Opgelost cpop.tibsearch.com

pagigoli · 15 feb 2015

Sinds gisteren lijkt mij pc geinfecteerd door cpop.tibsearch.com. Als ik iets in Firefox iets open, dan krijg ik niet alleen een lawine aan reclamebanners, maar ook worden veel woorden in het artikel onderlijnd (of dubbel onderlijnd) en als je daar dan met de muis opkomt verschijnt wat reclame - en onderaan zie ik staan : cpop.tibsearch.com.

Ik heb Spybot erop afgestuurd, en daarna mijn virusscanner Mc Afee, en daarna spyhunter, en dan nog een online scan gedaan met Housecall. Maar zonder resultaat. Ik krijg die virus niet weg...

Graag hulp, aub

dorado · 15 feb 2015

Download

MalwareBytes Anti-Malware bij voorkeur naar het bureaublad.

[*] Dubbelklik op mbam-setup-2.0.exe om de installatie van Malwarebytes Anti-Malware te starten.

[*] Volg de verdere aanwijzingen, de volledige installatieprocedure kunt u nalezen op de volgende link - Malwarebytes Anti-Malware installeren.

[*] Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.

[*] Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.

[*] De scan wordt nu automatisch gestart, gebruik de computer bij voorkeur niet tijdens de scan.

[*] Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
- [*] Klik vervolgens op de knop Exporteer en kies de optie "Tekstbestand (*.txt)".
  
  [*] Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog.
  
  [*] Kies bijvoorbeeld het bureaublad als opslaglocatie en klik vervolgens op de knop Opslaan.
[*] Wanneer er wel bedreigingen zijn gedetecteerd klikt u na de scan op Acties toepassen.
- [*] Bij de melding om de computer opnieuw op te starten klikt u op Ja / Yes.
  
  [*] Open na de herstart MalwareBytes Anti-Malware en klik bovenaan op Historie en selecteer Programmalogboeken.
  
  [*] Selecteer het laatste Scanlogboek en klik op de knop Bekijk.
  
  [*] Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog.
  
  [*] Kies bijvoorbeeld het bureaublad als opslaglocatie en klik vervolgens op de knop Opslaan.
  
  [*] Voeg het logbestand wat u zojuist heeft opgeslagen als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in Malwarebytes Anti-Malware bij Historie > Programmalogboeken)

______________________________________________________________________________________________
Download

Zoek.exe naar het bureaublad.

[*] Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

[*] Antivirus software uitschakelen

[*] Antispy & malware software uitschakelen

Zoek.exe uitvoeren
Wanneer je problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

[*] Dubbelklik op Zoek.exe om de tool te starten.

[*] Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

[*] Kopieer nu onderstaande code en plak die in het grote invulvenster:

[*]
Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
Code:
```
[/FONT]
[FONT=Monaco]standardsearch;[/FONT]
[FONT=Monaco]process;[/FONT]
[FONT=Monaco]startupall;[/FONT]
[FONT=Monaco]torpigcheck;[/FONT]
[FONT=Monaco]emptyfolderscheck;delete[/FONT]
[FONT=Monaco]firefoxlook;[/FONT]
[FONT=Monaco]chromelook;[/FONT]
[FONT=Monaco]filescrm;[/FONT]
[FONT=Monaco]
```
[*] Klik nu op de knop "Run script".

[*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

[*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

[*] Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

[*] Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)

[*] Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

______________________________________________________________________________________________
Download

Farbar Recovery Scan Tool naar je Bureaublad van de onderstaande link.
Farbar Recovery Scan Tool 32 bit of Farbar Recovery Scan Tool 64 bit (x64)

[*]Dubbelklik op FRST.exe om de tool te starten.

[*]Als het programma is geopend klik Yes (Ja) bij de disclaimer.

[*]Vink bij Whitelist Registry, Services, Drivers, Processes & Internet niets uit.

[*]Vink bij Optional Scan ook List BCD, Drivers MD5 & Addition.txt aan.

[*]Druk op de Scan knop.

[*]Er worden twee logbestanden aangemaakt worden (FRST.txt)+ (Addition.txt) op dezelfde plaats vanwaar de 'tool' is gestart.

[*]Voeg deze logbestanden toe in je volgende bericht.

pagigoli · 16 feb 2015

zoek results.log

Ik ga ervan uit dat ik deze raporten moet toevoegen aan het " volgend bericht" en dat dit op deze plaats is. Mijn probleem is niet opgelost, merk ik.

Zoek.exe v5.0.0.0 Updated 15-February-2015
Tool run by Paul on ma 16/02/2015 at 13:50:34,27.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Paul\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16/02/2015 13:54:26 Zoek.exe System Restore Point Created Succesfully.

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Ath_CopyHook {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\FolderViewImpl.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\ClearfiCopyHook {ED32C084-BABB-11E1-B491-D4D66088709B} C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll

==== Empty Folders Check ======================

C:\PROGRA~3\regid.1986-12.com.adobe deleted successfully
C:\Users\greet_000\AppData\Roaming\SafeKey deleted successfully
C:\Users\Paul\AppData\Roaming\idesktop deleted successfully
C:\Users\greet_000\AppData\Local\PackageStaging deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Users\Paul\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8140 MB
CPU Info: AMD A10-6700 APU with Radeon(tm) HD Graphics
CPU Speed: 3754,7 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: AMD Radeon R5 235 | AMD Radeon R5 235
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1024 X 819 - 32 bit
Network: Network Present
Network Adapters: Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Inventec PCIe GBE Family Controller | Qualcomm Atheros AR5BWB222 Wireless Network Adapter
CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GHB0N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C: 161,6GB | D: 455,1GB
Hard Disks - Free: C: 87,2GB | D: 414,3GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | | ACRSYS - 1072009
Time Zone: West-Europa (standaardtijd)
Motherboard *: Acer Aspire TC-105
Country: Belgi‰
Language: NLB

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: McAfee Antivirus en antispyware On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)
Anti-Spyware: McAfee Antivirus en antispyware disabled (Outdated)
Firewall: McAfee Firewall disabled
Default Browser: Firefox 35.0.1
Internet Explorer Version: 11.0.9600.16663
Mozilla Firefox version: 35.0.1 (x86 nl)
Flash Player version: 16.0.0.305

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-02-16 11:42:41 D2EC23C0FE985F0C33E3328A90E0F79A 99 ----a-w- C:\Windows\Reimage.ini
2015-01-21 17:14:42 63DC38C3E4564B2405D562855643ABA2 2328872 ----a-w- C:\Windows\explorer.exe
====== C:\Users\Paul\AppData\Local\Temp ====
2015-02-15 16:08:54 1DA3C20009CDEF72F67C86FCE639F679 32372200 ----a-w- C:\Users\Paul\AppData\Local\Temp\lptmp437825767\safekey.exe
2015-02-07 11:17:11 3E1638CFF8984DA7B6682ED73734C498 61869384 ----a-w- C:\Users\greet_000\AppData\Local\Temp\oct4E7A.tmp.exe
2015-02-06 20:04:48 518EEAB387D03175AC167D0006591FC2 3256600 ----a-w- C:\Users\greet_000\AppData\Local\Temp\nsj8DB2.tmp\___ocnsis.dll
2015-02-06 18:52:45 F28C684A9D3BB41BD4BFF6AF93FDEDE2 61870384 ----a-w- C:\Users\greet_000\AppData\Local\Temp\oct887.tmp.exe
2015-02-06 18:04:54 8AAF2D6BAEA7180A4A55C7EB32A4E412 3256600 ----a-w- C:\Users\greet_000\AppData\Local\Temp\nsh2680.tmp\___ocnsis.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-02-12 16:40:22 9A642F163F1FB12DE395A6010A9AD687 189920 ----a-w- C:\Windows\Sysnative\mfevtps.exe
====== C:\Windows\Sysnative\drivers =====
2015-02-16 11:55:22 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-02-16 11:54:58 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2015-02-16 11:54:58 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2015-02-16 11:54:58 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-02-14 23:56:07 F51065667FB127CF6DE984DAEA2F6B24 285208 ----a-w- C:\Windows\Sysnative\drivers\tmcomm.sys
2015-02-12 16:45:59 947EA0AFF75E3E70D5BE9F88F6325F30 2641 ----a-w- C:\Windows\Sysnative\drivers\mfencrk.inf
2015-02-12 16:45:59 628DC155C32875B286B2742D10D196C2 5442 ----a-w- C:\Windows\Sysnative\drivers\mfencbdc.inf
2015-02-12 16:45:58 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\Sysnative\drivers\HipShieldK.sys
2015-01-23 12:29:25 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\Sysnative\drivers\EsgScanner.sys
2015-01-22 15:14:55 DAEF5180E390E56F354FE6D69D354EBC 11376 ------w- C:\Windows\Sysnative\drivers\cdralw2k.sys
2015-01-22 15:14:55 13E531377E9BAA6E37F6471E0E8277AC 10864 ------w- C:\Windows\Sysnative\drivers\cdr4_xp.sys
2015-01-22 15:14:55 07D57B890DD5693A6AB660CBAE8F91B4 56336 ------w- C:\Windows\Sysnative\drivers\PxHlpa64.sys
2015-01-21 17:25:02 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-01-21 17:19:04 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2015-01-21 17:19:02 C85C075DE5B6D0FE116043054DE8EE02 311640 ----a-w- C:\Windows\Sysnative\drivers\volsnap.sys
2015-01-21 17:18:52 B8B663BE41827211737F627473D6D192 377176 ----a-w- C:\Windows\Sysnative\drivers\clfs.sys
2015-01-21 17:18:52 725EF69B2DBEB7B33280019A556201BC 2008408 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2015-01-21 17:18:00 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2015-01-21 17:17:59 DF355EB0199198728027962DCFCDE5FB 121088 ----a-w- C:\Windows\Sysnative\drivers\USBAUDIO.sys
2015-01-21 17:17:59 D22EB844EB57D016CC34178AC86456DF 325464 ----a-w- C:\Windows\Sysnative\drivers\USBXHCI.SYS
2015-01-21 17:17:59 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\Windows\Sysnative\drivers\rdbss.sys
2015-01-21 17:17:59 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys
2015-01-21 17:17:24 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys
2015-01-21 17:17:23 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys
2015-01-21 17:17:23 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys
2015-01-21 17:16:59 ED39D676080A1AEA755F1DEC1A8DF1A4 1119064 ----a-w- C:\Windows\Sysnative\drivers\ndis.sys
2015-01-21 17:16:59 79B6F3DF7CDFD12159871FF71464F0CE 403456 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
2015-01-21 17:16:58 B7342B3C58E91107F6E946A93D9D4EFD 142848 ----a-w- C:\Windows\Sysnative\drivers\ipnat.sys
2015-01-21 17:16:58 4628B415A84EA9D4D396A56F1D0CB6C6 142680 ----a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS
2015-01-21 17:16:58 1C89EF529DB7DCA98E801EFDCC8437DE 19456 ----a-w- C:\Windows\Sysnative\drivers\BtaMPM.sys
2015-01-21 17:15:38 F6EBE514D13ECE7EDC23440039CDF9AB 372568 ----a-w- C:\Windows\Sysnative\drivers\spaceport.sys
2015-01-21 17:15:38 B9D968D8E2B0F9C6301CEB39CFC9B9E4 86872 ----a-w- C:\Windows\Sysnative\drivers\pdc.sys
2015-01-21 17:15:38 139CFCDCD36B1B1782FD8C0014AC9B0E 39768 ----a-w- C:\Windows\Sysnative\drivers\intelpep.sys
2015-01-21 17:15:38 0044B31F93946D5D41982314381FE431 146776 ----a-w- C:\Windows\Sysnative\drivers\SerCx2.sys
2015-01-21 17:14:39 486F21443BD82029284AE82F238DA44C 270848 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys
2015-01-21 17:14:39 3D30878A269D934100FA5F972E53AF39 523096 ----a-w- C:\Windows\Sysnative\drivers\acpi.sys
2015-01-21 17:14:38 847C6A08912C3515807049C93E526D65 258904 ----a-w- C:\Windows\Sysnative\drivers\rdyboost.sys
2015-01-21 17:14:38 6B06E2D11E604BE2B1A406C4CB3B90DE 57176 ----a-w- C:\Windows\Sysnative\drivers\stornvme.sys
2015-01-21 17:14:38 433ECDE01A52691FA7ACA51C10C09B70 155480 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys
2015-01-21 17:14:38 2B78788A1485F9B99A578A299DF42C02 454656 ----a-w- C:\Windows\Sysnative\drivers\srv.sys
2015-01-21 17:14:38 10EDF9E0838BA4578FFFFF274632D454 1200640 ----a-w- C:\Windows\Sysnative\drivers\bthport.sys
2015-01-21 17:14:38 0E7FA34B975764C33B5DBC6F8C401627 81920 ----a-w- C:\Windows\Sysnative\drivers\BTHUSB.SYS
2015-01-21 17:12:42 C1AE59C0B0817236EC083A91C396005A 675328 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys
2015-01-21 17:12:41 C0E33820326199CE3CFD3B9F27F81D99 467800 ----a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS
2015-01-21 17:12:41 ADDECBCC777665BD113BED437E602AB0 101208 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2015-01-21 17:12:41 AAF56E4E84D35411B4E446C445732DFE 207360 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
2015-01-21 17:12:41 55FE43112F61836D0581D615C72AA113 97280 ----a-w- C:\Windows\Sysnative\drivers\agilevpn.sys
2015-01-21 17:12:41 2F9A3380B8C0380E5608E29C7AA66899 236376 ----a-w- C:\Windows\Sysnative\drivers\sdbus.sys
2015-01-21 17:12:40 E194BE41AE3C80CFBBEBAC3394160091 151384 ----a-w- C:\Windows\Sysnative\drivers\dumpsd.sys
2015-01-21 17:12:40 02307C86CB24769306B0DFA0C751952E 167424 ----a-w- C:\Windows\Sysnative\drivers\rfcomm.sys
2015-01-21 17:12:39 83E1F0983B02A6F8EC764D18E24ECF10 579416 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys
2015-01-21 17:12:38 CF8B989D89D6807B887690F2CF24EFD9 442368 ----a-w- C:\Windows\Sysnative\drivers\nwifi.sys
2015-01-21 17:12:38 A026EDEAA5EECAE0B08E2748B616D4BD 175960 ----a-w- C:\Windows\Sysnative\drivers\VerifierExt.sys
2015-01-21 17:12:38 77195C32175FC63D6054EBA5A066D727 244224 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys
2015-01-21 17:12:38 65EBBB459B66C818E809DD8135DCFFA2 285696 ----a-w- C:\Windows\Sysnative\drivers\ks.sys
2015-01-21 17:12:38 04951A9A937CBE28A2D3FEEA360B6D1F 83456 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2015-01-21 17:08:50 2E3E82D7B1076B90F4E228A8EF17B261 136536 ----a-w- C:\Windows\Sysnative\drivers\wfplwfs.sys
2015-01-21 15:56:05 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-01-21 15:47:35 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\Sysnative\drivers\lvuvc.hs
2015-01-21 06:01:54 BF5782442E0CD15284A180589D9822B8 681688 ----a-w- C:\Windows\Sysnative\drivers\rtlh64.sys
====== C:\Windows\Tasks ======
2015-02-16 11:46:17 D4FCBE30C17093B2A3DFF856FE13B1D0 3106 ----a-w- C:\Windows\Sysnative\Tasks\{EE6D86CD-E44C-4707-B68F-EA92FC4B2C76}
2015-01-25 13:57:24 -------- d-----w- C:\Windows\Sysnative\Tasks\NCH Software
2015-01-23 11:25:02 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking
2015-01-22 22:25:12 B913E92FEC430FEECE59F4DE96A64EC1 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 22:25:12 62484A3B51D1BCB369C016275FD89F2B 3828 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater
2015-01-22 14:54:52 A3E5A84280E52614C998F9FCC3B7BA79 1092 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 14:54:52 2FE666915DB94616902CBC07ED91302F 4064 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2015-01-22 14:54:51 E1E4F2BDB8E720144FD408C0E81DCA46 3828 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2015-01-22 14:54:51 CDBF64590DE9C30337B7B376EF7807D7 1088 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 19:15:48 FB49E3289FDE892808CFA76D582E5407 3598 ----a-w- C:\Windows\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2949859425-3516228941-3552613829-1004
2015-01-21 19:15:44 97C03D4999992FDF836D542DEE583941 3994 ----a-w- C:\Windows\Sysnative\Tasks\User_Feed_Synchronization-{17D45CA2-C6CE-4D9C-8FB5-7856D57D7945}
2015-01-21 15:51:16 64B8B26303C9526F7AECBCD5C80A967C 3974 ----a-w- C:\Windows\Sysnative\Tasks\User_Feed_Synchronization-{159AAC6D-5134-4E82-AC76-EAE317111FF7}
2015-01-21 15:50:14 6B09FDCDD867B468D6D2D1F038B27F0F 3334 ----a-w- C:\Windows\Sysnative\Tasks\AcerCloud
2015-01-21 15:47:21 F6276164CCBDFA071AB1B8EEC64CDE1A 3598 ----a-w- C:\Windows\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2949859425-3516228941-3552613829-1001
2015-01-21 15:42:20 -------- d-----w- C:\Windows\Sysnative\Tasks\WPD
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-23 12:29:19 -------- d-----w- C:\Program Files\Enigma Software Group
2015-01-22 15:33:51 -------- d-----w- C:\Program Files\Vuze
2015-01-22 15:21:17 -------- d-----w- C:\Program Files\Adobe
2015-01-22 15:17:40 -------- d-----w- C:\Program Files\Common Files\Adobe
2015-01-21 17:54:14 -------- d--h--w- C:\Program Files\CanonBJ
2015-01-21 17:34:25 -------- d-----w- C:\Program Files\Canon
2015-01-21 15:42:01 -------- d-----w- C:\Program Files\Accessory Store
======= C:\PROGRA~2 =====
2015-02-12 16:46:07 32372200 ----a-w- C:\PROGRA~2\COMMON~1\lpuninstall.exe
2015-02-12 16:14:00 -------- d-----w- C:\PROGRA~2\Citrix
2015-01-25 14:02:43 -------- d-----w- C:\PROGRA~2\Freemake
2015-01-25 13:57:18 -------- d-----w- C:\PROGRA~2\NCH Software
2015-01-25 13:55:01 -------- d-----w- C:\PROGRA~2\coverXP
2015-01-25 13:31:56 -------- d-----w- C:\PROGRA~2\CDBurnerXP
2015-01-22 15:14:31 -------- d-----w- C:\PROGRA~2\COMMON~1\Sonic Shared
2015-01-22 15:14:31 -------- d-----w- C:\PROGRA~2\COMMON~1\PX Storage Engine
2015-01-22 15:13:36 -------- d-----w- C:\PROGRA~2\Adobe
2015-01-22 15:13:05 -------- d-----w- C:\PROGRA~2\COMMON~1\Adobe
2015-01-22 14:54:51 -------- d-----w- C:\PROGRA~2\Google
2015-01-22 14:43:25 -------- d-----w- C:\PROGRA~2\Foxit Software
2015-01-22 12:39:01 -------- d-----w- C:\PROGRA~2\IrfanView
2015-01-22 12:35:37 -------- d-----w- C:\PROGRA~2\VideoLAN
2015-01-21 19:49:39 -------- d-----w- C:\PROGRA~2\1st Free Solitaire
2015-01-21 19:43:06 -------- d-----w- C:\PROGRA~2\OpenOffice 4
2015-01-21 19:36:15 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2015-01-21 19:36:15 -------- d-----r- C:\PROGRA~2\Skype
2015-01-21 17:31:48 -------- d-----w- C:\PROGRA~2\Canon
2015-01-21 16:09:06 -------- d-----w- C:\PROGRA~2\Mozilla Thunderbird
2015-01-21 15:59:02 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service
======= C: =====
2015-01-23 12:30:19 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
2015-01-22 00:18:50 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Recovery.txt
====== C:\Users\Paul\AppData\Roaming ======
2015-02-16 11:35:05 -------- d-----w- C:\Users\Paul\AppData\Local\ElevatedDiagnostics
2015-02-15 15:49:38 -------- d-----w- C:\Users\Paul\AppData\Local\Diagnostics
2015-02-15 00:02:53 A108E1F75281E883F2020FBB36000F0F 444563 ----a-w- C:\Users\Paul\AppData\Local\census.cache
2015-02-15 00:02:52 F2B3EEAC446ECD86220C6D83A95AE2C8 190762 ----a-w- C:\Users\Paul\AppData\Local\ars.cache
2015-02-15 00:00:22 3205E7255EF3766BA4D4DD939B91EFE0 10 ----a-w- C:\Users\Paul\AppData\Local\sponge.last.runtime.cache
2015-02-14 23:56:04 204C1D397B23DA63206643CB65476FE1 36 ----a-w- C:\Users\Paul\AppData\Local\housecall.guid.cache
2015-02-12 17:41:10 -------- d-----w- C:\Users\greet_000\AppData\Locallow\SafeKeytmp
2015-02-12 17:41:10 -------- d-----w- C:\Users\greet_000\AppData\Locallow\SafeKeylang
2015-02-12 17:41:02 -------- d-----w- C:\Users\greet_000\AppData\Locallow\SafeKey
2015-02-12 16:45:59 -------- d-----w- C:\Users\Paul\AppData\Locallow\SafeKeytmp
2015-02-12 16:45:59 -------- d-----w- C:\Users\Paul\AppData\Locallow\SafeKeylang
2015-02-12 16:13:57 -------- d-----w- C:\Users\Paul\AppData\Local\Citrix
2015-02-06 09:59:23 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google
2015-01-26 23:40:27 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft
2015-01-25 14:03:05 -------- d-----w- C:\Users\Paul\AppData\Roaming\YoutubeToMp3Converter
2015-01-25 14:02:54 -------- d-----w- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-25 13:57:14 -------- d-----w- C:\Users\Paul\AppData\Roaming\NCH Software
2015-01-25 13:55:02 -------- d-----w- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\coverXP
2015-01-25 13:47:35 -------- d-----w- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CdCoverCreator
2015-01-25 13:38:49 -------- d-----w- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CDCoverPrint
2015-01-25 13:31:58 -------- d-----w- C:\Users\Paul\AppData\Roaming\Canneverbe Limited
2015-01-25 13:04:21 -------- d-----w- C:\Users\Paul\AppData\Roaming\Canon
2015-01-23 11:30:40 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs
2015-01-23 10:30:27 -------- d-----w- C:\Users\greet_000\AppData\Locallow\Temp
2015-01-22 22:14:55 -------- d-----w- C:\Users\Paul\AppData\Roaming\ClassicShell
2015-01-22 19:48:32 -------- d-----w- C:\Users\greet_000\AppData\Local\CrashDumps
2015-01-22 15:40:28 -------- d-----w- C:\Users\greet_000\AppData\Local\Adobe
2015-01-22 15:34:05 -------- d-----w- C:\Users\Paul\AppData\Roaming\Azureus
2015-01-22 15:13:05 -------- d-----w- C:\Users\Paul\AppData\Local\Adobe
2015-01-22 15:01:51 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps
2015-01-22 14:55:12 -------- d-----w- C:\Users\Paul\AppData\Locallow\Google
2015-01-22 14:54:49 -------- d-----w- C:\Users\Paul\AppData\Local\Google
2015-01-22 14:44:15 -------- d-----w- C:\Users\Paul\AppData\Roaming\Foxit Software
2015-01-22 14:44:03 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Foxit Software
2015-01-22 14:43:54 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Foxit Software
2015-01-22 14:41:58 -------- d-----w- C:\Users\Paul\AppData\Local\Programs
2015-01-22 12:36:18 -------- d-----w- C:\Users\Paul\AppData\Roaming\vlc
2015-01-22 12:14:12 -------- d-----w- C:\Users\Paul\AppData\Roaming\IrfanView
2015-01-21 23:33:05 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages
2015-01-21 20:07:54 -------- d-----w- C:\Users\Paul\AppData\Local\Skype
2015-01-21 20:07:53 -------- d-----w- C:\Users\Paul\AppData\Roaming\Skype
2015-01-21 20:07:16 -------- d-----w- C:\Users\Paul\AppData\Roaming\OpenOffice
2015-01-21 19:49:50 -------- d-----w- C:\Users\greet_000\AppData\Roaming\1st Free Solitaire
2015-01-21 19:49:39 -------- d-----w- C:\Users\Paul\AppData\Roaming\1st Free Solitaire
2015-01-21 19:43:54 -------- d-----w- C:\Users\greet_000\AppData\Roaming\OpenOffice
2015-01-21 19:36:21 -------- d-----w- C:\Users\greet_000\AppData\Local\Skype
2015-01-21 19:36:18 -------- d-----w- C:\Users\greet_000\AppData\Roaming\Skype
2015-01-21 19:18:17 -------- d-----w- C:\Users\greet_000\AppData\Roaming\Thunderbird
2015-01-21 19:18:17 -------- d-----w- C:\Users\greet_000\AppData\Local\Thunderbird
2015-01-21 19:13:02 -------- d-----w- C:\Users\greet_000\AppData\Roaming\Mozilla
2015-01-21 19:13:02 -------- d-----w- C:\Users\greet_000\AppData\Local\Mozilla
2015-01-21 17:02:02 -------- d-----w- C:\Users\Paul\AppData\Local\Acer Aspire R7 Tutorial
2015-01-21 16:52:07 -------- d-----w- C:\Users\Paul\AppData\Local\iGware
2015-01-21 16:17:25 -------- d-----w- C:\Users\greet_000\AppData\Local\BMExplorer
2015-01-21 16:16:58 -------- d-----w- C:\Users\greet_000\AppData\Local\clear.fi
2015-01-21 16:16:57 -------- d-----w- C:\Users\greet_000\AppData\Local\AOP SDK
2015-01-21 16:16:53 -------- d-----w- C:\Users\greet_000\AppData\Roaming\Atheros
2015-01-21 16:16:44 -------- d-----w- C:\Users\greet_000\AppData\Local\iGware
2015-01-21 16:15:40 -------- d-----r- C:\Users\greet_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2015-01-21 16:15:40 -------- d-----r- C:\Users\greet_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2015-01-21 16:15:36 -------- d-----w- C:\Users\greet_000\AppData\Roaming\Adobe
2015-01-21 16:15:35 -------- d-----w- C:\Users\greet_000\AppData\Local\VirtualStore
2015-01-21 16:15:32 -------- d-----w- C:\Users\greet_000\AppData\Local\Packages
2015-01-21 16:15:31 -------- d-s---w- C:\Users\greet_000\AppData\Locallow\Microsoft
2015-01-21 16:15:10 -------- d-s---w- C:\Users\greet_000\AppData\Roaming\Microsoft
2015-01-21 16:15:10 -------- d-----w- C:\Users\greet_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-21 16:15:10 -------- d-----w- C:\Users\greet_000\AppData\Local\Temp
2015-01-21 16:15:10 -------- d-----w- C:\Users\greet_000\AppData\Local\Pokki
2015-01-21 16:15:10 -------- d-----w- C:\Users\greet_000\AppData\Local\Microsoft
2015-01-21 16:15:10 -------- d-----r- C:\Users\greet_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-21 16:15:10 -------- d-----r- C:\Users\greet_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-21 16:15:10 -------- d-----r- C:\Users\greet_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-21 16:09:15 -------- d-----w- C:\Users\Paul\AppData\Roaming\Thunderbird
2015-01-21 16:09:15 -------- d-----w- C:\Users\Paul\AppData\Local\Thunderbird
2015-01-21 15:59:16 -------- d-s---w- C:\Windows\serviceprofiles\Localservice\AppData\Locallow\Microsoft
2015-01-21 15:59:12 -------- d-----w- C:\Users\Paul\AppData\Roaming\Mozilla
2015-01-21 15:59:12 -------- d-----w- C:\Users\Paul\AppData\Local\Mozilla
2015-01-21 15:53:50 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\clear.fi
2015-01-21 15:53:48 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Acer
2015-01-21 15:53:17 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\acer
2015-01-21 15:50:23 -------- d-s---w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Microsoft
2015-01-21 15:50:18 -------- d-----w- C:\Users\Paul\AppData\Local\CrashDumps
2015-01-21 15:49:55 -------- d-----w- C:\Users\Paul\AppData\Local\Acer
2015-01-21 15:49:50 -------- d-----w- C:\Users\Paul\AppData\Local\AOP SDK
2015-01-21 15:49:29 -------- d-----w- C:\Users\Paul\AppData\Roaming\acer
2015-01-21 15:47:00 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm
2015-01-21 15:46:54 -------- d-----w- C:\Users\Paul\AppData\Local\AcerCloud
2015-01-21 15:44:28 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking
2015-01-21 15:43:38 -------- d-----w- C:\Users\Paul\AppData\Local\clear.fi
2015-01-21 15:43:11 -------- d-s---w- C:\Windows\serviceprofiles\networkservice\AppData\Locallow\Microsoft
2015-01-21 15:43:05 -------- d-----w- C:\Users\Paul\AppData\Local\BMExplorer
2015-01-21 15:42:35 -------- d-----w- C:\Users\Paul\AppData\Roaming\Atheros
2015-01-21 15:41:49 -------- d-----r- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2015-01-21 15:41:49 -------- d-----r- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2015-01-21 15:41:37 -------- d-----w- C:\Users\Paul\AppData\Roaming\Adobe
2015-01-21 15:41:36 -------- d-----w- C:\Users\Paul\AppData\Local\VirtualStore
2015-01-21 15:41:32 -------- d-----w- C:\Users\Paul\AppData\Local\Packages
2015-01-21 15:40:16 -------- d-s---w- C:\Users\Paul\AppData\Locallow\Microsoft
2015-01-21 15:40:14 -------- d-s---w- C:\Users\Paul\AppData\Roaming\Microsoft
2015-01-21 15:40:14 -------- d-----w- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-21 15:40:14 -------- d-----w- C:\Users\Paul\AppData\Local\Temp
2015-01-21 15:40:14 -------- d-----w- C:\Users\Paul\AppData\Local\Pokki
2015-01-21 15:40:14 -------- d-----w- C:\Users\Paul\AppData\Local\Microsoft
2015-01-21 15:40:14 -------- d-----r- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-21 15:40:14 -------- d-----r- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-21 15:40:14 -------- d-----r- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-21 15:36:07 -------- d-s---w- C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Microsoft
====== C:\Users\Paul ======
2015-02-16 11:53:38 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\Paul\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-16 11:42:34 C415A66AB37A072C0279C9F902B85FC2 775968 ----a-w- C:\Users\Paul\Downloads\ReimageRepair.exe
2015-02-15 16:20:37 BD40CF04C215DD43ABB1B778EBEB4926 1167400 ----a-w- C:\Users\Paul\Downloads\yet_another_cleaner_sk_3733462.exe
2015-02-14 23:55:54 57E86EA1E1AEBF898496F38D10A57664 2494560 ----a-w- C:\Users\Paul\Downloads\HousecallLauncher64.exe
2015-02-12 16:36:30 -------- d-----w- C:\Windows\serviceprofiles\Localservice\winhttp
2015-02-12 16:06:15 5C6E4E513BF7AE4D9FD4EBBC9FC88965 584560 ----a-w- C:\Users\Paul\Downloads\MVTInstaller.exe
2015-02-05 13:09:04 C7969516D87176867BD5AE772967006F 3894696 ----a-w- C:\Users\Paul\Downloads\Reparatieprogramma_voor_Fout_0xAB__WinThruster.exe
2015-01-25 14:02:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-25 14:02:54 -------- d-----w- C:\ProgramData\Freemake
2015-01-25 13:57:24 -------- d-----w- C:\ProgramData\NCH Software
2015-01-25 13:55:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coverXP
2015-01-25 13:39:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDCoverPrint
2015-01-23 13:50:28 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol
2015-01-23 12:29:58 -------- d-----w- C:\Users\Paul\Start Menu
2015-01-22 22:14:55 -------- d-----w- C:\ProgramData\ClassicShell
2015-01-22 15:34:47 -------- d-----w- C:\Users\Paul\.swt
2015-01-22 15:13:05 -------- d-----w- C:\ProgramData\Adobe
2015-01-22 14:55:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-01-22 14:44:00 -------- d-----w- C:\Users\Public\Foxit Software
2015-01-22 12:35:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-21 23:32:59 -------- d--h--r- C:\Users\Public\AccountPictures
2015-01-21 20:22:20 -------- d--h--w- C:\ProgramData\CanonIJEGV
2015-01-21 20:08:42 -------- d-----w- C:\Users\Paul\Tracing
2015-01-21 19:49:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1st Free Solitaire
2015-01-21 19:43:32 -------- d-s---w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-01-21 19:37:19 -------- d-----w- C:\Users\greet_000\Tracing
2015-01-21 19:36:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-21 19:36:09 -------- d-----w- C:\ProgramData\Skype
2015-01-21 17:54:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan 8800F
2015-01-21 17:35:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikersregistratie voor Canon iP3600 series
2015-01-21 17:34:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-01-21 17:33:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP3600 series Manual
2015-01-21 17:32:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP3600 series
2015-01-21 17:20:03 -------- d--h--w- C:\ProgramData\CanonBJ
2015-01-21 16:19:25 -------- d---a-r- C:\Users\greet_000\SkyDrive
2015-01-21 16:16:59 -------- d-----w- C:\Users\greet_000\PicStream
2015-01-21 16:15:40 -------- d-----r- C:\Users\greet_000\Searches
2015-01-21 16:15:39 -------- d-----r- C:\Users\greet_000\Contacts
2015-01-21 16:15:24 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\greet_000\ntuser.ini
2015-01-21 16:15:10 -------- d--h--w- C:\Users\greet_000\AppData
2015-01-21 16:15:10 -------- d-----r- C:\Users\greet_000\Videos
2015-01-21 16:15:10 -------- d-----r- C:\Users\greet_000\Saved Games
2015-01-21 16:15:10 -------- d-----r- C:\Users\greet_000\Pictures
2015-01-21 16:15:10 -------- d-----r- C:\Users\greet_000\Music
2015-01-21 16:15:10 -------- d-----r- C:\Users\greet_000\Links
2015-01-21 16:15:10 -------- d-----r- C:\Users\greet_000\Favorites
2015-01-21 16:15:10 -------- d-----r- C:\Users\greet_000\Downloads
2015-01-21 16:15:10 -------- d-----r- C:\Users\greet_000\Documents
2015-01-21 16:15:10 -------- d-----r- C:\Users\greet_000\Desktop
2015-01-21 15:59:03 -------- d-----w- C:\ProgramData\Mozilla
2015-01-21 15:48:43 -------- d-----w- C:\Users\Public\OEM
2015-01-21 15:45:44 -------- d---a-r- C:\Users\Paul\SkyDrive
2015-01-21 15:44:50 -------- d-----w- C:\Users\Public\Pokki
2015-01-21 15:43:38 -------- d-----w- C:\Users\Paul\PicStream
2015-01-21 15:42:01 -------- d-----w- C:\ProgramData\OEM
2015-01-21 15:41:58 -------- d-----w- C:\ProgramData\OEM_YAHOO
2015-01-21 15:41:49 -------- d-----r- C:\Users\Paul\Searches
2015-01-21 15:41:48 -------- d-----r- C:\Users\Paul\Contacts
2015-01-21 15:40:15 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Paul\ntuser.ini
2015-01-21 15:40:14 -------- d--h--w- C:\Users\Paul\AppData
2015-01-21 15:40:14 -------- d-----r- C:\Users\Paul\Videos
2015-01-21 15:40:14 -------- d-----r- C:\Users\Paul\Saved Games
2015-01-21 15:40:14 -------- d-----r- C:\Users\Paul\Pictures
2015-01-21 15:40:14 -------- d-----r- C:\Users\Paul\Music
2015-01-21 15:40:14 -------- d-----r- C:\Users\Paul\Links
2015-01-21 15:40:14 -------- d-----r- C:\Users\Paul\Favorites
2015-01-21 15:40:14 -------- d-----r- C:\Users\Paul\Downloads
2015-01-21 15:40:14 -------- d-----r- C:\Users\Paul\Documents
2015-01-21 15:40:14 -------- d-----r- C:\Users\Paul\Desktop

====== C: exe-files ==
2015-02-16 12:39:30 5F1A63958A530A65597537A1BC2B1958 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2949859425-3516228941-3552613829-1001\$IZX8NXY.exe
2015-02-16 11:53:38 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\Paul\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-16 11:42:34 C415A66AB37A072C0279C9F902B85FC2 775968 ----a-w- C:\Users\Paul\Downloads\ReimageRepair.exe
2015-02-15 16:20:37 BD40CF04C215DD43ABB1B778EBEB4926 1167400 ----a-w- C:\Users\Paul\Downloads\yet_another_cleaner_sk_3733462.exe
2015-02-15 16:08:54 1DA3C20009CDEF72F67C86FCE639F679 32372200 ----a-w- C:\Users\Paul\AppData\Local\Temp\lptmp437825767\safekey.exe
2015-02-14 23:55:54 57E86EA1E1AEBF898496F38D10A57664 2494560 ----a-w- C:\Users\Paul\Downloads\HousecallLauncher64.exe
2015-02-12 17:41:11 F9807320B9E9E8399D013F37EAC7A035 7300152 ----a-w- C:\Users\greet_000\AppData\LocalLow\SafeKey\LastPassBroker.exe
2015-02-12 17:41:11 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\greet_000\AppData\LocalLow\SafeKey\find_bluetooth.exe
2015-02-12 16:46:07 1DA3C20009CDEF72F67C86FCE639F679 32372200 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-02-12 16:40:22 9A642F163F1FB12DE395A6010A9AD687 189920 ----a-w- C:\Windows\System32\mfevtps.exe
2015-02-12 16:13:57 B1FE8DD8C7D5D70BA7F8F1FEBF560244 2605856 ----a-w- C:\Users\Paul\AppData\Local\Citrix\GoToAssist Corporate\1019\GoToAssist_Corporate_Customer.exe
2015-02-12 16:06:15 5C6E4E513BF7AE4D9FD4EBBC9FC88965 584560 ----a-w- C:\Users\Paul\Downloads\MVTInstaller.exe
=== C: other files ==
2015-02-16 11:55:22 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-16 11:54:58 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-02-16 11:54:58 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-02-16 11:54:58 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-02-15 16:08:53 0374057DAADEC3901E31F60799485833 2504044 ----a-w- C:\Users\Paul\AppData\Local\Temp\lptmp437825767\lp_languages.zip
2015-02-15 15:42:35 A6927C4AC46FAEA60D263D87C06062A9 133000 ----a-w- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\pg6typzt.default-1421881613730\extensions\adblockpopups@jessehakanen.net.xpi
2015-02-14 23:56:07 F51065667FB127CF6DE984DAEA2F6B24 285208 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2015-02-12 16:45:58 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2015-02-12 16:45:32 B330B4A4F5E41462AB334A26897856BD 70608 ----a-w- C:\Windows\ELAMBKUP\mfeelamk.sys
2015-02-11 14:21:24 881BFD656D8004C4F8CF54B2A8899B70 135342 ----a-w- C:\Users\Paul\AppData\Roaming\Azureus\plugins\azpromo\azpromo_1.1.4.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2949859425-3516228941-3552613829-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Pokki"=""%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON"

[HKEY_USERS\S-1-5-21-2949859425-3516228941-3552613829-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #0"="C:\Users\Paul\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Paul\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BacKGround Agent"="C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe"
"abDocsDllLoader"="C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"mcpltui_exe"="C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe /platui /runkey"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pokki"=""%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #0"="C:\Users\Paul\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend=C:\Users\Paul\AppData\Local\Pokki\Engine\inspector --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"

==== Startup Folders ======================

2015-02-15 16:09:00 2178 ----a-w- C:\Users\greet_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04/02/2015 20:33]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22/01/2015 15:54]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22/01/2015 15:54]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\AcerCloud" [C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe]
"C:\Windows\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Hotkey Utility" ["C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe"]
"C:\Windows\SysNative\tasks\Norton Online Backup ARA" [C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{159AAC6D-5134-4E82-AC76-EAE317111FF7}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{17D45CA2-C6CE-4D9C-8FB5-7856D57D7945}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\NCH Software\SwitchSevenDays" [C:\Program Files (x86)\NCH Software\Switch\Switch.exe]
"C:\Windows\SysNative\tasks\Recovery Management\Notification" [C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2015-01-21 15:41:58 -------- d-----w- C:\PROGRA~3\OEM_YAHOO
2015-01-21 15:42:01 -------- d-----w- C:\PROGRA~3\OEM
2015-01-21 15:59:03 -------- d-----w- C:\PROGRA~3\Mozilla
2015-01-21 17:20:03 -------- d--h--w- C:\PROGRA~3\CanonBJ
2015-01-21 19:36:09 -------- d-----w- C:\PROGRA~3\Skype
2015-01-21 20:22:20 -------- d--h--w- C:\PROGRA~3\CanonIJEGV
2015-01-22 15:13:05 -------- d-----w- C:\PROGRA~3\Adobe
2015-01-22 22:14:55 -------- d-----w- C:\PROGRA~3\ClassicShell
2015-01-23 11:24:52 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2015-01-25 13:57:24 -------- d-----w- C:\PROGRA~3\NCH Software
2015-01-25 14:02:54 -------- d-----w- C:\PROGRA~3\Freemake
2015-02-16 11:54:58 -------- d-----w- C:\PROGRA~3\Malwarebytes

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\GREET_~1\AppData\Roaming\Mozilla\Firefox\Profiles\eqbt6afr.default
user_pref("browser.startup.homepage", "http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-21m2na0_wcc3f1925593f1925593");
user_pref("browser.newtab.url", "http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-21m2na0_wcc3f1925593f1925593");
user_pref("browser.search.defaultenginename", "Web Search");

user_pref("browser.search.selectedEngine", "Web Search");

ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\pg6typzt.default-1421881613730
user_pref("browser.startup.homepage", "http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-21m2na0_wcc3f1925593f1925593");
user_pref("browser.newtab.url", "http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-21m2na0_wcc3f1925593f1925593");
user_pref("browser.search.selectedEngine", "Web Search");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [14/02/2015 21:05]

==== Firefox Extensions ======================

ProfilePath: C:\Users\GREET_~1\AppData\Roaming\Mozilla\Firefox\Profiles\eqbt6afr.default
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
- McAfee SafeKey - %ProfilePath%\extensions\{072844D3-7DEE-45F6-A406-E87F76302E4B}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\pg6typzt.default-1421881613730
- McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
- Undetermined - adblockpopups@jessehakanen.net
- Undetermined - {fad70c71-a732-24e9-e98a-de51f9a93268}
- Undetermined - {4ED1F68A-5463-4931-9384-8FFF5ED91D92}
- Zoom It - %ProfilePath%\extensions\{fad70c71-a732-24e9-e98a-de51f9a93268}
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\pg6typzt.default-1421881613730
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Paul\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
F20AB49A381EEC05319A352CBCAB3532 - C:\Users\Paul\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll - Pokki Download Helper

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[28/01/2015 15:25]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-21m2na0_wcc3f1925593f1925593"
"Default_Page_URL"="http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-21m2na0_wcc3f1925593f1925593"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-21m2na0_wcc3f1925593f1925593"
"Start Page"="http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-21m2na0_wcc3f1925593f1925593"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-21m2na0_wcc3f1925593f1925593"
"Start Page"="http://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10ezex-21m2na0_wcc3f1925593f1925593"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{718C2BF5-BCD8-4980-B058-3452760E8321} Unknown Url="Not_Found"

==== HijackThis Entries ======================

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [BacKGround Agent] C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
O4 - HKLM\..\Run: [abDocsDllLoader] C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
O4 - HKCU\..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Users\Paul\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Paul\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: SafeKey Fill Forms - file://C:\Users\Paul\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0127921423839559) (0127921423839559mcinstcleanup) - Unknown owner - C:\Windows\TEMP\012792~1.EXE (file missing)
O23 - Service: Adobe Active File Monitor V12 (AdobeActiveFileMonitor12.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: GamesAppIntegrationService - TODO: <Company name> - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on ma 16/02/2015 at 13:59:39,20 ======================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Paul at 2015-02-16 14:09:38
Running from C:\Users\Paul\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Antivirus en antispyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: McAfee Antivirus en antispyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1st Free Solitaire 1.2 (HKLM-x32\...\1STFREE_is1) (Version: 1.2 - BVS Development Corporation)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-2949859425-3516228941-3552613829-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.9.43466 - Pokki)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{B42680D0-FE58-E76D-EB90-13438A290E40}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)
Canon iP3600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series) (Version: - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CanoScan 8800F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
coverXP (remove only) (HKLM-x32\...\coverXP) (Version: - )
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3323.57 - CyberLink Corp.)
Elements 12 Organizer (x32 Version: 12.0 - Uw bedrijfsnaam) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.0 - Ellora Assets Corporation)
Gebruikersregistratie voor Canon iP3600 series (HKLM-x32\...\Gebruikersregistratie voor Canon iP3600 series) (Version: - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Host App Service (HKU\S-1-5-21-2949859425-3516228941-3552613829-1001\...\Pokki) (Version: 0.269.5.470 - Pokki)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware versie 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.191 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 nl)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 nl) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 nl)) (Version: 31.4.0 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
OpenOffice 4.1.1 (HKLM-x32\...\{89FD914D-4472-4E4F-8638-69E857E82DC9}) (Version: 4.11.9775 - Apache Software Foundation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Download Helper (HKU\S-1-5-21-2949859425-3516228941-3552613829-1001\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki)
Pokki Start Menu (HKU\S-1-5-21-2949859425-3516228941-3552613829-1001\...\Pokki_Start_Menu) (Version: 0.269.5.470 - Pokki)
PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.11 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

10-02-2015 13:55:03 Windows Update
13-02-2015 15:43:19 Windows Update
15-02-2015 01:01:54 Removed Citrix Online Launcher
16-02-2015 13:54:09 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0127AF8B-AD63-49B9-A917-BE9C5B12B768} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {02C8F167-3FC7-4CFF-9A1C-CDF27C206B8C} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {0F6383A4-0DD1-48D5-8563-529BF0FD11B8} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated)
Task: {145E5150-92C1-4725-B9E0-3EDF32901BD1} - System32\Tasks\NCH Software\SwitchSevenDays => C:\Program Files (x86)\NCH Software\Switch\Switch.exe [2014-02-13] (NCH Software)
Task: {3E7CF93A-A8A3-40F6-A485-A46294717A5B} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)
Task: {48019798-9D36-4647-8FA1-B892AA6E3C05} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {4C10E4B6-2951-4AAE-98A2-BB275A7FD5C3} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {517FC8D7-6F3F-4F4F-8850-25D66B1A6F9A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {535BF280-E5E9-4F79-BF92-215ACEF66598} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {5E3E863D-71DD-4EE9-BECD-EC1F82C9944E} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {9AB292EE-E72A-4131-8BE4-8660921B920D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-22] (Google Inc.)
Task: {A25DE333-2E83-4E38-8AC0-6CF11303DE81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {AF469946-C23F-4389-8620-D35135054F74} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-22] (Google Inc.)
Task: {B70A7A9E-5534-4252-ABB3-FE69F5B4D7FE} - System32\Tasks\{EE6D86CD-E44C-4707-B68F-EA92FC4B2C76} => pcalua.exe -a "C:\Program Files (x86)\Elex-tech\YAC\uninstall.exe"
Task: {DF01B88F-7DAC-439A-9EBC-5EE91709608B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {F24E85E5-0084-490E-BF55-65372417AF5B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-09 22:54 - 2013-07-31 02:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2013-09-25 11:04 - 2013-09-25 11:04 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 11:01 - 2013-09-25 11:01 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 11:08 - 2013-09-25 11:08 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-02-16 13:48 - 2015-02-16 13:48 - 01304576 _____ () C:\Users\Paul\Downloads\zoek.exe
2015-01-23 12:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-23 12:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-23 12:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-23 12:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-23 12:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-01-21 16:49 - 2015-01-21 16:49 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-01-27 00:40 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\greet_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\greet_000\Desktop\Facebook.website:TASKICON_0news-1751121550
AlternateDataStreams: C:\Users\greet_000\Desktop\Facebook.website:TASKICON_1messages-431041656
AlternateDataStreams: C:\Users\greet_000\Desktop\Facebook.website:TASKICON_2events-250898981
AlternateDataStreams: C:\Users\greet_000\Desktop\Facebook.website:TASKICON_3friends-215113587
AlternateDataStreams: C:\Users\Paul\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2949859425-3516228941-3552613829-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Paul\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\guy fawkesmasker.jpg
DNS Servers: 195.130.131.132 - 195.130.130.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2949859425-3516228941-3552613829-500 - Administrator - Disabled)
Gast (S-1-5-21-2949859425-3516228941-3552613829-501 - Limited - Disabled)
greet_000 (S-1-5-21-2949859425-3516228941-3552613829-1004 - Limited - Enabled) => C:\Users\greet_000
HomeGroupUser$ (S-1-5-21-2949859425-3516228941-3552613829-1003 - Limited - Enabled)
Paul (S-1-5-21-2949859425-3516228941-3552613829-1001 - Administrator - Enabled) => C:\Users\Paul

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2015 01:59:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: plugin-container.exe, versie: 35.0.1.5500, tijdstempel: 0x54c1f9f3
Naam van module met fout: mozalloc.dll, versie: 35.0.1.5500, tijdstempel: 0x54c1f224
Uitzonderingscode: 0x80000003
Foutmarge: 0x00001425
Id van proces met fout: 0x13b4
Starttijd van toepassing met fout: 0xplugin-container.exe0
Pad naar toepassing met fout: plugin-container.exe1
Pad naar module met fout: plugin-container.exe2
Rapport-id: plugin-container.exe3
Volledige pakketnaam met fout: plugin-container.exe4
Relatieve toepassings-id van pakket met fout: plugin-container.exe5

Error: (02/16/2015 01:32:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: AcerPortal.exe, versie: 3.0.4.2002, tijdstempel: 0x54942c87
Naam van module met fout: SHELL32.dll, versie: 6.3.9600.16660, tijdstempel: 0x5351e17b
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0015d83b
Id van proces met fout: 0xf20
Starttijd van toepassing met fout: 0xAcerPortal.exe0
Pad naar toepassing met fout: AcerPortal.exe1
Pad naar module met fout: AcerPortal.exe2
Rapport-id: AcerPortal.exe3
Volledige pakketnaam met fout: AcerPortal.exe4
Relatieve toepassings-id van pakket met fout: AcerPortal.exe5

Error: (02/16/2015 00:35:26 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (02/16/2015 00:20:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: AcerPortal.exe, versie: 3.0.4.2002, tijdstempel: 0x54942c87
Naam van module met fout: SHELL32.dll, versie: 6.3.9600.16660, tijdstempel: 0x5351e17b
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0015d83b
Id van proces met fout: 0x1a40
Starttijd van toepassing met fout: 0xAcerPortal.exe0
Pad naar toepassing met fout: AcerPortal.exe1
Pad naar module met fout: AcerPortal.exe2
Rapport-id: AcerPortal.exe3
Volledige pakketnaam met fout: AcerPortal.exe4
Relatieve toepassings-id van pakket met fout: AcerPortal.exe5

Error: (02/15/2015 05:08:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: plugin-container.exe, versie: 35.0.1.5500, tijdstempel: 0x54c1f9f3
Naam van module met fout: mozalloc.dll, versie: 35.0.1.5500, tijdstempel: 0x54c1f224
Uitzonderingscode: 0x80000003
Foutmarge: 0x00001425
Id van proces met fout: 0x18bc
Starttijd van toepassing met fout: 0xplugin-container.exe0
Pad naar toepassing met fout: plugin-container.exe1
Pad naar module met fout: plugin-container.exe2
Rapport-id: plugin-container.exe3
Volledige pakketnaam met fout: plugin-container.exe4
Relatieve toepassings-id van pakket met fout: plugin-container.exe5

Error: (02/15/2015 04:57:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: AcerPortal.exe, versie: 3.0.4.2002, tijdstempel: 0x54942c87
Naam van module met fout: SHELL32.dll, versie: 6.3.9600.16660, tijdstempel: 0x5351e17b
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0015d83b
Id van proces met fout: 0xef4
Starttijd van toepassing met fout: 0xAcerPortal.exe0
Pad naar toepassing met fout: AcerPortal.exe1
Pad naar module met fout: AcerPortal.exe2
Rapport-id: AcerPortal.exe3
Volledige pakketnaam met fout: AcerPortal.exe4
Relatieve toepassings-id van pakket met fout: AcerPortal.exe5

Error: (02/15/2015 04:41:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: AcerPortal.exe, versie: 3.0.4.2002, tijdstempel: 0x54942c87
Naam van module met fout: SHELL32.dll, versie: 6.3.9600.16660, tijdstempel: 0x5351e17b
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0015d83b
Id van proces met fout: 0x170c
Starttijd van toepassing met fout: 0xAcerPortal.exe0
Pad naar toepassing met fout: AcerPortal.exe1
Pad naar module met fout: AcerPortal.exe2
Rapport-id: AcerPortal.exe3
Volledige pakketnaam met fout: AcerPortal.exe4
Relatieve toepassings-id van pakket met fout: AcerPortal.exe5

Error: (02/15/2015 00:47:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: firefox.exe, versie: 35.0.1.5500, tijdstempel: 0x54c1fdbc
Naam van module met fout: ntdll.dll, versie: 6.3.9600.16502, tijdstempel: 0x52c35a76
Uitzonderingscode: 0xc0000374
Foutmarge: 0x000e2fd8
Id van proces met fout: 0x10d0
Starttijd van toepassing met fout: 0xfirefox.exe0
Pad naar toepassing met fout: firefox.exe1
Pad naar module met fout: firefox.exe2
Rapport-id: firefox.exe3
Volledige pakketnaam met fout: firefox.exe4
Relatieve toepassings-id van pakket met fout: firefox.exe5

Error: (02/14/2015 09:09:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: AcerPortal.exe, versie: 3.0.4.2002, tijdstempel: 0x54942c87
Naam van module met fout: SHELL32.dll, versie: 6.3.9600.16660, tijdstempel: 0x5351e17b
Uitzonderingscode: 0xc0000005
Foutmarge: 0x0015d83b
Id van proces met fout: 0xec0
Starttijd van toepassing met fout: 0xAcerPortal.exe0
Pad naar toepassing met fout: AcerPortal.exe1
Pad naar module met fout: AcerPortal.exe2
Rapport-id: AcerPortal.exe3
Volledige pakketnaam met fout: AcerPortal.exe4
Relatieve toepassings-id van pakket met fout: AcerPortal.exe5

Error: (02/14/2015 08:08:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma wwahost.exe, versie 6.3.9600.16431 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 15b4

Starttijd: 01d04888d0c4afa1

Eindtijd: 4294967295

Toepassingspad: C:\Windows\syswow64\wwahost.exe

Rapport-id: c652b4a0-b47c-11e4-8271-b8ee65357908

Volledige pakketnaam met fout: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

Relatieve toepassings-id van pakket met fout: App

System errors:
=============
Error: (02/16/2015 01:16:53 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: De service Windows Update is niet juist afgesloten na de ontvangst van een besturingselement voor afsluiten.

Error: (02/16/2015 01:15:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x80246007: Windows 8.1 Update voor op x64-computers (KB2919355).

Error: (02/16/2015 01:15:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x80246007: KB2990967: Update voor Windows 8.1 voor x64-systemen.

Error: (02/16/2015 01:13:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Windows Store Service (WSService)-service kan vanwege de volgende fout niet worden gestart:
%%1053

Error: (02/16/2015 01:13:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Windows Store Service (WSService).

Error: (02/15/2015 05:36:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Windows Store Service (WSService)-service kan vanwege de volgende fout niet worden gestart:
%%1053

Error: (02/15/2015 05:36:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Windows Store Service (WSService).

Error: (02/14/2015 09:05:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x80070002: Windows 8.1 Update voor op x64-computers (KB2919355).

Error: (02/14/2015 01:22:41 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{6a67bbff-65b2-4182-bb03-a386c677cfa1}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D6A5F3C9-C6DD-43B5-B730-85195100A498}

Error: (02/14/2015 01:22:39 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{6a67bbff-65b2-4182-bb03-a386c677cfa1}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0285165B-4662-4A70-A591-C300C8D8A392}

Microsoft Office Sessions:
=========================
Error: (02/16/2015 01:59:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142513b401d049e609963e27C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla3435537-b5db-11e4-8273-b8ee65357908

Error: (02/16/2015 01:32:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.166605351e17bc00000050015d83bf2001d049e4a684b242C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dlle566c3d8-b5d7-11e4-8273-b8ee65357908

Error: (02/16/2015 00:35:26 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (02/16/2015 00:20:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.166605351e17bc00000050015d83b1a4001d049daa2a8c2baC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dlle0fc4b7c-b5cd-11e4-8272-b8ee65357908

Error: (02/15/2015 05:08:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142518bc01d049399a69c557C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf2824399-b52c-11e4-8272-b8ee65357908

Error: (02/15/2015 04:57:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.166605351e17bc00000050015d83bef401d049381b25c449C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll58e562da-b52b-11e4-8272-b8ee65357908

Error: (02/15/2015 04:41:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.166605351e17bc00000050015d83b170c01d04935dc34dc97C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll1a6045ec-b529-11e4-8272-b8ee65357908

Error: (02/15/2015 00:47:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe35.0.1.550054c1fdbcntdll.dll6.3.9600.1650252c35a76c0000374000e2fd810d001d048b06f36e571C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\SYSTEM32\ntdll.dllddb9b50f-b4a3-11e4-8272-b8ee65357908

Error: (02/14/2015 09:09:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.166605351e17bc00000050015d83bec001d04892230e2dbfC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll6109673a-b485-11e4-8272-b8ee65357908

Error: (02/14/2015 08:08:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1643115b401d04888d0c4afa14294967295C:\Windows\syswow64\wwahost.exec652b4a0-b47c-11e4-8271-b8ee65357908Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

CodeIntegrity Errors:
===================================
Date: 2015-02-16 13:29:26.658
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2015-02-16 13:14:07.807
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2015-02-16 13:14:07.757
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2015-02-16 12:21:16.101
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2015-02-15 17:36:30.011
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2015-02-15 17:36:29.955
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: AMD A10-6700 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 36%
Total physical RAM: 8140 MB
Available physical RAM: 5153.94 MB
Total Pagefile: 16332 MB
Available Pagefile: 13216.33 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:161.63 GB) (Free:86.18 GB) NTFS
Drive d: (DATA) (Fixed) (Total:455.11 GB) (Free:414.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 12381EB4)

Partition: GPT Partition Type.

==================== End Of Log ============================

dorado · 16 feb 2015

Hallo,

Start

Zoek.exe opnieuw.

Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

Zoek.exe uitvoeren
Wanneer je problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
Dubbelklik vervolgens op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:

Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

Code:

[-HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Ath_CopyHook];r
[-HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\ClearfiCopyHook];r
[HKEY_USERS\S-1-5-21-2949859425-3516228941-3552613829-1001\Software\Microsoft\Windows\CurrentVersion\Run];r
"Pokki"=-;r
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pokki"=-;r
[HKEY_USERS\S-1-5-21-2949859425-3516228941-3552613829-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce];r
"Application Restart #0"=-;r
autoclean;
iedefaults;
chrdefaults;
FFdefaults;
resetIEproxy;
emptyclsid;
emptyalltemp;

Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)
Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

pagigoli · 17 feb 2015

zoek-results.log

Bekijk bijlage zoek-results.txt

Hierbij het gevraagde in bijlage
.

pagigoli · 17 feb 2015

YES !
Effen vlug nagekeken en de problemen lijken mij opgelost....Bedankt duizendmaal ! Knap werk !

Hoe is die virus erin gekomen? Ik weet het niet. Ik had problemen met mijn virusscanner McAFee, en vorige donderdag had ik contact opgenomen met die firma. Via chat en " overname" van mijn pc heeft daar iemand mijn probleem opgelost. Maar: dag nadien, vrijdag was het zover. Die tibsearch virus, en langs alle kanten een bombardement van reclame-banners. McAfee hield die niet tegen, en ook HouseCall, online scanner niet. Ik wist niet wat het allemaal betekende, ik probeerde ook Spybott, en Spyhunter....Ik was radeloos (ik heb al 17 jaar een pc en had nooit problemen met een virus.)
Wat ik nu ook merk: die man van McAfee die me hielp heeft Windows Defender helemaal uit mijn pc gehaald....ik gebruikte die niet, maar ik wil hem terug bij mijn apps, voor je weet nooit....hoe krijg ik die terug?

dorado · 18 feb 2015

Hallo,

Voer als eerste het onderstaande eens uit, dan kunnen we de verschillende services eens controleren.

Download

Farbar Service Scanner naar het bureaublad.

Farbar Service Scanner uitvoeren

Dubbelklik op FSS.exe om de tool te starten.
Vink vervolgende de onderstaande items aan.
- Windows Defender
Klik vervolgens op de knop "Scan".
Er zal u een logbestand aangemaakt worden (FSS.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
Plaats de inhoud hiervan in uw volgende bericht

pagigoli · 18 feb 2015

defender kwijt

Farbar Service Scanner Version: 17-01-2015
Ran by Paul (administrator) on 18-02-2015 at 16:18:45
Running from "C:\Users\Paul\Downloads"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

dorado · 18 feb 2015

Dat Windows Defender nu is uitgeschakeld, is goed hoor. 2 antivirus scanners werken elkaar nl. tegen.

Mocht je Defender weer in willen schakelen, doe je dat als volgt:

Start

Zoek.exe opnieuw.

Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

Antivirussoftware uitschakelen
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

Zoek.exe uitvoeren
Wanneer je problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
Dubbelklik vervolgens op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
Code:
```
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender];r
"DisableAntiSpyware"=0;r
```
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)
Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

pagigoli · 19 feb 2015

zoek-results.log

Ik vind op "zoek.exe" geen " zoek.zip" en dus geen "alles uitpakken.

Bekijk bijlage zoek-results.txt

dorado · 20 feb 2015

Windows Defender weer inschakelen is niet aan te raden.
2 Anti-Virus programma's werken elkaar nl. tegen.
Check ook of je firewall ingeschakeld staat.

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: McAfee Antivirus en antispyware On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)
Anti-Spyware: McAfee Antivirus en antispyware disabled (Outdated)
Firewall: McAfee Firewall disabled

pagigoli · 21 feb 2015

Ik gebruik alleen McAfee, en die toont dat firewall en virusbeveiliging " aan " zijn. Ik wou enkel die Defender terug, niet om onmiddellijk in te stellen, want ik weet dat twee antivirusprogramma's niet kunnen. Maar ik was al aan het denken: wat als mijn mijn abonnement van McAfee in juni vervalt - misschien verleng ik dat niet, en kan ik misschien Defender gebruiken, of natuurlijk Avast of AVG, de gratis programma's....Bedankt voor de moeite die je deed voor mij.

dorado · 21 feb 2015

Indien er geen klachten meer zijn met de pc zou ik concluderen dat deze malware-vrij is.
Je kan onderstaande tool gebruiken om alle gebruikte programma's en logbestanden opnieuw van je computer te verwijderen.

Download

Delfix by Xplode naar het bureaublad, deze zal de gebruikte tools en logbestanden weer verwijderen.

Dubbelklik op Delfix.exe om de tool te starten.
Zet nu vinkjes voor de volgende items:

Remove disinfection tools
Create registry backup
Purge System Restore

Klik nu op "Run" en wacht geduldig tot de tool gereed is.
Wanneer de tool gereed is wordt er een logbestand aangemaakt, echter hoeft u deze niet te plaatsen.

Mochten er nog vragen of onduidelijkheden zijn, vraag gerust!

srpchulp · 24 feb 2015

Kijk uit met Spyhunter. niet te vertrouwen.
Die kan je maar beter verwijderen.

Opgelost cpop.tibsearch.com

pagigoli

Gebruiker

dorado

Moderator

pagigoli

Gebruiker

dorado

Moderator

pagigoli

Gebruiker

pagigoli

Gebruiker

dorado

Moderator

pagigoli

Gebruiker

dorado

Moderator

pagigoli

Gebruiker

dorado

Moderator

pagigoli

Gebruiker

dorado

Moderator

srpchulp

Verenigingslid

Nieuwste berichten

Wij waarderen jouw privacy