Jump to content

Enigma spyhunter problems

Harrie1
 Share

Recommended Posts

Harrie1

Harrie1

Posted
Posted

Hi,

 

Some time ago I accidentally installed Spyhunter from Enigma as it came bundled with some other software. I tried to remove it with the uninstaller, but it seems there is still a part of it left. 

 

When I boot my computer (Windows 8.1), right after the BIOS I get the message "Enigma Software Systems, custom removal in action". When it's finished Windows boots further. 

 

MBam can't seem to find the threat. CC Cleaner can't remove it either. 

 

I tried to get you a log, however, dds.scr and dds.com both tell my they are not required to run in compatibility mode and both quit right after without giving me a log.

 

How do I fix this? 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Harrie1 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites
Harrie1

Harrie1

Posted
  • Author
Posted

Thanks for your reply.

Here is the in the info from OTL.txt:

 

OTL logfile created on: 9-3-2014 17:25:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Harrie_Terhorst\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy
 
3,88 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 55,79% Memory free
4,57 Gb Paging File | 2,74 Gb Available in Paging File | 59,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 92,57 Gb Total Space | 46,06 Gb Free Space | 49,76% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,29 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
 
Computer Name: HARRIE | User Name: Harrie_Terhorst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-03-09 17:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Harrie_Terhorst\Downloads\OTL.exe
PRC - [2014-03-07 13:49:19 | 001,358,848 | ---- | M] (Barnesandnoble.com llc) -- C:\Program Files\WindowsApps\BarnesNoble.Nook_1.8.0.6307_x86__ahnzqzva31enc\NookClient.exe
PRC - [2014-03-02 03:35:27 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-02-17 19:36:52 | 001,770,312 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
PRC - [2014-02-17 19:36:52 | 000,158,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
PRC - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014-01-22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014-01-19 13:34:56 | 000,078,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2014-01-19 13:34:49 | 000,448,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2014-01-03 01:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013-09-24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
PRC - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013-07-16 20:56:36 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-01-05 10:10:03 | 000,208,464 | ---- | M] () -- C:\ProgramData\YogaSmartSwicth\yogaserver.exe
PRC - [2012-07-27 20:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2012-07-19 19:09:42 | 000,708,648 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
PRC - [2012-07-19 19:09:42 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012-07-16 09:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-03-08 17:38:31 | 000,482,304 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud.1553bc1e#\8f840a59c1f25dd08984252630915c00\Nook.Cloud.NativeServices.ni.dll
MOD - [2014-03-08 17:38:29 | 000,241,152 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Notificatioc5a47191#\1186610703e36f98640197deefaf312a\NotificationsExtensions.ni.dll
MOD - [2014-03-08 17:38:27 | 000,513,024 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud\9b380dfa65f768d2d2a662b0348ddd89\Nook.Cloud.ni.dll
MOD - [2014-03-08 17:38:11 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\c2f2c5073965c1d04b9023f65d3fe349\SMDiagnostics.ni.dll
MOD - [2014-03-08 17:38:08 | 000,337,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\f867cb52dc4fcc5ebaa80ffbd2976b3e\Windows.Data.ni.dll
MOD - [2014-03-08 17:38:07 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Globalization\8117ba37bd357ad43611bbc9bdfca567\System.Globalization.ni.dll
MOD - [2014-03-08 17:38:06 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.429e8964#\f2cc82f8999d2aa1c6660c806177ec61\System.Xml.XmlSerializer.ni.dll
MOD - [2014-03-08 17:38:06 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IO\042586835cba6dc3b2850f9f5a9483e7\System.IO.ni.dll
MOD - [2014-03-08 17:38:05 | 000,238,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\d5b9aa521932d0e448fcec4c8a7668ee\Windows.Globalization.ni.dll
MOD - [2014-03-08 17:38:04 | 000,960,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c9f5748b453ed1334d500ba0f8cd893b\Windows.UI.ni.dll
MOD - [2014-03-08 17:38:04 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ObjectModel\ddc4d9d5d71dc5987a0ccc8a3109cf3c\System.ObjectModel.ni.dll
MOD - [2014-03-08 17:38:01 | 000,133,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\a89efd02ed532244af2618bd2258658d\Windows.System.ni.dll
MOD - [2014-03-08 17:38:00 | 000,808,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\ae4e23764df4e166aae70ec4bfa75616\Windows.Storage.ni.dll
MOD - [2014-03-08 17:37:59 | 000,797,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\19a8d1fd6ba18245c4dde13875b6e1d3\Windows.Networking.ni.dll
MOD - [2014-03-08 17:37:57 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Thre7bb2aad0#\377a9fc969cd342e46c970eef309c528\System.Threading.Tasks.ni.dll
MOD - [2014-03-08 17:37:56 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Collections\ed21f43f727dc714483c4dc389adffb4\System.Collections.ni.dll
MOD - [2014-03-08 17:37:54 | 001,131,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\7afc662c6dd9522510958dd7b23baad7\Windows.ApplicationModel.ni.dll
MOD - [2014-03-08 17:37:49 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtbff93e24#\380573a8261d3347ae37503ddc854abf\System.Runtime.InteropServices.WindowsRuntime.ni.dll
MOD - [2014-03-08 17:37:48 | 003,536,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\4946d643ed8c96ecda72bacf7b61430f\Windows.UI.Xaml.ni.dll
MOD - [2014-03-07 13:49:19 | 012,953,600 | ---- | M] () -- C:\Program Files\WindowsApps\BarnesNoble.Nook_1.8.0.6307_x86__ahnzqzva31enc\Nook.Cloud.NativeServices.dll
MOD - [2014-03-02 03:35:20 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
MOD - [2014-03-02 03:35:19 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
MOD - [2014-03-02 03:35:15 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
MOD - [2014-02-16 16:07:45 | 000,228,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\944bf33aded9f0e78c282767583019d9\Windows.Foundation.ni.dll
MOD - [2014-02-16 16:07:45 | 000,018,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime\cb94f731a1ebd6b9877cd110c0c6ed45\System.Runtime.ni.dll
MOD - [2014-02-16 16:02:52 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a7db022b87017cc62542ef85d19c7fb1\CustomMarshalers.ni.dll
MOD - [2014-02-16 16:02:02 | 002,297,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3430f069c93f4233f0dbb775cb73b49b\System.Core.ni.dll
MOD - [2014-02-16 15:59:17 | 005,463,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\672138dc2f47a077f59ef14290a6973e\System.Xml.ni.dll
MOD - [2014-02-16 15:59:13 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a673aacf407b499981342bb709cce917\System.Windows.Forms.ni.dll
MOD - [2014-02-16 15:59:05 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d76ae95d56d39a59f727f5518ac8e396\System.Drawing.ni.dll
MOD - [2014-02-16 15:58:32 | 007,993,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\20af51394609c937507288c2b1cf2c8c\System.ni.dll
MOD - [2014-02-16 15:58:26 | 011,499,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3de119146ed0e59408f896aa69cdfc42\mscorlib.ni.dll
MOD - [2014-02-16 15:58:18 | 007,803,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\fd6afdb3a9309e9af89222b778f5901c\System.Xml.ni.dll
MOD - [2014-02-16 15:57:48 | 000,098,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#\00fd6b9fc7353b024079f65164bdc73f\System.Runtime.WindowsRuntime.UI.Xaml.ni.dll
MOD - [2014-02-16 15:57:47 | 000,573,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#\e209e80a78aee1367c92f1dd884d8f58\System.Runtime.WindowsRuntime.ni.dll
MOD - [2014-02-16 15:57:46 | 002,804,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\b110ef93e43ad2abdfa7b12c99443144\System.Runtime.Serialization.ni.dll
MOD - [2014-02-16 15:57:34 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\9ab0202718d44c5bfe5120745304808a\System.Configuration.ni.dll
MOD - [2014-02-16 15:57:08 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ab8978239d891c4afffd6a6df3996a6e\System.Core.ni.dll
MOD - [2014-02-16 15:57:03 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8455c031f8ffe82a0109c563873260e8\System.ni.dll
MOD - [2014-01-19 13:34:55 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
MOD - [2014-01-19 13:32:53 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2014-01-03 01:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013-12-03 01:37:02 | 017,376,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\ebdd49343f711b2029293f8e621b28a2\mscorlib.ni.dll
MOD - [2013-11-19 16:50:01 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2013-11-19 16:45:13 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013-10-19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013-08-17 01:06:23 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2013-01-05 10:10:03 | 000,208,464 | ---- | M] () -- C:\ProgramData\YogaSmartSwicth\yogaserver.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-02-06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013-11-27 16:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013-11-27 10:17:40 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013-11-23 05:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-11-08 04:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013-10-31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013-10-22 02:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013-10-07 11:43:16 | 009,281,840 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2013-10-04 09:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013-09-30 05:03:28 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-09-30 05:03:28 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013-09-30 05:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013-08-22 13:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013-08-22 13:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-08-22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013-08-22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 11:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013-08-22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 10:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013-08-22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 10:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013-08-22 10:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013-08-22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013-07-16 20:56:36 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe -- (Lenovo System Agent Service)
SRV:64bit: - [2012-07-30 12:27:06 | 000,036,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)
SRV:64bit: - [2012-07-30 12:27:00 | 000,030,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV:64bit: - [2012-07-30 12:26:58 | 000,029,056 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV:64bit: - [2012-06-08 10:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Stopped] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2012-04-20 23:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011-12-01 09:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2014-02-17 19:36:52 | 001,770,312 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-12-21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-12-18 09:38:40 | 002,102,072 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013-10-03 22:43:02 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-10-01 04:45:10 | 000,481,304 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2013-09-30 05:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013-09-24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013-09-12 08:16:54 | 000,489,616 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2013-09-08 15:22:40 | 000,079,000 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2013-08-22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-01-05 10:10:03 | 000,027,216 | ---- | M] (Lenovo) [Auto | Running] -- C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe -- (ymc)
SRV - [2012-09-01 01:26:58 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe -- (BTDevManager)
SRV - [2012-07-19 19:09:42 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012-07-17 10:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 10:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-07-17 10:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-07-16 09:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012-07-13 10:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011-08-18 01:29:52 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2011-05-24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011-04-26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-02-14 20:52:18 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013-11-25 21:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013-11-25 21:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013-11-25 21:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013-11-11 03:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013-11-09 12:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-11-01 12:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-10-31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013-10-31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013-10-31 01:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013-10-26 02:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013-10-21 22:28:28 | 000,252,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2013-10-13 03:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013-10-05 16:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013-10-03 22:42:44 | 004,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-10-01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013-09-30 05:03:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-09-30 05:03:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-09-30 05:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013-09-30 04:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013-09-30 04:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013-09-30 04:51:01 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2013-09-26 10:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013-09-26 10:08:22 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013-09-26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013-09-10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013-09-04 15:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013-08-22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 13:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013-08-22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 13:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013-08-22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 13:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013-08-22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 13:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013-08-22 13:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013-08-22 13:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013-08-22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 13:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-08-22 13:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013-08-22 13:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-08-22 12:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013-08-22 12:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013-08-22 12:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2013-08-22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 12:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013-08-22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 12:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013-08-22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 12:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013-08-22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 12:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013-08-22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 11:27:46 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2013-08-22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-13 00:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-07-31 19:25:45 | 001,975,000 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTWlanU.sys -- (RtlWlanu)
DRV:64bit: - [2013-07-30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-07-04 10:22:20 | 000,066,560 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88179_178a.sys -- (AX88179)
DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-01-05 10:11:08 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013-01-05 10:11:08 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2013-01-05 10:10:03 | 000,017,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\leymc.sys -- (leymc)
DRV:64bit: - [2012-11-24 06:42:18 | 000,461,624 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012-11-06 14:04:20 | 000,036,864 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012-09-03 06:26:02 | 001,609,376 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012-09-01 11:22:22 | 000,696,464 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtkBtfilter.sys -- (RtkBtFilter)
DRV:64bit: - [2012-08-25 03:10:12 | 000,981,112 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2012-07-20 10:09:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012-07-13 09:50:40 | 000,361,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2012-07-13 09:50:34 | 000,096,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2012-07-13 09:50:32 | 000,228,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2012-07-02 08:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-06-19 00:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-06-15 06:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012-06-14 02:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2005-09-23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2013-12-16 14:34:30 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{721DC94E-F4CD-42AB-BA0D-466FF61E92A1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{721DC94E-F4CD-42AB-BA0D-466FF61E92A1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\..\SearchScopes,DefaultScope = {564FF2E6-9F50-40FC-8C03-7E2902043B50}
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\..\SearchScopes\{54B0371E-C2AA-4A32-AB9A-8D4F30141D79}: "URL" = http://www.search.ask.com/web?p2=%5EB7N%5EYYYYYY%5EYY%5ENL&gct=&itbv=12.3.0.861&o=APN11293&tpid=CME-V7&apn_uid=C9FFB6B8-57FF-4FF4-91CF-21CB6EAAB58E&apn_ptnrs=%5EB7N&apn_dtid=%5EYYYYYY%5EYY%5ENL&apn_dbr=iexplore.exe_6_10.0.9200.16660&doi=2013-08-29&trgb=IE&q={searchTerms}&psv=barid%253D%257BE5EAD6D7%252D10D7%252D11E3%252DBEA4%252DC0219796983E%257D%2526cargo%253DCME%252DV7%2526spr%253Da
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\..\SearchScopes\{564FF2E6-9F50-40FC-8C03-7E2902043B50}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Harrie_Terhorst\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
 
[2014-02-14 20:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harrie_Terhorst\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013-06-30 09:44:04 | 000,242,624 | ---- | M] () (No name found) -- C:\Users\Harrie_Terhorst\AppData\Roaming\mozilla\firefox\profiles\extensions\fhdp3@freehdsp.tv.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.nl/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Documenten = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Google Zoeken = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail Checker = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: AVG Nation Toolbar = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.0.49_0\
CHR - Extension: Google Wallet = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Chrome to Phone = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: MyHarmony Chrome Plugin = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf\1.2.0.0_0\
CHR - Extension: Gmail = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013-08-22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [btServer] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe (Realtek Semiconductor Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe ()
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo Transition] C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [synLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4:64bit: - HKLM..\Run: [yogaserver] C:\ProgramData\YogaSmartSwicth\yogaserver.exe ()
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332STI.EXE (Vimicro)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Nation toolbar\vprot.exe ()
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Afbeelding verzenden naar Bluetooth-apparaat - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Pagina verzenden naar Bluetooth-apparaat - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm ()
O8 - Extra context menu item: Afbeelding verzenden naar Bluetooth-apparaat - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Pagina verzenden naar Bluetooth-apparaat - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{056A7E73-B38D-4DA3-AB17-FAE68F3E6275}: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A82160DD-72B9-46E5-94A3-2BFBB0A78AA1}: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C288C22B-BA5F-45FE-AC89-195C662F340D}: DhcpNameServer = 62.179.104.196 213.46.228.196
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\lenovo transition.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\motioncontrol.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\pmbbrowser.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\pmbinit.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\lenovo transition.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\motioncontrol.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\pmbbrowser.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\pmbinit.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-08-18 22:39:09 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8711b680-31db-11e3-bead-80f9d4e77867}\Shell - "" = AutoRun
O33 - MountPoints2\{8711b680-31db-11e3-bead-80f9d4e77867}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe" 
O33 - MountPoints2\{b3e6f6bd-4405-11e3-beb4-000ec6817901}\Shell - "" = AutoRun
O33 - MountPoints2\{b3e6f6bd-4405-11e3-beb4-000ec6817901}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sh4native Sh4Removal)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-03-08 19:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014-03-01 15:50:47 | 000,040,248 | ---- | C] (AVG) -- C:\WINDOWS\SysNative\TURegOpt.exe
[2014-03-01 15:50:47 | 000,029,496 | ---- | C] (AVG) -- C:\WINDOWS\SysNative\authuitu.dll
[2014-03-01 15:50:47 | 000,025,400 | ---- | C] (AVG) -- C:\WINDOWS\SysWow64\authuitu.dll
[2014-03-01 15:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
[2014-02-14 20:52:29 | 000,000,000 | ---D | C] -- C:\Users\Harrie_Terhorst\AppData\Local\AVG Nation toolbar
[2014-02-14 20:52:24 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\WINDOWS\SysNative\drivers\avgtpx64.sys
[2014-02-14 20:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Nation toolbar
[2014-02-14 20:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2014-02-14 20:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Nation toolbar
[2014-02-14 20:17:44 | 000,000,000 | ---D | C] -- C:\Users\Harrie_Terhorst\AppData\Roaming\AVG
[2014-02-14 20:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014-02-14 20:17:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014-02-14 20:08:59 | 000,000,000 | ---D | C] -- C:\Users\Harrie_Terhorst\AppData\Roaming\AVG2014
[2014-02-14 20:08:35 | 000,000,000 | ---D | C] -- C:\Users\Harrie_Terhorst\AppData\Roaming\TuneUp Software
[2014-02-14 20:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014-02-14 20:08:11 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014-02-14 20:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014-02-14 20:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014-02-14 20:05:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014-02-14 20:05:50 | 000,000,000 | ---D | C] -- C:\Users\Harrie_Terhorst\AppData\Local\MFAData
[2014-02-14 20:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014-02-14 20:05:50 | 000,000,000 | ---D | C] -- C:\Users\Harrie_Terhorst\AppData\Local\Avg2014
[2014-02-11 20:39:41 | 000,000,000 | ---D | C] -- C:\Users\Harrie_Terhorst\AppData\Roaming\42800797
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014-03-09 17:27:39 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-03-09 17:26:43 | 001,823,174 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-03-09 17:26:43 | 000,812,244 | ---- | M] () -- C:\WINDOWS\SysNative\perfh013.dat
[2014-03-09 17:26:43 | 000,728,134 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-03-09 17:26:43 | 000,164,488 | ---- | M] () -- C:\WINDOWS\SysNative\perfc013.dat
[2014-03-09 17:26:43 | 000,137,954 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-03-09 17:23:10 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-03-09 17:22:26 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-03-09 17:21:09 | 3334,696,960 | -HS- | M] () -- C:\hiberfil.sys
[2014-03-09 17:21:09 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2014-03-08 22:21:02 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001UA.job
[2014-03-08 20:08:18 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001Core.job
[2014-03-08 19:38:20 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-03-02 19:42:04 | 000,000,000 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Local\RegisteredPackageInformation.xml
[2014-03-01 16:09:23 | 000,001,438 | ---- | M] () -- C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk
[2014-03-01 15:50:46 | 000,002,244 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-klik Onderhoud.lnk
[2014-03-01 15:50:46 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2014-02-23 12:39:47 | 000,001,140 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk
[2014-02-18 21:18:49 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2014-02-17 19:36:36 | 000,661,056 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014-02-14 20:52:18 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\WINDOWS\SysNative\drivers\avgtpx64.sys
[2014-02-14 20:08:35 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014-03-08 19:38:20 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-03-01 16:09:23 | 000,001,438 | ---- | C] () -- C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk
[2014-03-01 15:50:46 | 000,002,244 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-klik Onderhoud.lnk
[2014-03-01 15:50:46 | 000,002,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2014-03-01 15:50:46 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2014-02-17 20:05:22 | 3334,696,960 | -HS- | C] () -- C:\hiberfil.sys
[2014-02-16 15:03:47 | 000,385,614 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014-02-14 20:08:35 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-02-12 14:07:55 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-results.searchconnector-ms
[2014-02-12 14:07:55 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-results.searchconnector-ms
[2014-01-22 20:25:51 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013-12-23 18:15:36 | 000,003,584 | ---- | C] () -- C:\Users\Harrie_Terhorst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-11-04 21:54:09 | 000,003,349 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat.temp
[2013-10-18 15:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\dlumd9.dll
[2013-10-18 15:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\dlumd11.dll
[2013-10-18 15:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\dlumd10.dll
[2013-10-03 22:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013-10-03 22:42:40 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013-10-03 22:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013-08-22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013-08-19 13:27:56 | 000,000,000 | ---- | C] () -- C:\Users\Harrie_Terhorst\AppData\Local\RegisteredPackageInformation.xml
[2013-04-04 18:50:06 | 000,000,600 | ---- | C] () -- C:\Users\Harrie_Terhorst\AppData\Local\PUTTY.RND
[2013-03-17 13:01:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\SysWow64\srvany.exe
[2013-02-16 17:44:24 | 000,236,675 | ---- | C] () -- C:\WINDOWS\hpwins05.dat
[2013-02-16 17:44:24 | 000,003,349 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat
[2013-02-03 07:03:04 | 000,016,435 | ---- | C] () -- C:\Users\Harrie_Terhorst\AppData\Roaming\AbsoluteReminder.xml
[2013-01-05 10:04:25 | 000,451,072 | ---- | C] () -- C:\WINDOWS\SysWow64\ISSRemoveSP.exe
[2013-01-05 10:04:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\runSW.exe
[2013-01-05 10:04:13 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013-01-05 10:01:58 | 000,001,915 | ---- | C] () -- C:\WINDOWS\vm332Rmv.ini
[2013-01-05 10:01:58 | 000,001,915 | ---- | C] () -- C:\WINDOWS\SysWow64\vm332Rmv.ini
[2012-07-25 21:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012-07-25 21:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2012-04-20 22:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013-12-23 17:43:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-11-23 12:49:06 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-11-23 09:19:35 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013-11-18 21:59:38 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\.ACEStream
[2014-02-14 20:29:42 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\42800797
[2013-11-18 21:59:38 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\ACEStream
[2013-10-18 15:53:44 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Actual Tools
[2014-02-14 20:17:44 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\AVG
[2014-02-14 20:08:59 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\AVG2014
[2014-03-02 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Belastingdienst
[2014-03-09 17:22:24 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox
[2013-02-20 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\IDM
[2013-05-10 14:14:57 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Leadertech
[2013-04-29 10:14:20 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\MAGIX
[2014-02-18 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\MediaMonkey
[2013-02-16 17:28:10 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Nitro PDF
[2013-02-16 14:06:52 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Spotnet
[2014-02-14 20:08:35 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Harrie_Terhorst\SkyDrive:ms-properties
 
< End of report >
 
 
 
Link to post
Share on other sites
Harrie1

Harrie1

Posted
  • Author
Posted

Hello, here is the info from the file Extras.txt

 

OTL Extras logfile created on: 9-3-2014 17:25:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Harrie_Terhorst\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy
 
3,88 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 55,79% Memory free
4,57 Gb Paging File | 2,74 Gb Available in Paging File | 59,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 92,57 Gb Total Space | 46,06 Gb Free Space | 49,76% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,29 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
 
Computer Name: HARRIE | User Name: Harrie_Terhorst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14393207-60E8-4579-9BA3-4B3B93A1E5FC}" = lport=62910 | protocol=6 | dir=out | name=java max 62910 | 
"{16B53B57-3852-492A-957F-89A57DB827F4}" = lport=62910 | protocol=6 | dir=out | name=java max 62910 | 
"{1B57D4D2-BDA8-4C0C-B74E-2C8132376457}" = lport=62910 | protocol=6 | dir=in | name=java max 62910 | 
"{1C88E7FD-1B1F-442B-8BC0-15D5485C5A2E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{208CA954-FAF1-4354-AAEE-48798894E1F7}" = lport=62910 | protocol=6 | dir=out | name=java max 62910 | 
"{22E67994-C517-442E-B0D9-9BE2DC1F9AB0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{28E9B38E-24F6-4020-9D1B-C409A4409306}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{2B2DF26E-FD88-45E7-9A8A-B85469E879EB}" = lport=23272 | protocol=17 | dir=in | name=java max 23272 | 
"{2E0F0012-E129-44C2-8DC3-B089CDB4DACC}" = lport=23272 | protocol=17 | dir=in | name=java max 23272 | 
"{3FCD5E0E-9977-4F77-9678-5F4CF63F74DB}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe | 
"{45C401AC-7B8D-4EBE-9574-5DEB5D1F8A9C}" = lport=62910 | protocol=6 | dir=out | name=java max 62910 | 
"{50135D88-010C-4356-94F1-5615E6860B3C}" = lport=23272 | protocol=17 | dir=out | name=java max 23272 | 
"{50879C88-B656-4923-A650-0B60D8170C2B}" = lport=23272 | protocol=17 | dir=out | name=java max 23272 | 
"{8095F460-99D5-4CCA-BFC7-36FE9E11B3BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{92DC108E-34A4-4758-BB73-2C23CB7353BC}" = lport=23272 | protocol=17 | dir=in | name=java max 23272 | 
"{99D8059E-7514-468C-88AA-38F79080F165}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B14D3DF5-009D-4D6F-8F48-A68026A3E96B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B441F041-5D27-475C-92E8-436E219C9AB8}" = lport=62910 | protocol=6 | dir=in | name=java max 62910 | 
"{C5436ABB-6D9D-42EF-808D-9C736E7E5F9A}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe | 
"{C694975B-D0C4-40D3-A20C-F51E1330C352}" = lport=23272 | protocol=17 | dir=out | name=java max 23272 | 
"{C9EE1782-59B5-46F7-941B-62CAC1A1234E}" = lport=23272 | protocol=17 | dir=out | name=java max 23272 | 
"{D2DA54CD-EE19-4BED-9E0F-388135F57F06}" = lport=62910 | protocol=6 | dir=in | name=java max 62910 | 
"{D4333243-47C5-4D16-8226-9E41A81D96AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC899D63-3CA5-4AA6-9687-8786F382CE3B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DD44E6A0-1A43-4183-AC52-C23D0385F0BE}" = lport=62910 | protocol=6 | dir=in | name=java max 62910 | 
"{EB329AC4-CD7D-4D07-B45C-672022DD1A4E}" = lport=23272 | protocol=17 | dir=in | name=java max 23272 | 
"{ED30C3BB-1044-4311-8B29-6CA27C8F6DC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F5779C10-EE54-45B3-A02F-992E80994AAD}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\sony\playmemories home\pmbbrowser.exe | 
"{F6AF35DC-3962-431E-BE6C-FDC44226C548}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FAEB6912-049B-4B72-B22A-BA04448570F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01534924-6F57-4BF7-9319-59A20F8AB2F4}" = dir=out | name=trackseries | 
"{0510A9DF-8988-4E8E-98E9-515F8A668FC4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{09FE6D66-7EC6-42F8-AB5E-BF3FEB3B0A8B}" = dir=out | name=f5 vpn | 
"{0A00A1CC-EE2F-4725-91E4-1B36B95FF826}" = dir=out | name=lenovo companion | 
"{0A678835-6528-48BF-B7C7-53EE0B940B1C}" = dir=in | name=juniper networks junos pulse | 
"{0EB1F8B1-ACFD-487C-BD9E-5B9185C44A6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{e6a512d4-e5fb-4d42-8e83-d87f3a760802}\setup\hpznui40.exe | 
"{15B1C159-AA72-4413-878E-DD5885023279}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{166A6D7D-8050-4168-A5A6-375D6D23283E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1697739A-DD46-4E27-BCC1-C658FE5C0222}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{18671729-A299-4C1D-B605-B006D596F6B7}" = dir=out | name=netflix | 
"{1876BACD-9C97-4A40-8F20-98A85D93B8CC}" = dir=out | name=woordenboek nl | 
"{19355F58-44A8-4CA6-AEE8-0FECFC933BA8}" = dir=out | name=vitesse nieuws | 
"{1A45AECB-4E9C-4D7E-9029-9D4C36C011F0}" = dir=in | name=wd | 
"{1BD99066-38E5-48A3-AEBD-277F83908EC4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{23EAC28A-97F4-430E-802F-318B51EFF6D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{242EF4F8-C223-46B0-ACD4-E624FB79CC12}" = dir=out | name=dropbox | 
"{2785389F-EE4F-44FF-88D8-29740CA5C52E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{2AF57265-3243-4C4B-BFB9-0C60D73F04C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{2C02CC01-FCD1-4109-B2AF-3B5742F87201}" = dir=out | name=nu.nl | 
"{2F214D27-A02E-4A58-8471-34C08D62806E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3386DB24-6F52-413C-A59E-D7332DA88937}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe | 
"{35433AE7-8854-4817-B7C0-9969768953F2}" = dir=out | name=accuweather for windows 8 | 
"{35514EA6-8AF8-4C49-9D7E-CAC554BEE0AE}" = dir=out | name=windows_ie_ac_001 | 
"{35A86677-4428-4B47-85E0-43AAC621CAA0}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{3B183F7C-9E20-4394-A6B2-1D17BC515EF3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{3BD9F312-5C25-4107-B488-8AF633483E55}" = dir=out | name=sonicwall mobile connect | 
"{3CB5E1BD-E02C-4E9D-8029-03CE030F03F6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{3CE5EB4C-EFE9-4735-83C7-D2DF399F157E}" = dir=in | name=microsoft minesweeper | 
"{3DF09878-2DD1-4EDF-BE03-FABDCCF69082}" = dir=in | name=skype | 
"{3F0439C6-1340-43F7-ADDB-F88A33E79103}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4562E218-C2D2-478A-8DD7-66DEA97AB4AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{499FBC7E-B6C1-490D-BB44-312725C95036}" = dir=out | name=juniper networks junos pulse | 
"{4B1A5E99-4EC4-4C23-9641-8269F6C932E3}" = protocol=17 | dir=in | app=c:\users\harrie_terhorst\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4B740B1A-F711-433E-8828-221CD1A4298A}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe | 
"{52C41EB0-ED71-4220-8EAF-DACC9E065B17}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\playmemories home\pmbbrowser.exe | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{5F5CA56A-AE5A-48DE-BB2E-2221B36D512A}" = dir=out | name=facebook | 
"{63DC5ECE-95E5-43E2-BD37-EA4822ACC2A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{66A10EFB-583C-402A-80F2-ADFA20C89617}" = dir=out | name=skype | 
"{6A4D9E67-7FF0-4BCC-88AD-8AE8B876756D}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe | 
"{6AC80DDA-BF82-40E7-AF27-20561A76BF3C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{6DB0F062-5043-4653-A783-0950B24367A6}" = dir=out | name=check point vpn | 
"{6E46DD8A-08B4-41A0-84DE-E87C0647421A}" = dir=out | name=canon inkjet print utility | 
"{6F12944D-4CAC-45A9-A7B2-D29217FF3BDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7025CA56-6865-4D13-A9EC-6235C8902D80}" = dir=out | name=fokke & sukke | 
"{733F857C-6404-4289-B5AC-73C53F55E05A}" = dir=out | name=lenovo support | 
"{7BED7EE1-D31D-4131-8E37-6052EFDB0E71}" = dir=out | name=tvgids.nl | 
"{7E705AEA-8198-452E-A008-18BF9E7DD149}" = dir=out | name=nos | 
"{7F09FBB6-8229-4C1E-82D4-A2D19997AED5}" = dir=out | name=kindle | 
"{804DD113-2D9A-4C06-A4D5-3BA1559FE8C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{80F7D88E-BF37-48B2-B60E-930ADAC68C90}" = dir=out | name=windows_ie_ac_001 | 
"{8AA165B0-5470-4C99-B342-0BC9FA10DE94}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{911F8149-1AF5-4B82-A8D6-7FE143B39E73}" = dir=in | name=sonicwall mobile connect | 
"{9E2D6265-ECFF-4CE5-9870-79DE139E51E1}" = dir=in | name=f5 vpn | 
"{A27D8349-5EFF-47F9-B50D-067238904071}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{A4045EF1-EEBD-4801-9FF9-EBBB9E713F0C}" = dir=out | name=rara music | 
"{A7136434-F7E0-4D68-804D-25B501954A2E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{A87DA9C9-CFDA-4CB1-A8C9-9F9594DE6C6B}" = dir=in | app=c:\users\harrie_terhorst\appdata\local\microsoft\skydrive\skydrive.exe | 
"{AB397E52-9729-4BE9-A9FE-B4893C01BB2C}" = dir=out | name=mahjong deluxe free | 
"{B29BB78A-C8D0-4818-90D6-E4E33688C464}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{B830EC4D-60B4-4094-B23D-566FA706D2AD}" = protocol=6 | dir=in | app=c:\users\harrie_terhorst\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C0C980B2-8B29-4B82-971A-72A6797723C7}" = dir=out | name=microsoft solitaire collection | 
"{C2A4BB40-1396-4C36-97BF-7343FA13EBE8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{C60410DC-84B9-4468-97C6-CC1533D9DC9E}" = protocol=6 | dir=out | app=system | 
"{C71003CA-DDB5-40E1-A517-A25A6593142B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C71EFC99-0ECB-4EBB-A851-5E9A0DF9707B}" = dir=in | name=rara music | 
"{C7BEC2F7-65AC-4694-9A46-C7F98C40E0C3}" = dir=out | name=teletekst | 
"{C9513BE1-93B3-4F6F-AA0E-E76D9D325F8D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{CA5DD065-ED71-453F-85E8-91C6A70D3FB8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{CF2475A5-868B-43C1-83AF-0F382FF16544}" = dir=out | name=youp | 
"{D4A64DD4-4E67-4882-AE3D-5F4976195B19}" = dir=in | name=check point vpn | 
"{D50EB254-264C-46AB-B700-3E6C251B139C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{D52B760E-DE0F-47D1-9FBB-36ABE2E1D0F6}" = dir=out | name=tweakers.net | 
"{D5B74603-8BB0-4590-8C80-4616F337FB0D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D73E926A-BE01-4098-8479-7A10E74E386C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{D8D517A9-31E8-444B-B61E-E1F3ED9CCEB5}" = dir=out | name=twitter | 
"{DA3A27D3-4AB0-43B7-B80D-9A17945BF787}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DFC1ACC6-94D7-41F8-B893-E0401A7AEDC0}" = dir=in | name=microsoft solitaire collection | 
"{E079BBB4-A519-4E06-A3FC-493B3D1B8E1B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe | 
"{E2B3180D-2D88-4671-AFD3-47FFA3656C26}" = dir=out | name=wd | 
"{E392CA80-F416-461B-8F24-10CDC02F8AC4}" = dir=out | name=hydro thunder hurricane | 
"{E4AB7556-F0EB-44AC-8144-8C8F2A4564E2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{E6C28B28-95EF-4122-878A-5F6350FB753E}" = dir=out | name=feyenoordnieuws | 
"{EA5DF2DF-D146-4F83-95E7-8D2CA70A4FD7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{ED920BBD-4AAB-4BB0-AE47-08BAEA30E8AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{EEABE2F2-189B-4958-96C9-6359BE369D80}" = dir=out | name=microsoft minesweeper | 
"{F49C1F0D-B831-4950-AB42-0D719FFDF8FD}" = dir=out | name=google search | 
"{F49FEE79-60A3-49C1-9B8A-E3A6DB3B0C66}" = dir=out | name=fiction book reader lite | 
"{F4B9F7F9-840E-499B-8732-F053B94A4A82}" = dir=in | name=canon inkjet print utility | 
"{F4E1156E-277E-43A2-8BFC-1A10987110EB}" = dir=out | name=sudoku free | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F72953E0-369A-4933-AC57-688BE8A31C18}" = dir=out | name=rtl xl | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F7AE7E44-30E8-43CC-971B-D4C6CC1E4760}" = dir=out | name=npo uitzending gemist | 
"{FA38778A-0967-477C-BA1D-CCB58A6FFC54}" = dir=out | name=windows_ie_ac_001 | 
"{FF724A18-B382-4592-ABAA-B06CB9A7485F}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe | 
"{FFE0DE1E-CA9D-42B5-9C64-8683138BA400}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"TCP Query User{19AAABF1-B59C-4C4C-B8B7-660B92670E9C}C:\program files (x86)\sabnzbd\sabnzbd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sabnzbd\sabnzbd.exe | 
"TCP Query User{2B03FCD3-893E-4DD9-85D4-5837D2DAB38C}C:\users\harrie_terhorst\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\harrie_terhorst\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{6C64C68E-BF16-4D96-AB57-5569902BF804}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | 
"TCP Query User{852E76A5-6DE4-4F13-A2E6-C52D29686C27}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{A0C974B4-E49B-4E24-98B9-6EF2B5ED3A60}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{A40C202F-2161-46A2-B408-680D41937575}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{CDC43676-2825-4F54-8BE4-FB6298DC44D7}C:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sonos\sonos.exe | 
"TCP Query User{DAAC4B54-EDE3-4CE2-874F-950EDD1B9038}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{403329F9-A604-4154-B2DA-D28D1A0358A0}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{68CDE30C-14B8-425E-B261-A0317AA6CAA9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{9C3B9586-E583-4FC7-9D0D-A17C775159B3}C:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sonos\sonos.exe | 
"UDP Query User{AC0C93BF-B0D5-494A-9444-4B70A34CAFBE}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{BD9A0710-8C56-4855-8803-A11DE8168ACE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{C96D5E47-3385-44F9-AAD1-1950D6DD6BEC}C:\program files (x86)\sabnzbd\sabnzbd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sabnzbd\sabnzbd.exe | 
"UDP Query User{EF4AB29D-4027-4D38-9A3D-3528EA9CEA01}C:\users\harrie_terhorst\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\harrie_terhorst\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{F130CE5C-A748-4EE1-AF76-66EAF9B04BCF}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{20E0665F-E4EE-4E2A-8E86-EFC65129FE41}" = MergeModule_x64
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57EA1945-DF48-4F44-8599-C273C5E23F35}" = DisplayLink Core Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle videodriver
"{78932FC4-1215-4A11-BC25-7F1B846474D3}" = Update for Microsoft en-us Dictionary
"{7C4C5901-A58F-4018-A93B-01C93EF8D3F3}" = AVG 2014
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{A5C6F9B8-8277-4C1A-8E83-EFADA80A79CF}" = DisplayLink Graphics
"{B5CF4CFE-3080-4436-A8A5-00CFDC0F7918}" = MAGIX Video deluxe Premium 2013 Update
"{DE8DF526-74E8-4ED3-880B-B6049D2E00AC}" = SOHLib for PlayMemories Home
"{DFB2D93E-DEAE-4DF5-8863-CE2AB8F0B6AB}" = AVG 2014
"{E6A512D4-E5FB-4D42-8E83-D87F3A760802}" = HP OfficeJet L7300/L7500/7600/7700
"{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42" = Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)
"8A223E56FB1ED4F697B54E5BF96F1EB63B512684" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)
"AVG" = AVG 2014
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Lenovo Transition" = Lenovo Transition
"Motion Control" = Motion Control
"O365HomePremRetail - nl-nl" = Microsoft Office 365 voor Thuisgebruik Premium - nl-nl
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" = AVG PC TuneUp 2014
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B7885B0-27A9-11E0-91FA-0800200C9A66}" = Max Local Application
"{2E9E5756-B244-4096-94E3-BFCB961B75F2}" = ProductContext
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{555E1FDF-9BF4-4943-BF75-C7DE98F7CF8A}" = AVG PC TuneUp 2014 (nl-NL)
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5D47D0E9-1DD3-4A11-8AE1-D41566BFFD10}" = L7600
"{5FC13A4C-BC27-4414-A2E4-9E2277AA88AE}" = PlayMemories Home
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software (x86)
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0413-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Nederlands
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B20316C8-F453-46E1-9BBD-607D584400EA}" = Spotnet
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B6322D12-A133-4128-8306-DAFFF7231152}" = REALTEK Wireless LAN and Bluetooth Driver
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FACA2377-913E-4BF4-BC7B-6DEF40614218}" = BPDSoftware
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology
"Aangifte inkomstenbelasting 2012" = Aangifte inkomstenbelasting 2012
"Aangifte inkomstenbelasting 2013" = Aangifte inkomstenbelasting 2013
"Actual Multiple Monitors_is1" = Actual Multiple Monitors 8.0.1
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AVG Nation toolbar" = AVG Nation toolbar
"AVG PC TuneUp" = AVG PC TuneUp 2014
"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel® Dynamic Platform and Thermal Framework
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Lenovo Dependency Package_is1" = Lenovo Dependency Package
"Lightspark" = Lightspark 0.5.3-git
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"MAGIX_{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"MAGIX_{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.75.0.1300
"MediaMonkey_is1" = MediaMonkey 4.1
"optimizer_chrome" = Widevine Media Optimizer Chrome 6.0.0
"QuickPar" = QuickPar 0.9
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"SABnzbd" = SABnzbd 0.7.11
"SopCast" = SopCast 3.8.2
"Spotnet 1.8.1.1" = Spotnet
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.1.1
"WD Link" = WD Link
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"optimizer_chrome" = Widevine Media Optimizer Chrome 6.0.0
"optimizer_ie" = Widevine Media Optimizer IE 6.0.0
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20-10-2013 11:14:08 | Computer Name = Harrie | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Het activeren van de app DefaultBrowser_NOPUBLISHERID!Chrome is mislukt
 door de fout -2144927148. Kijk in het logboek Microsoft-Windows-TWinUI/Operational
 voor aanvullende informatie.
 
Error - 20-10-2013 11:16:20 | Computer Name = Harrie | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 21-10-2013 14:29:44 | Computer Name = Harrie | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
Error - 21-10-2013 14:29:44 | Computer Name = Harrie | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
Error - 21-10-2013 14:29:47 | Computer Name = Harrie | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Het activeren van de app DefaultBrowser_NOPUBLISHERID!Chrome is mislukt
 door de fout -2144927148. Kijk in het logboek Microsoft-Windows-TWinUI/Operational
 voor aanvullende informatie.
 
Error - 21-10-2013 14:42:29 | Computer Name = Harrie | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Het activeren van de app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1
 is mislukt door de fout -2147023174. Kijk in het logboek Microsoft-Windows-TWinUI/Operational
 voor aanvullende informatie.
 
Error - 21-10-2013 15:59:24 | Computer Name = Harrie | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 21-10-2013 15:59:35 | Computer Name = Harrie | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Het activeren van de app DefaultBrowser_NOPUBLISHERID!Chrome is mislukt
 door de fout -2144927148. Kijk in het logboek Microsoft-Windows-TWinUI/Operational
 voor aanvullende informatie.
 
Error - 21-10-2013 15:59:44 | Computer Name = Harrie | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
Error - 21-10-2013 15:59:44 | Computer Name = Harrie | Source = DptfPolicyLpmServiceHelper | ID = 131073
Description = 
 
[ System Events ]
Error - 2-3-2014 15:03:12 | Computer Name = Harrie | Source = Service Control Manager | ID = 7034
Description = De Conexant Audio Message Service-service is onverwacht beëindigd.
 Dit is nu 1 keer gebeurd.
 
Error - 2-3-2014 15:06:58 | Computer Name = Harrie | Source = Service Control Manager | ID = 7034
Description = De Conexant Audio Message Service-service is onverwacht beëindigd.
 Dit is nu 1 keer gebeurd.
 
Error - 2-3-2014 16:13:57 | Computer Name = Harrie | Source = Service Control Manager | ID = 7034
Description = De Conexant Audio Message Service-service is onverwacht beëindigd.
 Dit is nu 1 keer gebeurd.
 
Error - 2-3-2014 16:37:45 | Computer Name = Harrie | Source = Service Control Manager | ID = 7034
Description = De Conexant Audio Message Service-service is onverwacht beëindigd.
 Dit is nu 1 keer gebeurd.
 
Error - 2-3-2014 17:01:07 | Computer Name = Harrie | Source = Service Control Manager | ID = 7034
Description = De Conexant Audio Message Service-service is onverwacht beëindigd.
 Dit is nu 1 keer gebeurd.
 
Error - 2-3-2014 17:13:53 | Computer Name = Harrie | Source = Service Control Manager | ID = 7034
Description = De Conexant Audio Message Service-service is onverwacht beëindigd.
 Dit is nu 1 keer gebeurd.
 
Error - 2-3-2014 17:27:50 | Computer Name = Harrie | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installatiefout: de volgende update kan niet worden geïnstalleerd,
 foutcode 0x80246007: Windows Malicious Software Removal Tool for Windows 8, 8.1
 and Windows Server 2012, 2012 R2 x64 Edition - February 2014 (KB890830).
 
Error - 2-3-2014 17:37:55 | Computer Name = Harrie | Source = DCOM | ID = 10016
Description = 
 
Error - 2-3-2014 17:37:55 | Computer Name = Harrie | Source = DCOM | ID = 10016
Description = 
 
Error - 2-3-2014 17:37:55 | Computer Name = Harrie | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please uninstall the following applications:

AVG Nation toolbar

Veetle TV

Step 2

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Link to post
Share on other sites
Harrie1

Harrie1

Posted
  • Author
Posted
I removed the 2 applications and then a scan with this result:

 

 

Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300

www.malwarebytes.org

 

Databaseversie: v2014.03.13.06

 

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16518

Harrie_Terhorst :: HARRIE [administrator]

 

Bescherming: Ingeschakeld

 

13-3-2014 19:01:41

mbam-log-2014-03-13 (19-01-41).txt

 

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: Heuristiek/Extra | P2P

Objecten gescand: 50094

Verstreken tijd: 7 minuut/minuten, 4 seconde(n)

 

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

 

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

 

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

 

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

 

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

 

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

 

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

 

(einde)

 

The problem is still there after a restart of the pc

Thanks

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites
Harrie1

Harrie1

Posted
  • Author
Posted

Thanks for the reply.

Here is the text from step 1 JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by Harrie_Terhorst on vr 14-03-2014 at 17:43:44,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355535536}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366536636}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550355535536}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366536636}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355535536}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355535536}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366536636}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{54B0371E-C2AA-4A32-AB9A-8D4F30141D79}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Harrie_Terhorst\appdata\local\apn"
Failed to delete: [Folder] "C:\Program Files (x86)\freehdsport.tv"
 
 
 
~~~ Chrome
 
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 14-03-2014 at 17:56:47,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites
Harrie1

Harrie1

Posted
  • Author
Posted

Here is the result from step 2:

# AdwCleaner v3.022 - Report created 14/03/2014 at 18:08:56
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Harrie_Terhorst - HARRIE
# Running from : C:\Users\Harrie_Terhorst\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\AVG Nation toolbar
Folder Deleted : C:\Program Files (x86)\FreeHDSport TV
Folder Deleted : C:\Program Files (x86)\FreeHDSport.TV
Folder Deleted : C:\Users\HARRIE~1\AppData\Local\Temp\apn
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\Users\HARRIE~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage
File Deleted : C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage-journal
File Deleted : C:\WINDOWS\System32\Tasks\Dealply
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535536}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12C1F3F5-4FB2-4191-A1FD-CA464E6823C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FA9C2C7-B82C-4944-B077-E1D8EA9E2B3D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{730C3A0D-8C88-468A-B617-7E9913DD6ABC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA267627-1EF3-4619-A982-8B57C636CA73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C11CE4D0-9C73-491D-A95C-23C0B7BBD490}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535536}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}
Key Deleted : HKCU\Software\AppDataLow\Software\FreeHDSport TV
Key Deleted : HKLM\Software\FreeHDSport TV
Key Deleted : HKLM\Software\PIP
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v33.0.1750.146
 
[ File : C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4665 octets] - [14/03/2014 18:03:56]
AdwCleaner[s0].txt - [3887 octets] - [14/03/2014 18:08:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3947 octets] ##########
Link to post
Share on other sites
Harrie1

Harrie1

Posted
  • Author
Posted

Here is the new OTL log file:

 

OTL logfile created on: 16-3-2014 20:58:43 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Harrie_Terhorst\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy
 
3,88 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 58,00% Memory free
4,57 Gb Paging File | 2,86 Gb Available in Paging File | 62,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 92,57 Gb Total Space | 45,04 Gb Free Space | 48,65% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,29 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
 
Computer Name: HARRIE | User Name: Harrie_Terhorst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-03-09 17:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Harrie_Terhorst\Downloads\OTL.exe
PRC - [2014-03-07 13:49:19 | 001,358,848 | ---- | M] (Barnesandnoble.com llc) -- C:\Program Files\WindowsApps\BarnesNoble.Nook_1.8.0.6307_x86__ahnzqzva31enc\NookClient.exe
PRC - [2014-03-02 03:35:27 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014-01-22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014-01-19 13:34:56 | 000,078,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2014-01-19 13:34:49 | 000,448,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2014-01-03 01:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013-09-24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
PRC - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013-07-16 20:56:36 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-01-05 10:10:03 | 000,208,464 | ---- | M] () -- C:\ProgramData\YogaSmartSwicth\yogaserver.exe
PRC - [2012-07-27 20:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2012-07-19 19:09:42 | 000,708,648 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
PRC - [2012-07-19 19:09:42 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012-07-16 09:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-03-11 21:41:07 | 000,785,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\805be8b7f84002fd634adf0a6cc01047\System.ServiceModel.Internals.ni.dll
MOD - [2014-03-08 17:38:31 | 000,482,304 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud.1553bc1e#\8f840a59c1f25dd08984252630915c00\Nook.Cloud.NativeServices.ni.dll
MOD - [2014-03-08 17:38:29 | 000,241,152 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Notificatioc5a47191#\1186610703e36f98640197deefaf312a\NotificationsExtensions.ni.dll
MOD - [2014-03-08 17:38:27 | 000,513,024 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud\9b380dfa65f768d2d2a662b0348ddd89\Nook.Cloud.ni.dll
MOD - [2014-03-08 17:38:11 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\c2f2c5073965c1d04b9023f65d3fe349\SMDiagnostics.ni.dll
MOD - [2014-03-08 17:38:08 | 000,337,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\f867cb52dc4fcc5ebaa80ffbd2976b3e\Windows.Data.ni.dll
MOD - [2014-03-08 17:38:07 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Globalization\8117ba37bd357ad43611bbc9bdfca567\System.Globalization.ni.dll
MOD - [2014-03-08 17:38:06 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.429e8964#\f2cc82f8999d2aa1c6660c806177ec61\System.Xml.XmlSerializer.ni.dll
MOD - [2014-03-08 17:38:06 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IO\042586835cba6dc3b2850f9f5a9483e7\System.IO.ni.dll
MOD - [2014-03-08 17:38:05 | 000,238,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\d5b9aa521932d0e448fcec4c8a7668ee\Windows.Globalization.ni.dll
MOD - [2014-03-08 17:38:04 | 000,960,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c9f5748b453ed1334d500ba0f8cd893b\Windows.UI.ni.dll
MOD - [2014-03-08 17:38:04 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ObjectModel\ddc4d9d5d71dc5987a0ccc8a3109cf3c\System.ObjectModel.ni.dll
MOD - [2014-03-08 17:38:01 | 000,133,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\a89efd02ed532244af2618bd2258658d\Windows.System.ni.dll
MOD - [2014-03-08 17:38:00 | 000,808,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\ae4e23764df4e166aae70ec4bfa75616\Windows.Storage.ni.dll
MOD - [2014-03-08 17:37:59 | 000,797,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\19a8d1fd6ba18245c4dde13875b6e1d3\Windows.Networking.ni.dll
MOD - [2014-03-08 17:37:57 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Thre7bb2aad0#\377a9fc969cd342e46c970eef309c528\System.Threading.Tasks.ni.dll
MOD - [2014-03-08 17:37:56 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Collections\ed21f43f727dc714483c4dc389adffb4\System.Collections.ni.dll
MOD - [2014-03-08 17:37:54 | 001,131,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\7afc662c6dd9522510958dd7b23baad7\Windows.ApplicationModel.ni.dll
MOD - [2014-03-08 17:37:49 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtbff93e24#\380573a8261d3347ae37503ddc854abf\System.Runtime.InteropServices.WindowsRuntime.ni.dll
MOD - [2014-03-08 17:37:48 | 003,536,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\4946d643ed8c96ecda72bacf7b61430f\Windows.UI.Xaml.ni.dll
MOD - [2014-03-07 13:49:19 | 012,953,600 | ---- | M] () -- C:\Program Files\WindowsApps\BarnesNoble.Nook_1.8.0.6307_x86__ahnzqzva31enc\Nook.Cloud.NativeServices.dll
MOD - [2014-03-02 03:35:20 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
MOD - [2014-03-02 03:35:19 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
MOD - [2014-03-02 03:35:15 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
MOD - [2014-02-16 16:07:45 | 000,228,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\944bf33aded9f0e78c282767583019d9\Windows.Foundation.ni.dll
MOD - [2014-02-16 16:07:45 | 000,018,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime\cb94f731a1ebd6b9877cd110c0c6ed45\System.Runtime.ni.dll
MOD - [2014-02-16 16:02:52 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a7db022b87017cc62542ef85d19c7fb1\CustomMarshalers.ni.dll
MOD - [2014-02-16 16:02:02 | 002,297,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3430f069c93f4233f0dbb775cb73b49b\System.Core.ni.dll
MOD - [2014-02-16 15:59:17 | 005,463,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\672138dc2f47a077f59ef14290a6973e\System.Xml.ni.dll
MOD - [2014-02-16 15:59:13 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a673aacf407b499981342bb709cce917\System.Windows.Forms.ni.dll
MOD - [2014-02-16 15:59:05 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d76ae95d56d39a59f727f5518ac8e396\System.Drawing.ni.dll
MOD - [2014-02-16 15:58:32 | 007,993,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\20af51394609c937507288c2b1cf2c8c\System.ni.dll
MOD - [2014-02-16 15:58:26 | 011,499,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3de119146ed0e59408f896aa69cdfc42\mscorlib.ni.dll
MOD - [2014-02-16 15:58:18 | 007,803,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\fd6afdb3a9309e9af89222b778f5901c\System.Xml.ni.dll
MOD - [2014-02-16 15:57:48 | 000,098,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#\00fd6b9fc7353b024079f65164bdc73f\System.Runtime.WindowsRuntime.UI.Xaml.ni.dll
MOD - [2014-02-16 15:57:47 | 000,573,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#\e209e80a78aee1367c92f1dd884d8f58\System.Runtime.WindowsRuntime.ni.dll
MOD - [2014-02-16 15:57:46 | 002,804,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\b110ef93e43ad2abdfa7b12c99443144\System.Runtime.Serialization.ni.dll
MOD - [2014-02-16 15:57:34 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\9ab0202718d44c5bfe5120745304808a\System.Configuration.ni.dll
MOD - [2014-02-16 15:57:08 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ab8978239d891c4afffd6a6df3996a6e\System.Core.ni.dll
MOD - [2014-02-16 15:57:03 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8455c031f8ffe82a0109c563873260e8\System.ni.dll
MOD - [2014-01-19 13:34:55 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
MOD - [2014-01-19 13:32:53 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2014-01-03 01:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013-12-03 01:37:02 | 017,376,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\ebdd49343f711b2029293f8e621b28a2\mscorlib.ni.dll
MOD - [2013-11-19 16:50:01 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2013-11-19 16:45:13 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013-10-19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013-08-17 01:06:23 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2013-01-05 10:10:03 | 000,208,464 | ---- | M] () -- C:\ProgramData\YogaSmartSwicth\yogaserver.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-02-06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013-11-27 16:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013-11-27 10:17:40 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013-11-23 05:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-11-08 04:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013-10-31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013-10-31 01:29:53 | 000,348,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013-10-31 01:29:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-10-22 02:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013-10-07 11:43:16 | 009,281,840 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2013-10-04 09:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013-09-30 05:03:28 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-09-30 05:03:28 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013-09-30 05:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013-08-22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013-08-22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 11:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013-08-22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 10:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013-08-22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 10:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013-08-22 10:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013-08-22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013-07-16 20:56:36 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe -- (Lenovo System Agent Service)
SRV:64bit: - [2012-07-30 12:27:06 | 000,036,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)
SRV:64bit: - [2012-07-30 12:27:00 | 000,030,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV:64bit: - [2012-07-30 12:26:58 | 000,029,056 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV:64bit: - [2012-06-08 10:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Stopped] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2012-04-20 23:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011-12-01 10:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2014-02-24 02:24:38 | 000,481,816 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014-01-16 10:34:08 | 000,495,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2013-12-21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-12-18 09:38:40 | 002,102,072 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013-12-03 10:56:50 | 000,079,000 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2013-10-03 22:43:02 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-09-30 05:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013-09-24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013-08-22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-01-05 10:10:03 | 000,027,216 | ---- | M] (Lenovo) [Auto | Running] -- C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe -- (ymc)
SRV - [2012-09-01 01:26:58 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe -- (BTDevManager)
SRV - [2012-07-19 19:09:42 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012-07-17 10:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 10:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-07-17 10:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-07-16 09:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012-07-13 10:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011-08-18 01:29:52 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2011-05-24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011-04-26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013-11-25 21:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013-11-25 21:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013-11-25 21:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013-11-11 03:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013-11-09 12:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-11-01 12:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-10-31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013-10-31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013-10-31 01:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013-10-31 01:29:36 | 000,236,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-10-31 01:29:36 | 000,124,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013-10-31 01:28:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-10-26 02:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013-10-21 22:28:28 | 000,252,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2013-10-13 03:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013-10-05 16:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013-10-03 22:42:44 | 004,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-10-01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013-09-30 05:03:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-09-30 05:03:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-09-30 05:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013-09-30 04:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013-09-30 04:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013-09-30 04:51:01 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2013-09-26 10:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013-09-26 10:08:22 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013-09-26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013-09-10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013-09-04 15:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013-08-22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 13:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013-08-22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 13:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013-08-22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 13:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013-08-22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 13:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013-08-22 13:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013-08-22 13:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013-08-22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 12:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013-08-22 12:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013-08-22 12:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2013-08-22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 12:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013-08-22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 12:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013-08-22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 12:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013-08-22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 12:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013-08-22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 11:27:46 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2013-08-22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-13 00:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-07-31 19:25:45 | 001,975,000 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTWlanU.sys -- (RtlWlanu)
DRV:64bit: - [2013-07-30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-07-04 10:22:20 | 000,066,560 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88179_178a.sys -- (AX88179)
DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-01-05 10:11:08 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013-01-05 10:11:08 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2013-01-05 10:10:03 | 000,017,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\leymc.sys -- (leymc)
DRV:64bit: - [2012-11-24 06:42:18 | 000,461,624 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012-11-06 14:04:20 | 000,036,864 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012-09-03 06:26:02 | 001,609,376 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012-09-01 11:22:22 | 000,696,464 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtkBtfilter.sys -- (RtkBtFilter)
DRV:64bit: - [2012-08-25 03:10:12 | 000,981,112 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2012-07-20 10:09:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012-07-13 09:50:40 | 000,361,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2012-07-13 09:50:34 | 000,096,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2012-07-13 09:50:32 | 000,228,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2012-07-02 08:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-06-19 00:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-06-15 06:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012-06-14 02:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2005-09-23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2013-12-16 14:34:30 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{721DC94E-F4CD-42AB-BA0D-466FF61E92A1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{721DC94E-F4CD-42AB-BA0D-466FF61E92A1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\..\SearchScopes,DefaultScope = {564FF2E6-9F50-40FC-8C03-7E2902043B50}
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\..\SearchScopes\{564FF2E6-9F50-40FC-8C03-7E2902043B50}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}
IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Harrie_Terhorst\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
 
[2014-02-14 20:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harrie_Terhorst\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013-06-30 09:44:04 | 000,242,624 | ---- | M] () (No name found) -- C:\Users\Harrie_Terhorst\AppData\Roaming\mozilla\firefox\profiles\extensions\fhdp3@freehdsp.tv.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.nl/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Documenten = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Google Zoeken = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail Checker = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Google Wallet = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Chrome to Phone = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: MyHarmony Chrome Plugin = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf\1.2.0.0_0\
CHR - Extension: Gmail = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013-08-22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [btServer] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe (Realtek Semiconductor Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe ()
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo Transition] C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [synLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4:64bit: - HKLM..\Run: [yogaserver] C:\ProgramData\YogaSmartSwicth\yogaserver.exe ()
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332STI.EXE (Vimicro)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Afbeelding verzenden naar Bluetooth-apparaat - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Pagina verzenden naar Bluetooth-apparaat - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm ()
O8 - Extra context menu item: Afbeelding verzenden naar Bluetooth-apparaat - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Pagina verzenden naar Bluetooth-apparaat - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{056A7E73-B38D-4DA3-AB17-FAE68F3E6275}: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A82160DD-72B9-46E5-94A3-2BFBB0A78AA1}: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C288C22B-BA5F-45FE-AC89-195C662F340D}: DhcpNameServer = 62.179.104.196 213.46.228.196
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\lenovo transition.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\motioncontrol.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\pmbbrowser.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\pmbinit.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\lenovo transition.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\motioncontrol.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\pmbbrowser.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\pmbinit.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-08-18 22:39:09 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8711b680-31db-11e3-bead-80f9d4e77867}\Shell - "" = AutoRun
O33 - MountPoints2\{8711b680-31db-11e3-bead-80f9d4e77867}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe" 
O33 - MountPoints2\{b3e6f6bd-4405-11e3-beb4-000ec6817901}\Shell - "" = AutoRun
O33 - MountPoints2\{b3e6f6bd-4405-11e3-beb4-000ec6817901}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sh4native Sh4Removal)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-03-14 18:03:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-03-14 17:43:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014-03-12 18:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014-03-08 19:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014-03-01 15:50:47 | 000,040,248 | ---- | C] (AVG) -- C:\WINDOWS\SysNative\TURegOpt.exe
[2014-03-01 15:50:47 | 000,029,496 | ---- | C] (AVG) -- C:\WINDOWS\SysNative\authuitu.dll
[2014-03-01 15:50:47 | 000,025,400 | ---- | C] (AVG) -- C:\WINDOWS\SysWow64\authuitu.dll
[2014-03-01 15:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014-03-16 20:59:45 | 001,823,174 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-03-16 20:59:45 | 000,812,244 | ---- | M] () -- C:\WINDOWS\SysNative\perfh013.dat
[2014-03-16 20:59:45 | 000,728,134 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-03-16 20:59:45 | 000,164,488 | ---- | M] () -- C:\WINDOWS\SysNative\perfc013.dat
[2014-03-16 20:59:45 | 000,137,954 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-03-16 20:56:34 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-03-16 20:55:18 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-03-16 20:54:33 | 3334,696,960 | -HS- | M] () -- C:\hiberfil.sys
[2014-03-16 20:54:33 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2014-03-16 16:27:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-03-16 15:21:41 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001UA.job
[2014-03-13 19:17:35 | 000,661,056 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014-03-12 18:14:39 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014-03-09 18:26:56 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home.lnk
[2014-03-09 18:26:56 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home Help.lnk
[2014-03-08 20:08:18 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001Core.job
[2014-03-08 19:38:20 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-03-02 19:42:04 | 000,000,000 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Local\RegisteredPackageInformation.xml
[2014-03-01 16:09:23 | 000,001,438 | ---- | M] () -- C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk
[2014-03-01 15:50:46 | 000,002,244 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-klik Onderhoud.lnk
[2014-03-01 15:50:46 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2014-02-23 12:39:47 | 000,001,140 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk
[2014-02-18 21:18:49 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014-03-13 17:59:10 | 000,386,722 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014-03-08 19:38:20 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-03-01 16:09:23 | 000,001,438 | ---- | C] () -- C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk
[2014-03-01 15:50:46 | 000,002,244 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-klik Onderhoud.lnk
[2014-03-01 15:50:46 | 000,002,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2014-03-01 15:50:46 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
[2014-02-17 20:05:22 | 3334,696,960 | -HS- | C] () -- C:\hiberfil.sys
[2014-01-22 20:25:51 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013-12-23 18:15:36 | 000,003,584 | ---- | C] () -- C:\Users\Harrie_Terhorst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-11-04 21:54:09 | 000,003,349 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat.temp
[2013-10-18 15:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\dlumd9.dll
[2013-10-18 15:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\dlumd11.dll
[2013-10-18 15:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\dlumd10.dll
[2013-10-03 22:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013-10-03 22:42:40 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013-10-03 22:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013-08-22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013-08-19 13:27:56 | 000,000,000 | ---- | C] () -- C:\Users\Harrie_Terhorst\AppData\Local\RegisteredPackageInformation.xml
[2013-04-04 18:50:06 | 000,000,600 | ---- | C] () -- C:\Users\Harrie_Terhorst\AppData\Local\PUTTY.RND
[2013-03-17 13:01:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\SysWow64\srvany.exe
[2013-02-16 17:44:24 | 000,236,675 | ---- | C] () -- C:\WINDOWS\hpwins05.dat
[2013-02-16 17:44:24 | 000,003,349 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat
[2013-02-03 07:03:04 | 000,016,435 | ---- | C] () -- C:\Users\Harrie_Terhorst\AppData\Roaming\AbsoluteReminder.xml
[2013-01-05 10:04:25 | 000,451,072 | ---- | C] () -- C:\WINDOWS\SysWow64\ISSRemoveSP.exe
[2013-01-05 10:04:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\runSW.exe
[2013-01-05 10:04:13 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013-01-05 10:01:58 | 000,001,915 | ---- | C] () -- C:\WINDOWS\vm332Rmv.ini
[2013-01-05 10:01:58 | 000,001,915 | ---- | C] () -- C:\WINDOWS\SysWow64\vm332Rmv.ini
[2012-07-25 21:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012-07-25 21:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2012-04-20 22:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013-12-23 17:43:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-11-23 12:49:06 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-11-23 09:19:35 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014-03-12 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2014-03-12 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013-11-18 21:59:38 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\.ACEStream
[2014-02-14 20:29:42 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\42800797
[2013-11-18 21:59:38 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\ACEStream
[2013-10-18 15:53:44 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Actual Tools
[2014-02-14 20:17:44 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\AVG
[2014-02-14 20:08:59 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\AVG2014
[2014-03-10 22:12:56 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Belastingdienst
[2014-03-16 20:56:18 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox
[2013-02-20 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\IDM
[2013-05-10 14:14:57 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Leadertech
[2013-04-29 10:14:20 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\MAGIX
[2014-02-18 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\MediaMonkey
[2013-02-16 17:28:10 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Nitro PDF
[2013-02-16 14:06:52 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Spotnet
[2014-02-14 20:08:35 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Harrie_Terhorst\SkyDrive:ms-properties
 
< End of report >
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please uninstall the following applications:

AVG PC TuneUp 2014

AVG PC TuneUp 2014 (nl-NL)

AVG Nation toolbar

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    [2013-06-30 09:44:04 | 000,242,624 | ---- | M] () (No name found) -- C:\Users\Harrie_Terhorst\AppData\Roaming\mozilla\firefox\profiles\extensions\fhdp3@freehdsp.tv.xpi

    [2014-03-12 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

    [2014-03-12 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

    [2014-02-14 20:29:42 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\42800797

    [2014-02-14 20:08:35 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\TuneUp Software

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

    [clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites
Harrie1

Harrie1

Posted
  • Author
Posted

I runned the fix with OTL.

The output was too long to post

Here is the beginning and the end of the list:

 

All processes killed
========== OTL ==========
C:\Users\Harrie_Terhorst\AppData\Roaming\mozilla\firefox\profiles\extensions\fhdp3@freehdsp.tv.xpi moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software folder moved successfully.
Folder C:\Users\Default User\AppData\Roaming\TuneUp Software\ not found.
C:\Users\Harrie_Terhorst\AppData\Roaming\42800797 folder moved successfully.
C:\Users\Harrie_Terhorst\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Harrie_Terhorst\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Harrie_Terhorst\AppData\Roaming\TuneUp Software folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Harrie_Terhorst\Downloads\cmd.bat deleted successfully.
C:\Users\Harrie_Terhorst\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: Harrie_Terhorst
->Temp folder emptied: 669149208 bytes
->Temporary Internet Files folder emptied: 910261046 bytes
->Google Chrome cache emptied: 278645373 bytes
->Flash cache emptied: 76128 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1525990 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2381484530 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 4.045,00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 03182014_190038
 
Files\Folders moved on Reboot...
C:\Users\Harrie_Terhorst\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
C:\WINDOWS\temp\CR_13080.tmp\setup.exe moved successfully.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft.windows.s..ation.badcomponents_31bf3856ad364e35_6.3.9600.16384_none_cd3183f2deb856d2\suppression.xml scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-usermodensi.resources_31bf3856ad364e35_6.3.9600.16384_en-us_d0f0daaffb6cc7bb\nsisvc.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\bfsvc.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\CbsCore.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\CbsMsg.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cleanupai.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cmiadapter.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cmiaisupport.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cmitrust.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cmiv2.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\CntrtextInstaller.dll scheduled to be moved on reboot.
 
 
 
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Program Files\Common Files\Microsoft Shared\ink\en-us\tabskb.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Program Files\Common Files\Microsoft Shared\ink\en-us\TabTip.exe.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Program Files\Common Files\Microsoft Shared\ink\en-us\TipBand.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Program Files\Common Files\Microsoft Shared\ink\en-us\TipRes.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Program Files\Common Files\Microsoft Shared\ink\en-us\tipresx.dll.mui scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Program Files\Common Files\Microsoft Shared\ink\en-us\TipTsf.dll.mui scheduled to be moved on reboot.
C:\WINDOWS\temp\chrome_installer.log moved successfully.
C:\WINDOWS\temp\FireFly(20140318182531A04).log moved successfully.
C:\WINDOWS\temp\integratedoffice.exe_c2ruidll(20140318182531A04).log moved successfully.
C:\WINDOWS\temp\integratedoffice.exe_streamserver(20140318182531A04).log moved successfully.
File move failed. C:\WINDOWS\temp\ood_stream.x86.nl-nl.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Link to post
Share on other sites
Harrie1

Harrie1

Posted
  • Author
Posted

I downloaded the Farbar Recovery Scan tool and scanned my pc

 

Here is the content of the file FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Harrie_Terhorst (administrator) on HARRIE on 19-03-2014 18:48:10
Running from C:\Users\Harrie_Terhorst\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
() C:\WINDOWS\system32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
() C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(Dropbox, Inc.) C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Barnesandnoble.com llc) C:\Program Files\WindowsApps\BarnesNoble.Nook_1.8.0.6307_x86__ahnzqzva31enc\NookClient.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] - C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-15] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [btServer] - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation)
HKLM\...\Run: [synLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-24] (Synaptics)
HKLM\...\Run: [Lenovo Transition] - C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2013-01-05] (Lenovo)
HKLM\...\Run: [yogaserver] - C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2013-01-05] ()
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-01-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-01-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-09-06] (Vimicro)
HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2534936 2014-02-24] (Sony Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-231642352-623416637-1905510808-1001\...\Run: [Google Update] - C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-19] (Google Inc.)
HKU\S-1-5-21-231642352-623416637-1905510808-1001\...\MountPoints2: {8711b680-31db-11e3-bead-80f9d4e77867} - "E:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-231642352-623416637-1905510808-1001\...\MountPoints2: {b3e6f6bd-4405-11e3-beb4-000ec6817901} - "E:\HTC_Sync_Manager_PC.exe" 
Startup: C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk
ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - {721DC94E-F4CD-42AB-BA0D-466FF61E92A1} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {721DC94E-F4CD-42AB-BA0D-466FF61E92A1} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {564FF2E6-9F50-40FC-8C03-7E2902043B50} URL = http://www.google.nl/search?hl=nl&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {564FF2E6-9F50-40FC-8C03-7E2902043B50} URL = http://www.google.nl/search?hl=nl&q={searchTerms}
SearchScopes: HKCU - {721DC94E-F4CD-42AB-BA0D-466FF61E92A1} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.179.104.196 213.46.228.196
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Harrie_Terhorst\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR RestoreOnStartup: "spellcheck": {
      "dictionary": "en-US"
CHR Plugin: (Shockwave Flash) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Documenten) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-04]
CHR Extension: (Google Drive) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-04]
CHR Extension: (YouTube) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-04]
CHR Extension: (Adblock Plus) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-02-04]
CHR Extension: (Google Zoeken) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-04]
CHR Extension: (Google Mail Checker) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-02-04]
CHR Extension: (Google Wallet) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Google Chrome to Phone) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-02-04]
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2013-04-05]
CHR Extension: (Gmail) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-04]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-04-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-09-01] ()
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [36224 2012-07-30] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-07-16] (LENOVO INCORPORATED.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-02-24] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2013-01-05] (Lenovo)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
S3 AX88179; C:\Windows\system32\DRIVERS\ax88179_178a.sys [66560 2013-07-04] (ASIX Electronics Corp.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2013-01-05] (Lenovo)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [36864 2012-11-06] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-19 18:48 - 2014-03-19 18:48 - 00023581 _____ () C:\Users\Harrie_Terhorst\Downloads\FRST.txt
2014-03-19 18:47 - 2014-03-19 18:48 - 00000000 ____D () C:\FRST
2014-03-19 18:46 - 2014-03-19 18:47 - 02157056 _____ (Farbar) C:\Users\Harrie_Terhorst\Downloads\FRST64.exe
2014-03-18 19:00 - 2014-03-18 19:00 - 00000000 ____D () C:\_OTL
2014-03-18 18:32 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-18 18:32 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-18 18:32 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-18 18:32 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-18 18:31 - 2014-01-08 02:46 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-18 18:31 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-18 18:31 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-18 18:31 - 2014-01-04 16:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-18 18:31 - 2014-01-04 16:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-18 18:31 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-18 18:31 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-18 18:31 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-18 18:31 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-18 18:31 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-18 18:31 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-18 18:31 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-18 18:31 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-18 18:31 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-18 18:31 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-18 18:31 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-18 18:31 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-18 18:31 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-18 18:31 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-18 18:31 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-18 18:31 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-18 18:31 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-18 18:31 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-18 18:31 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 18:31 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-18 18:31 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-18 18:31 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 18:31 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-18 18:31 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-18 18:31 - 2013-12-13 08:24 - 00121088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2014-03-18 18:31 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-18 18:31 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-18 18:31 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-18 18:31 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-14 18:18 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-14 18:18 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-14 18:18 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-14 18:03 - 2014-03-14 18:09 - 00000000 ____D () C:\AdwCleaner
2014-03-14 18:00 - 2014-03-14 18:00 - 01950720 _____ () C:\Users\Harrie_Terhorst\Downloads\AdwCleaner.exe
2014-03-14 17:56 - 2014-03-14 17:56 - 00004923 _____ () C:\Users\Harrie_Terhorst\Desktop\JRT.txt
2014-03-14 17:43 - 2014-03-14 17:43 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-14 17:42 - 2014-03-14 17:42 - 01037734 _____ (Thisisu) C:\Users\Harrie_Terhorst\Downloads\JRT.exe
2014-03-13 17:59 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-13 17:59 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-13 17:59 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-13 17:59 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-13 17:59 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-13 17:59 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-13 17:59 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-13 17:59 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-13 17:59 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-13 17:59 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-13 17:59 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-13 17:59 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-13 17:59 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-13 17:59 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-13 17:59 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-13 17:59 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-13 17:59 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-13 17:59 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-13 17:59 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-13 17:59 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-13 17:59 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-13 17:59 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-13 17:59 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-13 17:59 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-13 17:59 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-13 17:59 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-13 17:59 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-13 17:59 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-13 17:59 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-13 17:59 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-13 17:59 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-13 17:59 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-13 17:59 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-13 17:59 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-13 17:59 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-13 17:59 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-13 17:59 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-13 17:59 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-13 17:59 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-13 17:59 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-13 17:59 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-13 17:59 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-13 17:59 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-13 17:59 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-13 17:59 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-13 17:59 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-13 17:59 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-13 17:59 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-13 17:59 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-13 17:59 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-13 17:59 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-13 17:59 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-13 17:59 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-13 17:59 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-13 17:59 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-10 21:49 - 2014-03-10 21:49 - 00017879 _____ () C:\Users\Harrie_Terhorst\Downloads\011778209 (2).ibv2013
2014-03-10 21:48 - 2014-03-10 21:48 - 00017879 _____ () C:\Users\Harrie_Terhorst\Downloads\011778210.ibv2013
2014-03-09 18:30 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2014-03-09 17:43 - 2014-03-09 17:43 - 00089530 _____ () C:\Users\Harrie_Terhorst\Downloads\Extras.Txt
2014-03-09 17:41 - 2014-03-16 21:14 - 00160128 _____ () C:\Users\Harrie_Terhorst\Downloads\OTL.Txt
2014-03-09 17:23 - 2014-03-09 17:23 - 00602112 _____ (OldTimer Tools) C:\Users\Harrie_Terhorst\Downloads\OTL.exe
2014-03-08 20:26 - 2014-03-08 20:26 - 00688992 _____ (Swearware) C:\Users\Harrie_Terhorst\Downloads\dds.com
2014-03-08 20:25 - 2014-03-08 20:25 - 00688992 _____ (Swearware) C:\Users\Harrie_Terhorst\Downloads\dds.scr
2014-03-08 20:17 - 2014-03-08 20:25 - 204744952 _____ (CURIOLAB S.M.B.A.) C:\Users\Harrie_Terhorst\Downloads\ExterminateItSetup.exe
2014-03-08 19:38 - 2014-03-08 19:38 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-08 19:37 - 2014-03-08 19:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harrie_Terhorst\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-08 19:27 - 2014-03-08 19:27 - 00002792 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-03-08 19:27 - 2014-03-08 19:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-08 19:26 - 2014-03-08 19:26 - 04765152 _____ (Piriform Ltd) C:\Users\Harrie_Terhorst\Downloads\ccsetup411.exe
2014-03-08 17:15 - 2014-03-08 17:15 - 00390269 _____ () C:\Users\Harrie_Terhorst\Downloads\Wally73408.par2.nzb
2014-03-08 17:11 - 2014-03-08 17:11 - 00158725 _____ () C:\Users\Harrie_Terhorst\Downloads\Arrow.S02E11.HDTV.x264.nzb
2014-03-08 17:09 - 2014-03-08 17:09 - 00677834 _____ () C:\Users\Harrie_Terhorst\Downloads\Arrow.S02E11.720p.HDTV.X264.nzb
2014-03-07 13:40 - 2014-03-07 13:40 - 00002008 _____ () C:\Users\Harrie_Terhorst\Downloads\Tornado-post-op-www.wickedreaction.ws-03-reaction032.nzb
2014-03-07 13:40 - 2014-03-07 13:40 - 00000000 ____D () C:\Users\Harrie_Terhorst\Downloads\Tornado-post-op-www.wickedreaction.ws-03-reaction032
2014-03-01 16:32 - 2014-03-01 16:32 - 00008450 _____ () C:\Users\Harrie_Terhorst\Downloads\011778209.ibv2013
2014-03-01 16:10 - 2014-03-01 16:10 - 00009596 _____ () C:\Users\Harrie_Terhorst\Downloads\096083153.ibv2013
2014-03-01 16:09 - 2014-03-01 16:09 - 02836400 _____ (Belastingdienst) C:\Users\Harrie_Terhorst\Downloads\ib2013_win_setup.exe
2014-03-01 16:09 - 2014-03-01 16:09 - 00001438 _____ () C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk
2014-03-01 15:50 - 2013-12-18 09:38 - 00029496 _____ (AVG) C:\WINDOWS\system32\authuitu.dll
2014-03-01 15:50 - 2013-12-18 09:38 - 00025400 _____ (AVG) C:\WINDOWS\SysWOW64\authuitu.dll
2014-03-01 15:49 - 2014-03-01 15:49 - 78353784 _____ (AVG) C:\Users\Harrie_Terhorst\Downloads\avg_tuh_stf_all_2014_295.exe
2014-03-01 14:53 - 2014-03-01 14:53 - 00000760 _____ () C:\Users\Harrie_Terhorst\Downloads\Arrow-S02E10-720p-HDTV-Nl-subs-DutchReleaseTeam.rar.nzb
 
==================== One Month Modified Files and Folders =======
 
2014-03-19 18:48 - 2014-03-19 18:48 - 00023581 _____ () C:\Users\Harrie_Terhorst\Downloads\FRST.txt
2014-03-19 18:48 - 2014-03-19 18:47 - 00000000 ____D () C:\FRST
2014-03-19 18:48 - 2014-02-14 20:05 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-19 18:47 - 2014-03-19 18:46 - 02157056 _____ (Farbar) C:\Users\Harrie_Terhorst\Downloads\FRST64.exe
2014-03-19 18:46 - 2013-11-19 16:52 - 00005082 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HARRIE-Harrie_Terhorst Harrie
2014-03-19 18:46 - 2013-02-19 21:48 - 00000000 ___RD () C:\Users\Harrie_Terhorst\Dropbox
2014-03-19 18:46 - 2013-02-19 21:46 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox
2014-03-19 18:46 - 2013-02-04 07:47 - 00001084 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 18:45 - 2013-10-18 15:46 - 00000000 __RDO () C:\Users\Harrie_Terhorst\SkyDrive
2014-03-19 18:45 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-19 18:45 - 2013-02-03 07:02 - 00016378 _____ () C:\Users\Harrie_Terhorst\AppData\Local\BTServer.log
2014-03-19 18:45 - 2013-01-05 10:04 - 00000000 ____D () C:\ProgramData\Realtek
2014-03-18 22:19 - 2013-08-22 14:25 - 02097152 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-18 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-18 21:50 - 2013-02-03 07:08 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-231642352-623416637-1905510808-1001
2014-03-18 21:48 - 2013-09-30 05:04 - 01823174 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-18 21:48 - 2013-02-03 08:03 - 00812244 _____ () C:\WINDOWS\system32\perfh013.dat
2014-03-18 21:48 - 2013-02-03 08:03 - 00164488 _____ () C:\WINDOWS\system32\perfc013.dat
2014-03-18 20:27 - 2013-02-04 07:47 - 00001088 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 20:21 - 2013-02-20 20:46 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001UA.job
2014-03-18 19:56 - 2013-10-18 12:29 - 01488586 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-18 19:27 - 2013-02-16 17:51 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Roaming\HpUpdate
2014-03-18 19:21 - 2013-02-03 07:02 - 00000000 ___RD () C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 19:21 - 2013-02-03 07:02 - 00000000 ___RD () C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 19:14 - 2013-09-30 04:55 - 00019830 _____ () C:\WINDOWS\PFRO.log
2014-03-18 19:14 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-18 19:00 - 2014-03-18 19:00 - 00000000 ____D () C:\_OTL
2014-03-18 18:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-18 18:46 - 2013-08-18 11:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 18:45 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-18 18:31 - 2014-02-14 20:07 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-18 18:30 - 2014-02-14 20:25 - 00003694 _____ () C:\WINDOWS\System32\Tasks\Adobe-online actualiseringsprogramma
2014-03-18 18:30 - 2014-02-14 20:25 - 00003676 _____ () C:\WINDOWS\System32\Tasks\HP-Online updateprogramma
2014-03-18 18:28 - 2013-10-18 15:48 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{90BBEC23-288E-4157-8A95-8C1E31FBD983}
2014-03-16 21:45 - 2013-11-10 17:36 - 00039292 _____ () C:\Users\Harrie_Terhorst\Downloads\Energie-verbruik.xlsx
2014-03-16 21:14 - 2014-03-09 17:41 - 00160128 _____ () C:\Users\Harrie_Terhorst\Downloads\OTL.Txt
2014-03-15 10:26 - 2013-11-15 16:32 - 00000000 ____D () C:\Users\Harrie_Terhorst\.MAX
2014-03-15 09:27 - 2013-11-15 16:32 - 00000000 ____D () C:\ProgramData\MAX
2014-03-14 18:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 18:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 18:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-14 18:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 18:09 - 2014-03-14 18:03 - 00000000 ____D () C:\AdwCleaner
2014-03-14 18:00 - 2014-03-14 18:00 - 01950720 _____ () C:\Users\Harrie_Terhorst\Downloads\AdwCleaner.exe
2014-03-14 17:56 - 2014-03-14 17:56 - 00004923 _____ () C:\Users\Harrie_Terhorst\Desktop\JRT.txt
2014-03-14 17:43 - 2014-03-14 17:43 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-14 17:42 - 2014-03-14 17:42 - 01037734 _____ (Thisisu) C:\Users\Harrie_Terhorst\Downloads\JRT.exe
2014-03-13 19:17 - 2013-08-22 15:44 - 00661056 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-13 19:17 - 2013-02-03 08:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 19:17 - 2013-02-03 08:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 18:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-03-12 18:14 - 2014-02-14 20:08 - 00001002 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-10 22:12 - 2013-03-04 17:29 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Roaming\Belastingdienst
2014-03-10 21:49 - 2014-03-10 21:49 - 00017879 _____ () C:\Users\Harrie_Terhorst\Downloads\011778209 (2).ibv2013
2014-03-10 21:48 - 2014-03-10 21:48 - 00017879 _____ () C:\Users\Harrie_Terhorst\Downloads\011778210.ibv2013
2014-03-09 18:31 - 2013-10-09 20:35 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2014-03-09 18:29 - 2013-10-09 20:34 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared
2014-03-09 18:26 - 2013-10-09 20:33 - 00002190 _____ () C:\Users\Public\Desktop\PlayMemories Home.lnk
2014-03-09 18:26 - 2013-10-09 20:33 - 00002090 _____ () C:\Users\Public\Desktop\PlayMemories Home Help.lnk
2014-03-09 18:24 - 2013-10-09 20:33 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-03-09 17:43 - 2014-03-09 17:43 - 00089530 _____ () C:\Users\Harrie_Terhorst\Downloads\Extras.Txt
2014-03-09 17:23 - 2014-03-09 17:23 - 00602112 _____ (OldTimer Tools) C:\Users\Harrie_Terhorst\Downloads\OTL.exe
2014-03-08 20:26 - 2014-03-08 20:26 - 00688992 _____ (Swearware) C:\Users\Harrie_Terhorst\Downloads\dds.com
2014-03-08 20:25 - 2014-03-08 20:25 - 00688992 _____ (Swearware) C:\Users\Harrie_Terhorst\Downloads\dds.scr
2014-03-08 20:25 - 2014-03-08 20:17 - 204744952 _____ (CURIOLAB S.M.B.A.) C:\Users\Harrie_Terhorst\Downloads\ExterminateItSetup.exe
2014-03-08 20:08 - 2013-02-20 20:46 - 00001068 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001Core.job
2014-03-08 19:38 - 2014-03-08 19:38 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-08 19:38 - 2013-08-19 14:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-08 19:37 - 2014-03-08 19:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harrie_Terhorst\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-08 19:27 - 2014-03-08 19:27 - 00002792 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-03-08 19:27 - 2014-03-08 19:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-08 19:26 - 2014-03-08 19:26 - 04765152 _____ (Piriform Ltd) C:\Users\Harrie_Terhorst\Downloads\ccsetup411.exe
2014-03-08 17:27 - 2013-08-22 15:46 - 00302598 _____ () C:\WINDOWS\setupact.log
2014-03-08 17:24 - 2013-02-20 20:46 - 00004086 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001UA
2014-03-08 17:24 - 2013-02-20 20:46 - 00003706 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001Core
2014-03-08 17:24 - 2013-02-04 07:47 - 00004060 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-08 17:24 - 2013-02-04 07:47 - 00003824 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-08 17:17 - 2013-03-11 21:39 - 00000000 ____D () C:\Users\Harrie_Terhorst\Downloads\Incompleet
2014-03-08 17:15 - 2014-03-08 17:15 - 00390269 _____ () C:\Users\Harrie_Terhorst\Downloads\Wally73408.par2.nzb
2014-03-08 17:11 - 2014-03-08 17:11 - 00158725 _____ () C:\Users\Harrie_Terhorst\Downloads\Arrow.S02E11.HDTV.x264.nzb
2014-03-08 17:09 - 2014-03-08 17:09 - 00677834 _____ () C:\Users\Harrie_Terhorst\Downloads\Arrow.S02E11.720p.HDTV.X264.nzb
2014-03-07 13:49 - 2013-02-03 07:02 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Local\Packages
2014-03-07 13:40 - 2014-03-07 13:40 - 00002008 _____ () C:\Users\Harrie_Terhorst\Downloads\Tornado-post-op-www.wickedreaction.ws-03-reaction032.nzb
2014-03-07 13:40 - 2014-03-07 13:40 - 00000000 ____D () C:\Users\Harrie_Terhorst\Downloads\Tornado-post-op-www.wickedreaction.ws-03-reaction032
2014-03-05 21:00 - 2013-10-19 15:28 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Local\Deployment
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 23:01 - 2013-02-05 07:29 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Roaming\vlc
2014-03-02 19:42 - 2013-08-19 13:27 - 00000000 _____ () C:\Users\Harrie_Terhorst\AppData\Local\RegisteredPackageInformation.xml
2014-03-02 14:35 - 2013-09-08 12:16 - 00000280 _____ () C:\Users\Harrie_Terhorst\Desktop\harrie.txt
2014-03-02 14:05 - 2013-02-09 18:07 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-01 16:32 - 2014-03-01 16:32 - 00008450 _____ () C:\Users\Harrie_Terhorst\Downloads\011778209.ibv2013
2014-03-01 16:10 - 2014-03-01 16:10 - 00009596 _____ () C:\Users\Harrie_Terhorst\Downloads\096083153.ibv2013
2014-03-01 16:09 - 2014-03-01 16:09 - 02836400 _____ (Belastingdienst) C:\Users\Harrie_Terhorst\Downloads\ib2013_win_setup.exe
2014-03-01 16:09 - 2014-03-01 16:09 - 00001438 _____ () C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk
2014-03-01 15:53 - 2014-02-14 20:17 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-03-01 15:53 - 2013-02-16 16:55 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Local\Microsoft Help
2014-03-01 15:49 - 2014-03-01 15:49 - 78353784 _____ (AVG) C:\Users\Harrie_Terhorst\Downloads\avg_tuh_stf_all_2014_295.exe
2014-03-01 14:53 - 2014-03-01 14:53 - 00000760 _____ () C:\Users\Harrie_Terhorst\Downloads\Arrow-S02E10-720p-HDTV-Nl-subs-DutchReleaseTeam.rar.nzb
2014-03-01 07:05 - 2014-03-13 17:59 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-13 17:59 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-13 17:59 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-13 17:59 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-13 17:59 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-13 17:59 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-13 17:59 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-13 17:59 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-13 17:59 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 17:59 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 17:59 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-13 17:59 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 17:59 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 17:59 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 17:59 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 17:59 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 17:59 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-22 14:56 - 2013-12-28 16:52 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2014-02-18 21:22 - 2013-12-30 09:36 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Roaming\MediaMonkey
2014-02-18 21:18 - 2013-12-30 09:36 - 00001066 _____ () C:\Users\Public\Desktop\MediaMonkey.lnk
2014-02-18 21:18 - 2013-12-30 09:36 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2014-02-17 20:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-17 20:18 - 2014-01-25 11:47 - 00000000 ____D () C:\Users\Harrie_Terhorst\Downloads\COMPLETE Nederlandse Top 40 van 2014  week 4
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-13 17:59] - [2014-01-31 17:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
 
 
 
LastRegBack: 2014-03-18 20:32
 
==================== End Of Log ============================
Link to post
Share on other sites
Harrie1

Harrie1

Posted
  • Author
Posted

Here is the output from the file addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Harrie_Terhorst at 2014-03-19 18:49:14
Running from C:\Users\Harrie_Terhorst\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7500_7600_7700_Help1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Aangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Actual Multiple Monitors 8.0.1 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 8.0.1 - Actual Tools)
Adobe Reader XI (11.0.06) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4336 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4336 - AVG Technologies) Hidden
bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DisplayLink Core Software (HKLM\...\{57EA1945-DF48-4F44-8599-C273C5E23F35}) (Version: 7.4.51572.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{A5C6F9B8-8277-4C1A-8E83-EFADA80A79CF}) (Version: 7.4.51587.0 - DisplayLink Corp.)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{E6A512D4-E5FB-4D42-8E83-D87F3A760802}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Knoll Light Factory EZ Studio (HKLM-x32\...\Knoll Light Factory EZ Studio) (Version:  - )
L7600 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.6.11.0 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.907.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.20 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
Logitech Harmony Remote Software (x86) (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Magic Bullet Looks Studio (HKLM-x32\...\Magic Bullet Looks Studio) (Version:  - )
MAGIX Movie Edit Pro 2013 Premium (HKLM-x32\...\MAGIX_{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}) (Version: 12.0.0.32 - MAGIX AG)
MAGIX Movie Edit Pro 2013 Premium (Version: 12.0.0.32 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{2F74F544-9A53-4787-A6B1-0844359040D7}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden
MAGIX Video deluxe Premium 2013 Update (Version: 12.0.2.2 - MAGIX AG) Hidden
Malwarebytes Anti-Malware versie 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Max Local Application (x32 Version: 1.4.0 - eQ-3 Entwicklung GmbH) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Office 365 voor Thuisgebruik Premium - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.41 - Lenovo)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Pinnacle Studio 14 (HKLM-x32\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Studio Ultimate Collection Plugins (HKLM-x32\...\{F5C372A1-40F3-49DA-A049-F75CDE9177DC}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle videodriver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PlayMemories Home (HKLM-x32\...\{3DAFB9F2-B1BF-4163-BE86-1C97F309A2F4}) (Version: 3.1.00.14240 - Sony Corporation)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{B6322D12-A133-4128-8306-DAFFF7231152}) (Version: 1.00.0196 - REALTEK Semiconductor Corp.)
Red Giant ToonIt Studio (HKLM-x32\...\Red Giant ToonIt Studio) (Version:  - )
SABnzbd 0.7.11 (HKLM-x32\...\SABnzbd) (Version: 0.7.11 - The SABnzbd Team)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 24.0.69180 - Sonos, Inc.)
SopCast 3.8.2 (HKLM-x32\...\SopCast) (Version: 3.8.2 - www.sopcast.com)
Spotnet (HKLM-x32\...\Spotnet 1.8.1.1) (Version: 1.8.1.1 - Spotnet)
Spotnet (x32 Version: 1.8.1.1 - Spotnet) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.4 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Trapcode 3DStroke Studio (HKLM-x32\...\Trapcode 3DStroke Studio) (Version:  - )
Trapcode Particular Studio (HKLM-x32\...\Trapcode Particular Studio) (Version:  - )
Trapcode Shine Studio (HKLM-x32\...\Trapcode Shine Studio) (Version:  - )
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft en-us Dictionary (Version: 16.1.723.1 - Microsoft Corporation) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Widevine Media Optimizer Chrome 6.0.0 (HKCU\...\optimizer_chrome) (Version: 6.0.0.12442 - Widevine Technologies)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12442 - Widevine Technologies)
Widevine Media Optimizer IE 6.0.0 (HKCU\...\optimizer_ie) (Version: 6.0.0.12442 - Widevine Technologies)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
09-03-2014 17:29:45 DirectX is geïnstalleerd.
13-03-2014 17:52:02 Windows Update
18-03-2014 17:30:41 AVG PC TuneUp 2014 is verwijderd
 
==================== Hosts content: ==========================
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0FE768B2-7835-48B3-BF48-C912193D770A} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {11236F62-981B-4389-820F-8D8F4C6286CA} - \DealPlyUpdate No Task File
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {25DB74C9-4F3C-416E-8265-E54C793A9BF5} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-07-16] ()
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3817B583-A1F7-4ECA-B267-514DD730FC16} - \FreeHDSport TV-updater No Task File
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4352C240-1EEA-4E3F-97D5-6E4BD0BB61B7} - System32\Tasks\Adobe-online actualiseringsprogramma => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {66A31874-79BC-417B-B521-6355AF63FAE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-04] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6E904C1B-EBF2-479A-A63C-D3AFC7D52A41} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\SystemAgent\AutoUpdate.exe [2013-07-16] ()
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7C611D3A-707C-4B46-A312-D048A314F99B} - \FreeHDSport TV-codedownloader No Task File
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8BC462D3-3697-471E-B304-6CEE6CC4AF72} - \Dealply No Task File
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {90FE7135-92FE-4064-A4AD-8C2CDB89F44F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-19] (Microsoft Corporation)
Task: {94FB41B9-1AE9-4C12-8F4D-2A2A71606F0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-04] (Google Inc.)
Task: {99A11283-0A0C-448A-ABAD-0B6FBDAA2850} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-24] (Synaptics Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B1F76F1B-9233-46BB-AA60-7FBB8CFBC435} - \FreeHDSport TV-enabler No Task File
Task: {B36309FA-D3A3-4EDF-A2E8-899E81023CC9} - System32\Tasks\HP-Online updateprogramma => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {B48CC5DC-3FBD-4A2A-9115-85DC7B333AC0} - \Desk 365 RunAsStdUser No Task File
Task: {C28C279C-2ED3-4010-A837-9E2EFFE8C8D3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {C2AE2A15-CED3-4550-98F2-505E3DCD0908} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001UA => C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: {C709C730-83CF-4CA0-AB84-258D9F2E463F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-02] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D1FF22D4-C8E4-4999-B39A-6CF14F1DE697} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6798AB8-0A95-4167-9734-D7DEBC9132D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EB3B1404-8AFB-4CCB-99D0-C2E3C677E351} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001Core => C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: {EE0AA58F-CDE0-4806-A139-9C2D42A4B643} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-19] (Intel)
Task: {EF6B5372-BA76-43E1-AA93-6C1988841049} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {F5601D01-C736-483F-B83D-2C358514D811} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HARRIE-Harrie_Terhorst Harrie => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-19] (Microsoft Corporation)
Task: {F8C41E4B-B129-4733-B486-44916B2C34CC} - System32\Tasks\Google Updater and Installer => C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001Core.job => C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001UA.job => C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-05 10:04 - 2012-09-01 01:26 - 00051200 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2012-08-17 07:13 - 2012-07-30 12:26 - 00029056 _____ () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-08-17 07:13 - 2012-07-30 12:27 - 00030592 _____ () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2013-11-19 16:45 - 2013-08-23 14:44 - 00380072 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-11-19 16:45 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-11-19 16:45 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-01-05 10:10 - 2013-01-05 10:10 - 00060760 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll
2012-08-17 07:13 - 2012-07-13 09:52 - 00021312 _____ () C:\WINDOWS\SYSTEM32\DptfPolicyConfigTDPDll.dll
2012-08-17 07:13 - 2012-07-13 09:52 - 00021312 _____ () C:\WINDOWS\SYSTEM32\DptfPolicyLpmDll.dll
2013-01-05 10:02 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-01-05 10:10 - 2013-01-05 10:10 - 00208464 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2013-01-05 10:09 - 2013-01-05 10:09 - 00172624 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2014-03-05 20:30 - 2014-03-02 03:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-05 20:30 - 2014-03-02 03:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-05 20:30 - 2014-03-02 03:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-05 20:30 - 2014-03-02 03:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-05 20:30 - 2014-03-02 03:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-05 20:30 - 2014-03-02 03:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2013-01-05 10:10 - 2013-01-05 10:10 - 00269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll
2013-01-05 10:10 - 2013-01-05 10:10 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll
2013-01-05 10:10 - 2013-01-05 10:10 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll
2013-01-05 10:09 - 2013-01-05 10:09 - 01620560 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2013-01-05 10:09 - 2013-01-05 10:09 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-19 16:45 - 2013-11-19 16:50 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-01-19 13:34 - 2014-01-19 13:34 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2013-11-19 16:45 - 2013-11-19 16:45 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-01-15 19:45 - 2014-01-19 13:32 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
2013-01-05 10:01 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-03-08 17:37 - 2014-03-08 17:37 - 03536384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\4946d643ed8c96ecda72bacf7b61430f\Windows.UI.Xaml.ni.dll
2014-03-08 17:37 - 2014-03-08 17:37 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\19a8d1fd6ba18245c4dde13875b6e1d3\Windows.Networking.ni.dll
2014-03-08 17:37 - 2014-03-08 17:37 - 01131008 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\7afc662c6dd9522510958dd7b23baad7\Windows.ApplicationModel.ni.dll
2014-03-08 17:38 - 2014-03-08 17:38 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\ae4e23764df4e166aae70ec4bfa75616\Windows.Storage.ni.dll
2014-02-16 16:07 - 2014-02-16 16:07 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\944bf33aded9f0e78c282767583019d9\Windows.Foundation.ni.dll
2014-03-08 17:38 - 2014-03-08 17:38 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\a89efd02ed532244af2618bd2258658d\Windows.System.ni.dll
2014-03-08 17:38 - 2014-03-08 17:38 - 00513024 _____ () C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud\9b380dfa65f768d2d2a662b0348ddd89\Nook.Cloud.ni.dll
2014-03-08 17:38 - 2014-03-08 17:38 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c9f5748b453ed1334d500ba0f8cd893b\Windows.UI.ni.dll
2014-03-08 17:38 - 2014-03-08 17:38 - 00241152 _____ () C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Notificatioc5a47191#\1186610703e36f98640197deefaf312a\NotificationsExtensions.ni.dll
2014-03-08 17:38 - 2014-03-08 17:38 - 00482304 _____ () C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud.1553bc1e#\8f840a59c1f25dd08984252630915c00\Nook.Cloud.NativeServices.ni.dll
2014-03-08 17:38 - 2014-03-08 17:38 - 00238080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\d5b9aa521932d0e448fcec4c8a7668ee\Windows.Globalization.ni.dll
2014-03-07 13:49 - 2014-03-07 13:49 - 12953600 _____ () C:\Program Files\WindowsApps\BarnesNoble.Nook_1.8.0.6307_x86__ahnzqzva31enc\Nook.Cloud.NativeServices.dll
2014-03-08 17:38 - 2014-03-08 17:38 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\f867cb52dc4fcc5ebaa80ffbd2976b3e\Windows.Data.ni.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Harrie_Terhorst\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet Pro L7600
Description: Officejet Pro L7600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet Pro L7600
Description: Officejet Pro L7600
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/19/2014 06:45:30 PM) (Source: DptfPolicyLpmServiceHelper) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.
 
Error: (03/19/2014 06:45:30 PM) (Source: DptfPolicyLpmServiceHelper) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]
 
Error: (03/19/2014 06:45:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HARRIE)
Description: Het activeren van de app DefaultBrowser_NOPUBLISHERID!Chrome is mislukt door de fout -2144927148. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie.
 
Error: (03/19/2014 06:45:09 PM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: CxAudMsg64.exe, versie: 1.6.0.0, tijdstempel: 0x4fd1c0c1
Naam van module met fout: ntdll.dll, versie: 6.3.9600.16502, tijdstempel: 0x52c359e8
Uitzonderingscode: 0xc0000374
Foutmarge: 0x00000000000f387c
Id van proces met fout: 0x798
Starttijd van toepassing met fout: 0xCxAudMsg64.exe0
Pad naar toepassing met fout: CxAudMsg64.exe1
Pad naar module met fout: CxAudMsg64.exe2
Rapport-id: CxAudMsg64.exe3
Volledige pakketnaam met fout: CxAudMsg64.exe4
Relatieve toepassings-id van pakket met fout: CxAudMsg64.exe5
 
Error: (03/18/2014 09:44:40 PM) (Source: DptfPolicyLpmServiceHelper) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.
 
Error: (03/18/2014 09:44:40 PM) (Source: DptfPolicyLpmServiceHelper) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]
 
Error: (03/18/2014 09:44:17 PM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: CxAudMsg64.exe, versie: 1.6.0.0, tijdstempel: 0x4fd1c0c1
Naam van module met fout: ntdll.dll, versie: 6.3.9600.16502, tijdstempel: 0x52c359e8
Uitzonderingscode: 0xc0000374
Foutmarge: 0x00000000000f387c
Id van proces met fout: 0x794
Starttijd van toepassing met fout: 0xCxAudMsg64.exe0
Pad naar toepassing met fout: CxAudMsg64.exe1
Pad naar module met fout: CxAudMsg64.exe2
Rapport-id: CxAudMsg64.exe3
Volledige pakketnaam met fout: CxAudMsg64.exe4
Relatieve toepassings-id van pakket met fout: CxAudMsg64.exe5
 
Error: (03/18/2014 08:33:06 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume \\?\Volume{d28ea912-ebab-4a21-a4d2-bfcdc5a83b17}\ is niet geoptimaliseerd, omdat er een fout is opgetreden: The parameter is incorrect. (0x80070057)
 
Error: (03/18/2014 08:33:05 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Het volume WINRE_DRV is niet geoptimaliseerd, omdat er een fout is opgetreden: The parameter is incorrect. (0x80070057)
 
Error: (03/18/2014 08:03:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HARRIE)
Description: Het activeren van de app DefaultBrowser_NOPUBLISHERID!Chrome is mislukt door de fout -2144927148. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie.
 
 
System errors:
=============
Error: (03/19/2014 06:45:10 PM) (Source: Service Control Manager) (User: )
Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (03/18/2014 09:44:24 PM) (Source: Service Control Manager) (User: )
Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (03/18/2014 07:34:02 PM) (Source: Service Control Manager) (User: )
Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (03/18/2014 07:15:03 PM) (Source: Service Control Manager) (User: )
Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (03/18/2014 06:29:38 PM) (Source: Service Control Manager) (User: )
Description: De Google Update-service (gupdate)-service is bij het starten vastgelopen.
 
Error: (03/18/2014 06:28:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/18/2014 06:25:35 PM) (Source: Service Control Manager) (User: )
Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (03/17/2014 08:33:36 PM) (Source: Service Control Manager) (User: )
Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (03/17/2014 04:25:59 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/16/2014 08:54:51 PM) (Source: Service Control Manager) (User: )
Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
 
Microsoft Office Sessions:
=========================
Error: (03/19/2014 06:45:30 PM) (Source: DptfPolicyLpmServiceHelper)(User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.
 
Error: (03/19/2014 06:45:30 PM) (Source: DptfPolicyLpmServiceHelper)(User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]
 
Error: (03/19/2014 06:45:19 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HARRIE)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2144927148
 
Error: (03/19/2014 06:45:09 PM) (Source: Application Error)(User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.3.9600.1650252c359e8c000037400000000000f387c79801cf439af62dcb37C:\windows\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dll36785492-af8e-11e3-bf90-2016d8b06cee
 
Error: (03/18/2014 09:44:40 PM) (Source: DptfPolicyLpmServiceHelper)(User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.
 
Error: (03/18/2014 09:44:40 PM) (Source: DptfPolicyLpmServiceHelper)(User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]
 
Error: (03/18/2014 09:44:17 PM) (Source: Application Error)(User: )
Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.3.9600.1650252c359e8c000037400000000000f387c79401cf42ead24e7958C:\windows\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dll12432cdf-aede-11e3-bf8f-2016d8b06cee
 
Error: (03/18/2014 08:33:06 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: \\?\Volume{d28ea912-ebab-4a21-a4d2-bfcdc5a83b17}\The parameter is incorrect. (0x80070057)
 
Error: (03/18/2014 08:33:05 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: WINRE_DRVThe parameter is incorrect. (0x80070057)
 
Error: (03/18/2014 08:03:55 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HARRIE)
Description: DefaultBrowser_NOPUBLISHERID!Chrome-2144927148
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-03 16:12:23.002
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-02-03 16:10:52.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-01-14 21:58:25.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-12-16 22:53:09.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-12-16 22:53:09.860
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-12-16 22:53:09.673
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-12-16 22:53:09.517
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-12-16 22:53:09.282
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-12-16 22:53:09.032
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-12-16 22:53:08.782
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 47%
Total physical RAM: 3975.27 MB
Available physical RAM: 2098.64 MB
Total Pagefile: 4679.27 MB
Available Pagefile: 2293.39 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:92.57 GB) (Free:48.23 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.29 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119 GB) (Disk ID: CEDC17DD)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.