Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2014 Ran by gebruiker (administrator) on PC_VAN_GEBRUIKE on 09-12-2014 22:38:17 Running from C:\Users\gebruiker\Downloads Loaded Profile: gebruiker (Available profiles: gebruiker) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Nederlands (Nederland) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Packard Bell BV) C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Akamai Technologies, Inc.) C:\Users\gebruiker\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\gebruiker\AppData\Local\Akamai\netsession_win.exe (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Microsoft Corporation) C:\Windows\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-23] (Synaptics, Inc.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [232184 2007-01-11] (Sonic Solutions) HKLM\...\Run: [toolbar_eula_launcher] => C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [28672 2007-02-20] ( ) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated) HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [Symantec PIF AlertEng] => C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [583048 2008-01-29] (Symantec Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.) HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4954576 2014-12-01] (Emsisoft GmbH) HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBGAFIARQBFAC0AVgA2AFoASgBBAC0AQgBOADIAWQBRAC0ARgAzAFYAUwBSAC0AVgBXAFMAUgA0AC0AVgBZADcATQBaAA"&"inst=NwA3AC0ANwA3ADkAMg (the data entry has 68 more characters). HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\...\Run: [SmpcSys] => C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [1120568 2007-07-19] (Packard Bell BV) HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\...\Run: [BlazeServoTool] => "C:\Program Files\LAKS\LAKS TV Player\MediaDetector.exe" HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation) HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation) HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\...\Run: [Akamai NetSession Interface] => C:\Users\gebruiker\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30878312 2014-12-03] (Skype Technologies S.A.) HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\...\MountPoints2: {4f5f2ade-106c-11e0-81a6-001b24a3b79c} - E:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\...\MountPoints2: {933603dc-0dd0-11e0-a543-001b24a3b79c} - E:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\...\MountPoints2: {933603e5-0dd0-11e0-a543-001b24a3b79c} - F:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\...\MountPoints2: {9f75c75c-1043-11e0-943c-001b24a3b79c} - E:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\...\MountPoints2: {9f75c769-1043-11e0-943c-001b24a3b79c} - E:\setup_vmc_lite.exe /checkApplicationPresence HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2910343643-3612395953-1441375678-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-2910343643-3612395953-1441375678-1002 -> {043C5167-00BB-4324-AF7E-62013FAEDACF} URL = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp SearchScopes: HKU\S-1-5-21-2910343643-3612395953-1441375678-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} SearchScopes: HKU\S-1-5-21-2910343643-3612395953-1441375678-1002 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b1d27dc&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us BHO: Adobe PDF Reader Help bij koppelingen -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File Toolbar: HKU\S-1-5-21-2910343643-3612395953-1441375678-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-2910343643-3612395953-1441375678-1002 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-2910343643-3612395953-1441375678-1002 -> No Name - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://clients.futuremark.com/openapi/receivers/FMSI.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Tcpip\Parameters: [DhcpNameServer] 195.130.130.3 195.130.131.3 Tcpip\..\Interfaces\{B4012F40-C1D5-4E7D-A5C2-ED3D28C9F660}: [NameServer] 81.169.62.171 81.169.62.171 FireFox: ======== FF ProfilePath: C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\x4qcsq1n.default FF DefaultSearchEngine: Bing FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=IEFM1&q= FF Homepage: hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml FF Extension: Microsoft Choice Guard - C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\x4qcsq1n.default\Extensions\ChoiceGuard@Microsoft [2009-11-06] FF Extension: Microsoft .NET Framework Assistant - C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\x4qcsq1n.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-12-07] FF Extension: Google Toolbar for Firefox - C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\x4qcsq1n.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009-12-07] FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-10-18] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011-05-13] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-07] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] Chrome: ======= CHR HomePage: Default -> CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U25) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Profile: C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-26] CHR Extension: (YouTube) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-26] CHR Extension: (Google Zoeken) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-26] CHR Extension: (Google Wallet) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31] CHR Extension: (Gmail) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-26] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH) R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated) S3 Futuremark SystemInfo Service; C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [129440 2011-01-13] (Futuremark Corporation) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [583048 2008-01-29] (Symantec Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.) S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [163328 2007-07-13] (Conexant Systems Inc.) R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-01-08] (Windows (R) Codename Longhorn DDK provider) S3 k510bus; C:\Windows\System32\DRIVERS\k510bus.sys [58288 2006-02-17] (MCCI) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [28592 2009-07-22] (The OpenVPN Project) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 mod7700; system32\DRIVERS\mod7700.sys [X] S3 MODRC; system32\DRIVERS\modrc.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-09 22:38 - 2014-12-09 22:39 - 00020606 _____ () C:\Users\gebruiker\Downloads\FRST.txt 2014-12-09 22:37 - 2014-12-09 22:38 - 00000000 ____D () C:\FRST 2014-12-09 22:36 - 2014-12-09 22:36 - 01111040 _____ (Farbar) C:\Users\gebruiker\Downloads\FRST.exe 2014-12-09 22:34 - 2014-12-09 22:34 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-12-09 20:46 - 2014-12-09 20:46 - 00000891 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-12-09 20:46 - 2014-12-09 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-12-09 20:45 - 2014-12-09 22:37 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-12-09 20:39 - 2014-12-09 20:44 - 172735912 _____ (Emsisoft Ltd ) C:\Users\gebruiker\Downloads\EmsisoftAntiMalwareSetup_11059926.exe 2014-12-09 16:43 - 2014-12-09 16:43 - 01107968 _____ () C:\Users\gebruiker\Downloads\RSIT (1).exe 2014-12-09 16:42 - 2014-12-09 16:48 - 00000000 ____D () C:\rsit 2014-12-09 16:42 - 2014-12-09 16:48 - 00000000 ____D () C:\Program Files\trend micro 2014-12-09 16:41 - 2014-12-09 16:42 - 01107968 _____ () C:\Users\gebruiker\Downloads\RSIT.exe 2014-12-08 17:39 - 2014-12-08 17:39 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{4878DBFA-D6F2-4EDA-A510-BC99D5D5FA40} 2014-12-08 17:17 - 2014-12-08 17:17 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{C4B3A9BF-B3F3-4B54-835D-F7174067439A} 2014-12-08 17:09 - 2014-12-08 17:09 - 00659968 _____ () C:\Users\gebruiker\Downloads\MicrosoftFixit50195.msi 2014-12-08 17:05 - 2014-12-08 17:05 - 00002485 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-12-08 17:05 - 2014-12-08 17:05 - 00000000 ___RD () C:\Program Files\Skype 2014-12-08 17:05 - 2014-12-08 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-12-08 17:05 - 2014-12-08 17:05 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-12-08 17:02 - 2014-12-08 17:03 - 44845160 _____ (Skype Technologies S.A.) C:\Users\gebruiker\Downloads\SkypeSetupFull (2).exe 2014-12-08 15:06 - 2014-12-08 15:07 - 00371008 _____ () C:\Users\gebruiker\Downloads\SoftonicDownloader_for_skype.exe 2014-12-08 14:26 - 2014-12-08 14:27 - 20627456 _____ () C:\Users\gebruiker\Downloads\SkypeSetup_6.3.0.107.msi 2014-12-08 13:18 - 2014-12-08 13:20 - 44835432 _____ (Skype Technologies S.A.) C:\Users\gebruiker\Downloads\SkypeSetupFull (1).exe 2014-12-08 12:29 - 2014-12-08 12:29 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{1DBBFA99-B264-4A15-A1A6-2AD26BBB3F0C} 2014-12-07 22:25 - 2014-12-08 13:15 - 00000817 _____ () C:\Windows\setupact.log 2014-12-07 22:25 - 2014-12-07 22:25 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-07 21:56 - 2014-12-07 21:57 - 44845160 _____ (Skype Technologies S.A.) C:\Users\gebruiker\Downloads\SkypeSetupFull.exe 2014-12-07 21:31 - 2014-12-07 21:31 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{F4C47F3D-C6B6-4653-8172-9942F009CFB0} 2014-12-07 20:15 - 2014-12-07 20:15 - 00000000 ____D () C:\Program Files\Skype(1) 2014-12-07 19:45 - 2014-12-07 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-12-07 10:55 - 2014-12-07 10:56 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{373F5E06-C44C-4C3B-BDE9-8D228A0EE488} 2014-12-06 19:52 - 2014-12-06 19:52 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{47D86F0C-7868-45D2-803C-48FCDEDC4A40} 2014-12-06 19:39 - 2014-12-06 19:39 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{C7BFC4E4-8B98-468E-BAAD-FF83D9A099C9} 2014-12-06 19:25 - 2014-12-06 19:25 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{7E179A47-768F-442D-8885-6E891B7B8091} 2014-12-03 20:56 - 2014-12-03 20:59 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{FF424635-9776-4212-A6FF-A7C4F450C02C} 2014-11-30 13:45 - 2014-11-30 13:45 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{4B59780E-BF6A-4F7E-BC97-A4AE4014E2EC} 2014-11-29 21:23 - 2014-11-29 21:26 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{2E2AC329-EF61-4F8F-9DD2-75CEDB7C8772} 2014-11-26 20:05 - 2014-11-26 20:05 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{26975ADD-15E8-4B6D-8396-0D8F991CC525} 2014-11-22 19:55 - 2014-11-22 19:55 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{9B72EBA2-A191-4DEB-B4FD-1879D9F52050} 2014-11-21 14:58 - 2014-11-21 14:58 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{38DD8E60-B94F-4468-BF30-BC379767211D} 2014-11-21 00:41 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-21 00:36 - 2014-11-21 00:36 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{EC7560DD-FEC8-4808-A421-E54B74796F2F} 2014-11-20 00:34 - 2014-11-20 00:34 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{3F170884-B25D-4BCB-95DC-8F3D468AFC0F} 2014-11-16 15:46 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-16 15:46 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-16 15:46 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-16 15:46 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-16 15:45 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-16 15:45 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-16 15:44 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-16 15:43 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-16 15:41 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-16 15:39 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-16 15:39 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-16 15:39 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-16 15:39 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-16 15:39 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-16 14:55 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-16 14:48 - 2014-11-16 14:48 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{872FA6E9-C23A-43A3-AE07-4469BDF8E269} 2014-11-12 21:41 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 21:41 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 21:41 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 21:41 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 21:41 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 21:41 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 21:41 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-11-12 21:41 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 21:41 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 21:41 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-12 21:41 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 21:41 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 21:41 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 21:41 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 21:41 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 21:41 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 21:41 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 21:41 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-11-12 21:41 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-11-12 21:41 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-11-12 21:41 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 21:16 - 2014-11-12 21:16 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\{91C261ED-50AF-4BE3-B025-58F688176DB7} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-09 22:36 - 2011-03-10 14:08 - 00000000 ____D () C:\Users\gebruiker\Documents\sport.be 2014-12-09 22:34 - 2011-10-22 23:13 - 00000000 ____D () C:\Users\gebruiker\AppData\Roaming\Skype 2014-12-09 22:24 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-09 22:24 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-09 22:18 - 2012-06-02 16:46 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-09 22:00 - 2008-01-29 21:54 - 00000348 _____ () C:\Windows\Tasks\Uitgebreide garantie.job 2014-12-09 21:55 - 2012-12-26 17:32 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-09 21:34 - 2008-01-29 21:04 - 01221391 _____ () C:\Windows\WindowsUpdate.log 2014-12-09 16:24 - 2012-12-26 17:32 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-09 16:24 - 2008-07-03 10:23 - 00027715 _____ () C:\Users\gebruiker\AppData\Roaming\nvModes.001 2014-12-09 16:24 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-08 23:39 - 2006-11-02 14:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-08 17:39 - 2009-11-06 00:52 - 00000000 ____D () C:\Users\gebruiker\Tracing 2014-12-08 17:05 - 2007-10-18 03:48 - 00000000 ____D () C:\ProgramData\Skype 2014-12-08 13:16 - 2007-10-18 12:09 - 01011736 _____ () C:\Windows\system32\perfh013.dat 2014-12-08 13:16 - 2007-10-18 12:09 - 00250180 _____ () C:\Windows\system32\perfc013.dat 2014-12-08 13:16 - 2006-11-02 11:33 - 00006820 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-07 21:28 - 2008-02-03 14:59 - 00000000 ____D () C:\Windows\Minidump 2014-12-07 21:28 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-12-07 21:27 - 2006-11-02 11:22 - 53477376 _____ () C:\Windows\system32\config\components_previous 2014-12-07 21:27 - 2006-11-02 11:22 - 48758784 _____ () C:\Windows\system32\config\software_previous 2014-12-07 21:27 - 2006-11-02 11:22 - 28049408 _____ () C:\Windows\system32\config\system_previous 2014-12-07 21:27 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous 2014-12-07 21:27 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2014-12-07 21:27 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\default_previous 2014-12-07 21:26 - 2008-01-29 21:44 - 00000000 ____D () C:\Users\gebruiker 2014-12-07 21:26 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2014-12-07 21:25 - 2011-11-10 20:23 - 00000000 ____D () C:\Users\gebruiker\AppData\Local\Akamai 2014-12-07 21:25 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration 2014-12-07 19:58 - 2007-10-18 12:05 - 00000000 ____D () C:\Windows\Panther 2014-11-26 21:18 - 2012-06-02 16:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-26 21:18 - 2011-07-26 19:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-22 23:18 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-20 01:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache 2014-11-20 00:31 - 2006-11-02 13:47 - 00315192 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-16 15:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\nl-NL 2014-11-16 15:46 - 2008-02-11 17:02 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-16 14:58 - 2013-08-31 07:53 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-16 14:58 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe Some content of TEMP: ==================== C:\Users\gebruiker\AppData\Local\Temp\14hBFC8.exe C:\Users\gebruiker\AppData\Local\Temp\2n0D164.exe C:\Users\gebruiker\AppData\Local\Temp\AutoRunGUI.dll C:\Users\gebruiker\AppData\Local\Temp\contentDATs.exe C:\Users\gebruiker\AppData\Local\Temp\EASOUNInstaller.exe C:\Users\gebruiker\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\gebruiker\AppData\Local\Temp\ose00000.exe C:\Users\gebruiker\AppData\Local\Temp\SearchWithGoogleUpdate.exe C:\Users\gebruiker\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\gebruiker\AppData\Local\Temp\SkypeSetup.exe C:\Users\gebruiker\AppData\Local\Temp\UNINSTALL.exe C:\Users\gebruiker\AppData\Local\Temp\wlsetup-cvr.exe C:\Users\gebruiker\AppData\Local\Temp\{56E42419-7C92-4236-8F3E-2FD5E90A4FE4}-32.0.1700.76_chrome_installer.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-09 16:30 ==================== End Of Log ============================