R (Swearware) C:\Users\pieter en anja\Desktop\ComboFix.exe 2014-01-02 18:38 - 2014-01-04 14:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2014-01-02 18:38 - 2014-01-02 18:38 - 06286448 _____ (Microsoft Corporation) C:\Users\pieter en anja\Downloads\Silverlight(4).exe 2014-01-02 18:29 - 2014-01-02 18:29 - 06286448 _____ (Microsoft Corporation) C:\Users\pieter en anja\Downloads\Silverlight(3).exe 2014-01-02 18:15 - 2014-01-02 18:15 - 06286448 _____ (Microsoft Corporation) C:\Users\pieter en anja\Downloads\Silverlight(2).exe 2014-01-02 18:14 - 2014-01-02 18:14 - 06286448 _____ (Microsoft Corporation) C:\Users\pieter en anja\Downloads\Silverlight(1).exe 2013-12-24 14:26 - 2013-12-24 14:26 - 00000574 _____ C:\Users\pieter en anja\Documents\desktop.ini 1.txt 2013-12-24 14:15 - 2013-12-24 14:15 - 00056284 _____ C:\Users\pieter en anja\Downloads\verjaardagskaart 75(1).xps 2013-12-23 11:38 - 2013-12-23 11:38 - 00005188 _____ C:\Users\pieter en anja\Documents\Fix.txt 2013-12-21 20:27 - 2013-12-21 20:27 - 00020130 _____ C:\Users\pieter en anja\Downloads\t6807376_Gueterweg-zur-Weissteinalm-nicht-bewirtschaftet.gpx 2013-12-21 11:49 - 2013-12-21 11:49 - 00102990 _____ C:\Users\pieter en anja\Documents\OTL.Txt runscan.txt ==================== One Month Modified Files and Folders ======= 2014-01-18 18:59 - 2014-01-18 18:50 - 00019713 _____ C:\Users\pieter en anja\Downloads\FRST.txt 2014-01-18 18:58 - 2014-01-18 18:58 - 00034770 _____ C:\Users\pieter en anja\Documents\FRST.txt 2014-01-18 18:57 - 2009-02-11 23:01 - 01322051 _____ C:\Windows\WindowsUpdate.log 2014-01-18 18:55 - 2014-01-18 18:53 - 00033346 _____ C:\Users\pieter en anja\Downloads\Addition.txt 2014-01-18 18:50 - 2014-01-18 18:50 - 01220608 _____ (Farbar) C:\Users\pieter en anja\Downloads\FRST.exe 2014-01-18 18:50 - 2014-01-18 18:50 - 00000000 ____D C:\FRST 2014-01-18 18:12 - 2012-04-14 08:41 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-18 18:08 - 2010-02-01 13:42 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-18 17:48 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-18 17:48 - 2006-11-02 13:47 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-18 15:08 - 2010-02-01 13:42 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-18 12:17 - 2014-01-18 12:17 - 00080023 _____ C:\Users\pieter en anja\Documents\zoek-results.txt2014-5.txt 2014-01-18 12:11 - 2013-04-06 19:40 - 00000000 ____D C:\Users\pieter en anja\AppData\Roaming\Spotify 2014-01-18 11:49 - 2013-12-11 19:43 - 00080023 _____ C:\zoek-results.log 2014-01-18 11:48 - 2014-01-04 09:08 - 00006386 _____ C:\Windows\PFRO.log 2014-01-18 11:48 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-18 11:47 - 2006-11-02 14:01 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-18 11:45 - 2013-12-11 19:38 - 00000000 ____D C:\zoek_backup 2014-01-18 11:37 - 2014-01-18 11:47 - 00024064 _____ C:\Windows\zoek-delete.exe 2014-01-17 19:49 - 2013-04-06 19:40 - 00000000 ____D C:\Users\pieter en anja\AppData\Local\Spotify 2014-01-17 07:10 - 2010-03-13 08:55 - 00001995 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-16 21:37 - 2014-01-16 21:37 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\pieter en anja\Desktop\tdsskiller.exe 2014-01-16 21:32 - 2014-01-16 21:32 - 00001390 _____ C:\Users\pieter en anja\Documents\zoek-results.txt2014-4.txt 2014-01-16 21:12 - 2014-01-18 11:38 - 00001390 _____ C:\zoek-results2014-01-16-201234.log 2014-01-15 22:44 - 2008-11-26 16:56 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-15 22:43 - 2013-08-15 06:24 - 00000000 ____D C:\Windows\system32\MRT 2014-01-15 22:39 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-01-15 20:45 - 2014-01-15 20:45 - 00006051 _____ C:\Users\pieter en anja\Documents\zoek-results.txt2014-3.txt 2014-01-15 20:42 - 2014-01-16 21:09 - 00006051 _____ C:\zoek-results2014-01-15-194219.log 2014-01-14 21:12 - 2014-01-14 21:12 - 00001095 _____ C:\Users\pieter en anja\Documents\zoek-results.txt2014-2.txt 2014-01-14 21:11 - 2014-01-15 20:19 - 00001095 _____ C:\zoek-results2014-01-14-201101.log 2014-01-14 13:13 - 2009-11-19 14:21 - 02088960 _____ C:\Users\pieter en anja\LeaSrFin.mde 2014-01-14 13:13 - 2009-02-11 23:14 - 00000000 ____D C:\Users\pieter en anja 2014-01-14 12:57 - 2009-10-07 17:54 - 00000000 ____D C:\LeaSrFin 2014-01-13 22:41 - 2012-07-31 17:33 - 00000000 ____D C:\Users\pieter en anja\AppData\Local\CrashDumps 2014-01-13 20:35 - 2014-01-13 20:35 - 00017010 _____ C:\Users\pieter en anja\Documents\zoek-results.txt2014-1.txt 2014-01-13 20:32 - 2014-01-14 21:05 - 00017010 _____ C:\zoek-results2014-01-13-193241.log 2014-01-13 19:59 - 2014-01-13 19:59 - 00020392 _____ C:\Users\pieter en anja\Documents\zoek-results.txt2014.txt 2014-01-13 19:57 - 2014-01-13 20:02 - 00020392 _____ C:\zoek-results2014-01-13-185707.log 2014-01-13 19:30 - 2014-01-13 19:30 - 01281536 _____ C:\Users\pieter en anja\Desktop\zoek.exe 2014-01-12 12:41 - 2014-01-12 12:41 - 00819160 _____ (Google Inc.) C:\Users\pieter en anja\Downloads\GoogleEarthPluginSetup.exe 2014-01-12 10:43 - 2014-01-12 10:43 - 00000000 ____D C:\Users\pieter en anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GCH Guitar academy 2014-01-12 10:43 - 2014-01-12 10:43 - 00000000 ____D C:\Program Files\GCH Guitar academy 2014-01-12 10:42 - 2014-01-12 10:42 - 03616839 _____ C:\Users\pieter en anja\Downloads\Tuner setup.exe 2014-01-11 11:23 - 2014-01-04 14:51 - 00000000 ____D C:\AdwCleaner 2014-01-08 20:58 - 2014-01-08 20:58 - 00000000 ___SD C:\ComboFix 2014-01-08 20:58 - 2014-01-08 20:57 - 00000000 ___SD C:\32788R22FWJFW 2014-01-08 20:58 - 2014-01-03 13:42 - 00000000 ____D C:\Qoobox 2014-01-08 20:52 - 2014-01-08 20:52 - 00423263 _____ C:\Users\pieter en anja\Downloads\Anne Frank powerpoint frans en björn.pptx 2014-01-08 20:47 - 2014-01-07 20:57 - 00423263 _____ C:\Users\pieter en anja\Documents\Anne Frank powerpoint frans en björn.pptx 2014-01-08 20:19 - 2014-01-08 20:19 - 00012043 _____ C:\ComboFix.txt 2014-01-08 20:17 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini 2014-01-08 19:54 - 2014-01-03 13:41 - 05162489 ____R (Swearware) C:\Users\pieter en anja\Desktop\ComboFix.exe 2014-01-08 19:51 - 2014-01-04 10:03 - 00002044 _____ C:\Users\pieter en anja\Documents\CFScript.txt 2014-01-07 20:06 - 2009-02-16 18:47 - 00000258 _____ C:\Users\pieter en anja\AppData\Roaming\wklnhst.dat 2014-01-07 07:04 - 2010-03-27 16:20 - 00000000 ____D C:\ProgramData\CanonIJPLM 2014-01-04 17:03 - 2009-02-23 09:58 - 00000000 ____D C:\Users\pieter en anja\AppData\Local\Adobe 2014-01-04 17:02 - 2012-04-14 08:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-01-04 17:02 - 2011-05-15 08:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-01-04 16:05 - 2014-01-04 16:05 - 00012232 _____ C:\Users\pieter en anja\Documents\AdwCleaner[S0].txt 2014-01-04 14:58 - 2014-01-02 18:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2014-01-04 14:55 - 2013-10-06 11:08 - 00000000 ____D C:\Users\pieter en anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player 2014-01-04 14:50 - 2014-01-04 14:50 - 00000581 _____ C:\Users\pieter en anja\Desktop\adwcleaner.exe - Snelkoppeling.lnk 2014-01-04 14:49 - 2014-01-04 14:49 - 01233962 _____ C:\Users\pieter en anja\Downloads\adwcleaner.exe 2014-01-04 14:01 - 2014-01-04 14:00 - 00002044 _____ C:\Users\pieter en anja\Documents\CFScript-1txt.txt 2014-01-03 13:58 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default 2014-01-03 13:58 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public 2014-01-03 13:57 - 2014-01-03 13:42 - 00000000 ____D C:\Windows\erdnt 2014-01-03 11:57 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET 2014-01-02 18:38 - 2014-01-02 18:38 - 06286448 _____ (Microsoft Corporation) C:\Users\pieter en anja\Downloads\Silverlight(4).exe 2014-01-02 18:29 - 2014-01-02 18:29 - 06286448 _____ (Microsoft Corporation) C:\Users\pieter en anja\Downloads\Silverlight(3).exe 2014-01-02 18:15 - 2014-01-02 18:15 - 06286448 _____ (Microsoft Corporation) C:\Users\pieter en anja\Downloads\Silverlight(2).exe 2014-01-02 18:14 - 2014-01-02 18:14 - 06286448 _____ (Microsoft Corporation) C:\Users\pieter en anja\Downloads\Silverlight(1).exe 2014-01-02 09:51 - 2013-06-01 17:54 - 00000000 ____D C:\Program Files\QuickTime 2013-12-29 14:29 - 2009-02-12 18:40 - 00072192 _____ C:\Users\pieter en anja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-24 14:26 - 2013-12-24 14:26 - 00000574 _____ C:\Users\pieter en anja\Documents\desktop.ini 1.txt 2013-12-24 14:15 - 2013-12-24 14:15 - 00056284 _____ C:\Users\pieter en anja\Downloads\verjaardagskaart 75(1).xps 2013-12-23 11:38 - 2013-12-23 11:38 - 00005188 _____ C:\Users\pieter en anja\Documents\Fix.txt 2013-12-21 20:27 - 2013-12-21 20:27 - 00020130 _____ C:\Users\pieter en anja\Downloads\t6807376_Gueterweg-zur-Weissteinalm-nicht-bewirtschaftet.gpx 2013-12-21 19:36 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\LogFiles 2013-12-21 11:49 - 2013-12-21 11:49 - 00102990 _____ C:\Users\pieter en anja\Documents\OTL.Txt runscan.txt 2013-12-21 11:45 - 2013-12-17 22:03 - 00102990 _____ C:\Users\pieter en anja\Downloads\OTL.Txt 2013-12-21 11:42 - 2013-12-17 22:11 - 00095570 _____ C:\Users\pieter en anja\Documents\OTL.Txt Files to move or delete: ==================== C:\ProgramData\UpdateKPNAssistent.exe C:\Users\pieter en anja\jagex_cl_runescape_LIVE.dat C:\Users\pieter en anja\jagex_cl_runescape_LIVE1.dat C:\Users\pieter en anja\jagex_runescape_preferences.dat C:\Users\pieter en anja\jagex_runescape_preferences2.dat C:\Users\pieter en anja\jagex__preferences3.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-18 11:55 ==================== End Of Log ============================