Harrie1

Honorary Members

View Profile See their activity

Posts
27
Joined
March 8, 2014
Last visited
April 20, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Harrie1

Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

I think I will try to clean up my register by hand. I just want to delete the lines/rules with the spyhunter name in it Will this be useful?
- April 19, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

I runned the fix with the new fix.reg file Then I rebooted the PC but I still see the messages. I checked with SystemLook_64.exe the sytem with checking again on the names spyhunter and enigma Here is the output from SystemLook.txt: SystemLook 30.07.11 by jpshortstuff Log created at 14:36 on 05/04/2014 by Harrie_Terhorst Administrator - Elevation successful ========== filefind ========== Searching for "spyhunter" No files found. Searching for "enigma" No files found. ========== folderfind ========== Searching for "spyhunter" No folders found. Searching for "enigma" No folders found. ========== regfind ========== Searching for "spyhunter" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs] "url16"="http://www.spyhunter.com/" [HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdcd-6dc0-11e2-be6f-cc4b7ed85f80}\Elements\12000004] "Element"="SpyHunter Rescue" [HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdce-6dc0-11e2-be6f-cc4b7ed85f80}\Elements\12000004] "Element"="SpyHunter Rescue" [HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdcf-6dc0-11e2-be6f-cc4b7ed85f80}\Elements\12000004] "Element"="SpyHunter Rescue" [HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdd0-6dc0-11e2-be6f-cc4b7ed85f80}\Elements\12000004] "Element"="SpyHunter Rescue" [HKEY_USERS\S-1-5-21-231642352-623416637-1905510808-1001\Software\Microsoft\Internet Explorer\TypedURLs] "url16"="http://www.spyhunter.com/" Searching for "enigma" No data found. -= EOF =-
- April 5, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

I runned the fix with the fix.reg file Then I rebooted the PC but I still see the messages. I checked with SystemLook_64.exe the sytem with checking again on the names spyhunter and enigma Here is the output from SystemLook.txt: SystemLook 30.07.11 by jpshortstuffLog created at 20:02 on 02/04/2014 by Harrie_TerhorstAdministrator - Elevation successful ========== filefind ========== Searching for "spyhunter"No files found. Searching for "enigma"No files found. ========== folderfind ========== Searching for "spyhunter"No folders found. Searching for "enigma"No folders found. ========== regfind ========== Searching for "spyhunter"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]"url12"="http://www.spyhunter.com/"[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdcd-6dc0-11e2-be6f-cc4b7ed85f80}\Elements\12000004]"Element"="SpyHunter Rescue"[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdce-6dc0-11e2-be6f-cc4b7ed85f80}\Elements\12000004]"Element"="SpyHunter Rescue"[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdcf-6dc0-11e2-be6f-cc4b7ed85f80}\Elements\12000004]"Element"="SpyHunter Rescue"[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdd0-6dc0-11e2-be6f-cc4b7ed85f80}\Elements\12000004]"Element"="SpyHunter Rescue"[HKEY_USERS\S-1-5-21-231642352-623416637-1905510808-1001\Software\Microsoft\Internet Explorer\TypedURLs]"url12"="http://www.spyhunter.com/" Searching for "enigma"No data found. -= EOF =-
- April 2, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

I tried to start the Combofix but I had an error: I found the following message in the ComboFix User's Guide ComboFix is not compatible with Windows 8.1 yet so you cannot get it to run. I do have windows 8.1 on my computer
- April 1, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

The system has not rebooted automatically after running the FRST64 with the fix After it was finished I rebooted the system myself. The same messages are there so they are not removed yet
- March 30, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

I run FRST64 and pushed the Fix button. Here is the log: fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014Ran by Harrie_Terhorst at 2014-03-30 21:21:13 Run:1Running from C:\Users\Harrie_Terhorst\DownloadsBoot Mode: Normal============================================== Content of fixlist:*****************Start[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]"url11"=-[HKEY_USERS\S-1-5-21-231642352-623416637-1905510808-1001\Software\Microsoft\Internet Explorer\TypedURLs]"url11"=-[-HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdcd-6dc0-11e2-be6f-cc4b7ed85f80}][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe]End ***************** ==== End of Fixlog ====
- March 30, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

I started the look_x64 again without the ** in the name and then I see the following info: SystemLook 30.07.11 by jpshortstuffLog created at 21:49 on 29/03/2014 by Harrie_TerhorstAdministrator - Elevation successful ========== filefind ========== Searching for "Spyhunter"No files found. Searching for "Enigma"No files found. ========== folderfind ========== Searching for "Spyhunter"No folders found. Searching for "Enigma"No folders found. ========== regfind ========== Searching for "Spyhunter"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]"url11"="http://www.spyhunter.com/"[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdcd-6dc0-11e2-be6f-cc4b7ed85f80}\Elements\12000004]"Element"="SpyHunter Rescue"[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdce-6dc0-11e2-be6f-cc4b7ed85f80}\Elements\12000004]"Element"="SpyHunter Rescue"[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdcf-6dc0-11e2-be6f-cc4b7ed85f80}\Elements\12000004]"Element"="SpyHunter Rescue"[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{edd9bdd0-6dc0-11e2-be6f-cc4b7ed85f80}\Elements\12000004]"Element"="SpyHunter Rescue"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe][HKEY_USERS\S-1-5-21-231642352-623416637-1905510808-1001\Software\Microsoft\Internet Explorer\TypedURLs]"url11"="http://www.spyhunter.com/" Searching for "Enigma"No data found. -= EOF =-
- March 29, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

Here is the output from the look_x64.exe: SystemLook 30.07.11 by jpshortstuffLog created at 21:29 on 29/03/2014 by Harrie_TerhorstAdministrator - Elevation successful ========== filefind ========== Searching for "*spyhunter*"No files found. Searching for "*enigma*"No files found. ========== folderfind ========== Searching for "*spyhunter*"No folders found. Searching for "*enigma*"No folders found. ========== regfind ========== Searching for "*spyhunter*"No data found. Searching for "*enigma*"No data found. -= EOF =-
- March 29, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

No the messages are still coming each time the PC is started.
- March 29, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

I see the following text after starting up the pc: Enigma Software Group, LLC Custom removal in action... Process finished...
- March 25, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

I downloaded the file and runned it Here is the info: SystemLook 30.07.11 by jpshortstuff Log created at 19:49 on 25/03/2014 by Harrie_Terhorst Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== filefind ========== Searching for "*spyhunter*" No files found. Searching for "*enigma*" No files found. ========== folderfind ========== Searching for "*spyhunter*" No folders found. Searching for "*enigma*" No folders found. ========== regfind ========== Searching for "*spyhunter*" No data found. Searching for "*enigma*" No data found. -= EOF =-
- March 25, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

Here is the result from the scan from virustotal.com: https://www.virustotal.com/nl/file/8bb01da3d63562f51bccb5cc996f99a5cb0a8f89900045bbcf4115fd521a9706/analysis/
- March 21, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

With the windows explorer I see the file C:\Windows\System32\Drivers\volsnap.sys is available It is not possible to open this file in www.virustotal.com How can I scan this file?
- March 21, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

Here is the output from the file addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014Ran by Harrie_Terhorst at 2014-03-19 18:49:14Running from C:\Users\Harrie_Terhorst\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden7500_7600_7700_Help1 (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenAangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version: - Belastingdienst)Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version: - Belastingdienst)Actual Multiple Monitors 8.0.1 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 8.0.1 - Actual Tools)Adobe Reader XI (11.0.06) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4336 - AVG Technologies)AVG 2014 (Version: 14.0.3722 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4336 - AVG Technologies) Hiddenbpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) HiddenBPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenBufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenCanon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenDisplayLink Core Software (HKLM\...\{57EA1945-DF48-4F44-8599-C273C5E23F35}) (Version: 7.4.51572.0 - DisplayLink Corp.)DisplayLink Graphics (HKLM\...\{A5C6F9B8-8277-4C1A-8E83-EFADA80A79CF}) (Version: 7.4.51587.0 - DisplayLink Corp.)DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) HiddenDolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)Energy Management (x32 Version: 8.0.2.4 - Lenovo) HiddenFax (x32 Version: 140.0.307.000 - Hewlett-Packard) HiddenFirebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) HiddenGPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) HiddenHP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{E6A512D4-E5FB-4D42-8E83-D87F3A760802}) (Version: 14.0 - HP)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) HiddenHPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) HiddenIntel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddenJava 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)Knoll Light Factory EZ Studio (HKLM-x32\...\Knoll Light Factory EZ Studio) (Version: - )L7600 (x32 Version: 140.0.001.000 - Hewlett-Packard) HiddenLenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.6.11.0 - Lenovo Group Limited)Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.907.1 - Vimicro)Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) HiddenLenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.20 - Lenovo)Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) HiddenLightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)Logitech Harmony Remote Software (x86) (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)Magic Bullet Looks Studio (HKLM-x32\...\Magic Bullet Looks Studio) (Version: - )MAGIX Movie Edit Pro 2013 Premium (HKLM-x32\...\MAGIX_{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}) (Version: 12.0.0.32 - MAGIX AG)MAGIX Movie Edit Pro 2013 Premium (Version: 12.0.0.32 - MAGIX AG) HiddenMAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{2F74F544-9A53-4787-A6B1-0844359040D7}) (Version: 7.0.1.27 - MAGIX AG)MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) HiddenMAGIX Video deluxe Premium 2013 Update (Version: 12.0.2.2 - MAGIX AG) HiddenMalwarebytes Anti-Malware versie 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Max Local Application (x32 Version: 1.4.0 - eQ-3 Entwicklung GmbH) HiddenMediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)MergeModule_x64 (Version: 8.0.00 - Sony Corporation) HiddenMicrosoft Office 365 voor Thuisgebruik Premium - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 15.0.4551.1512 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.41 - Lenovo)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Network64 (Version: 140.0.306.000 - Hewlett-Packard) HiddenOCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) HiddenPinnacle Studio 14 (HKLM-x32\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)Pinnacle Studio Ultimate Collection Plugins (HKLM-x32\...\{F5C372A1-40F3-49DA-A049-F75CDE9177DC}) (Version: 14.0.0.7255 - Pinnacle Systems)Pinnacle videodriver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)PlayMemories Home (HKLM-x32\...\{3DAFB9F2-B1BF-4163-BE86-1C97F309A2F4}) (Version: 3.1.00.14240 - Sony Corporation)ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) HiddenQuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{B6322D12-A133-4128-8306-DAFFF7231152}) (Version: 1.00.0196 - REALTEK Semiconductor Corp.)Red Giant ToonIt Studio (HKLM-x32\...\Red Giant ToonIt Studio) (Version: - )SABnzbd 0.7.11 (HKLM-x32\...\SABnzbd) (Version: 0.7.11 - The SABnzbd Team)Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) HiddenShared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) HiddenSolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) HiddenSonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 24.0.69180 - Sonos, Inc.)SopCast 3.8.2 (HKLM-x32\...\SopCast) (Version: 3.8.2 - www.sopcast.com)Spotnet (HKLM-x32\...\Spotnet 1.8.1.1) (Version: 1.8.1.1 - Spotnet)Spotnet (x32 Version: 1.8.1.1 - Spotnet) HiddenStatus (x32 Version: 140.0.342.000 - Hewlett-Packard) HiddenswMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.21.4 - Synaptics Incorporated)Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) HiddenTrapcode 3DStroke Studio (HKLM-x32\...\Trapcode 3DStroke Studio) (Version: - )Trapcode Particular Studio (HKLM-x32\...\Trapcode Particular Studio) (Version: - )Trapcode Shine Studio (HKLM-x32\...\Trapcode Shine Studio) (Version: - )TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) HiddenUnity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Update for Microsoft en-us Dictionary (Version: 16.1.723.1 - Microsoft Corporation) HiddenUserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)UserGuide (x32 Version: 1.0.0.9 - Lenovo) HiddenVisual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) HiddenWidevine Media Optimizer Chrome 6.0.0 (HKCU\...\optimizer_chrome) (Version: 6.0.0.12442 - Widevine Technologies)Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12442 - Widevine Technologies)Widevine Media Optimizer IE 6.0.0 (HKCU\...\optimizer_ie) (Version: 6.0.0.12442 - Widevine Technologies)Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Restore Points ========================= 09-03-2014 17:29:45 DirectX is geïnstalleerd.13-03-2014 17:52:02 Windows Update18-03-2014 17:30:41 AVG PC TuneUp 2014 is verwijderd ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTaskTask: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {0FE768B2-7835-48B3-BF48-C912193D770A} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)Task: {11236F62-981B-4389-820F-8D8F4C6286CA} - \DealPlyUpdate No Task FileTask: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {25DB74C9-4F3C-416E-8265-E54C793A9BF5} - System32\Tasks\Lenovo\LenovoDependencyVersionTask => C:\Program Files\lenovo\SystemAgent\DependencyVersion.exe [2013-07-16] ()Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {3817B583-A1F7-4ECA-B267-514DD730FC16} - \FreeHDSport TV-updater No Task FileTask: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {4352C240-1EEA-4E3F-97D5-6E4BD0BB61B7} - System32\Tasks\Adobe-online actualiseringsprogramma => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {66A31874-79BC-417B-B521-6355AF63FAE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-04] (Google Inc.)Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {6E904C1B-EBF2-479A-A63C-D3AFC7D52A41} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\SystemAgent\AutoUpdate.exe [2013-07-16] ()Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {7C611D3A-707C-4B46-A312-D048A314F99B} - \FreeHDSport TV-codedownloader No Task FileTask: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8BC462D3-3697-471E-B304-6CEE6CC4AF72} - \Dealply No Task FileTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {90FE7135-92FE-4064-A4AD-8C2CDB89F44F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-19] (Microsoft Corporation)Task: {94FB41B9-1AE9-4C12-8F4D-2A2A71606F0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-04] (Google Inc.)Task: {99A11283-0A0C-448A-ABAD-0B6FBDAA2850} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-24] (Synaptics Incorporated)Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {B1F76F1B-9233-46BB-AA60-7FBB8CFBC435} - \FreeHDSport TV-enabler No Task FileTask: {B36309FA-D3A3-4EDF-A2E8-899E81023CC9} - System32\Tasks\HP-Online updateprogramma => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)Task: {B48CC5DC-3FBD-4A2A-9115-85DC7B333AC0} - \Desk 365 RunAsStdUser No Task FileTask: {C28C279C-2ED3-4010-A837-9E2EFFE8C8D3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)Task: {C2AE2A15-CED3-4550-98F2-505E3DCD0908} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001UA => C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)Task: {C709C730-83CF-4CA0-AB84-258D9F2E463F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-02] (Microsoft Corporation)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D1FF22D4-C8E4-4999-B39A-6CF14F1DE697} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbsTask: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {E6798AB8-0A95-4167-9734-D7DEBC9132D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {EB3B1404-8AFB-4CCB-99D0-C2E3C677E351} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001Core => C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)Task: {EE0AA58F-CDE0-4806-A139-9C2D42A4B643} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-19] (Intel)Task: {EF6B5372-BA76-43E1-AA93-6C1988841049} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)Task: {F5601D01-C736-483F-B83D-2C358514D811} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HARRIE-Harrie_Terhorst Harrie => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-19] (Microsoft Corporation)Task: {F8C41E4B-B129-4733-B486-44916B2C34CC} - System32\Tasks\Google Updater and Installer => C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001Core.job => C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001UA.job => C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2013-01-05 10:04 - 2012-09-01 01:26 - 00051200 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe2012-08-17 07:13 - 2012-07-30 12:26 - 00029056 _____ () C:\WINDOWS\system32\DptfParticipantProcessorService.exe2012-08-17 07:13 - 2012-07-30 12:27 - 00030592 _____ () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe2013-11-19 16:45 - 2013-08-23 14:44 - 00380072 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll2013-11-19 16:45 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll2013-11-19 16:45 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll2013-01-05 10:10 - 2013-01-05 10:10 - 00060760 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll2012-08-17 07:13 - 2012-07-13 09:52 - 00021312 _____ () C:\WINDOWS\SYSTEM32\DptfPolicyConfigTDPDll.dll2012-08-17 07:13 - 2012-07-13 09:52 - 00021312 _____ () C:\WINDOWS\SYSTEM32\DptfPolicyLpmDll.dll2013-01-05 10:02 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe2013-01-05 10:10 - 2013-01-05 10:10 - 00208464 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe2013-01-05 10:09 - 2013-01-05 10:09 - 00172624 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe2014-03-05 20:30 - 2014-03-02 03:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll2014-03-05 20:30 - 2014-03-02 03:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll2014-03-05 20:30 - 2014-03-02 03:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll2014-03-05 20:30 - 2014-03-02 03:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll2014-03-05 20:30 - 2014-03-02 03:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll2014-03-05 20:30 - 2014-03-02 03:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll2013-01-05 10:10 - 2013-01-05 10:10 - 00269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll2013-01-05 10:10 - 2013-01-05 10:10 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll2013-01-05 10:10 - 2013-01-05 10:10 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll2013-01-05 10:09 - 2013-01-05 10:09 - 01620560 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll2013-01-05 10:09 - 2013-01-05 10:09 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\libcef.dll2013-11-19 16:45 - 2013-11-19 16:50 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll2014-01-19 13:34 - 2014-01-19 13:34 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll2013-11-19 16:45 - 2013-11-19 16:45 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll2014-01-15 19:45 - 2014-01-19 13:32 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll2013-01-05 10:01 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-03-08 17:37 - 2014-03-08 17:37 - 03536384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\4946d643ed8c96ecda72bacf7b61430f\Windows.UI.Xaml.ni.dll2014-03-08 17:37 - 2014-03-08 17:37 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\19a8d1fd6ba18245c4dde13875b6e1d3\Windows.Networking.ni.dll2014-03-08 17:37 - 2014-03-08 17:37 - 01131008 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\7afc662c6dd9522510958dd7b23baad7\Windows.ApplicationModel.ni.dll2014-03-08 17:38 - 2014-03-08 17:38 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\ae4e23764df4e166aae70ec4bfa75616\Windows.Storage.ni.dll2014-02-16 16:07 - 2014-02-16 16:07 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\944bf33aded9f0e78c282767583019d9\Windows.Foundation.ni.dll2014-03-08 17:38 - 2014-03-08 17:38 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\a89efd02ed532244af2618bd2258658d\Windows.System.ni.dll2014-03-08 17:38 - 2014-03-08 17:38 - 00513024 _____ () C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud\9b380dfa65f768d2d2a662b0348ddd89\Nook.Cloud.ni.dll2014-03-08 17:38 - 2014-03-08 17:38 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c9f5748b453ed1334d500ba0f8cd893b\Windows.UI.ni.dll2014-03-08 17:38 - 2014-03-08 17:38 - 00241152 _____ () C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Notificatioc5a47191#\1186610703e36f98640197deefaf312a\NotificationsExtensions.ni.dll2014-03-08 17:38 - 2014-03-08 17:38 - 00482304 _____ () C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud.1553bc1e#\8f840a59c1f25dd08984252630915c00\Nook.Cloud.NativeServices.ni.dll2014-03-08 17:38 - 2014-03-08 17:38 - 00238080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\d5b9aa521932d0e448fcec4c8a7668ee\Windows.Globalization.ni.dll2014-03-07 13:49 - 2014-03-07 13:49 - 12953600 _____ () C:\Program Files\WindowsApps\BarnesNoble.Nook_1.8.0.6307_x86__ahnzqzva31enc\Nook.Cloud.NativeServices.dll2014-03-08 17:38 - 2014-03-08 17:38 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\f867cb52dc4fcc5ebaa80ffbd2976b3e\Windows.Data.ni.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows:nlsPreferencesAlternateDataStreams: C:\Users\Harrie_Terhorst\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Officejet Pro L7600Description: Officejet Pro L7600Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet Pro L7600Description: Officejet Pro L7600Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Manufacturer: HPService: StillCamProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (03/19/2014 06:45:30 PM) (Source: DptfPolicyLpmServiceHelper) (User: )Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (03/19/2014 06:45:30 PM) (Source: DptfPolicyLpmServiceHelper) (User: )Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (03/19/2014 06:45:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HARRIE)Description: Het activeren van de app DefaultBrowser_NOPUBLISHERID!Chrome is mislukt door de fout -2144927148. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (03/19/2014 06:45:09 PM) (Source: Application Error) (User: )Description: Naam van toepassing met fout: CxAudMsg64.exe, versie: 1.6.0.0, tijdstempel: 0x4fd1c0c1Naam van module met fout: ntdll.dll, versie: 6.3.9600.16502, tijdstempel: 0x52c359e8Uitzonderingscode: 0xc0000374Foutmarge: 0x00000000000f387cId van proces met fout: 0x798Starttijd van toepassing met fout: 0xCxAudMsg64.exe0Pad naar toepassing met fout: CxAudMsg64.exe1Pad naar module met fout: CxAudMsg64.exe2Rapport-id: CxAudMsg64.exe3Volledige pakketnaam met fout: CxAudMsg64.exe4Relatieve toepassings-id van pakket met fout: CxAudMsg64.exe5 Error: (03/18/2014 09:44:40 PM) (Source: DptfPolicyLpmServiceHelper) (User: )Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (03/18/2014 09:44:40 PM) (Source: DptfPolicyLpmServiceHelper) (User: )Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (03/18/2014 09:44:17 PM) (Source: Application Error) (User: )Description: Naam van toepassing met fout: CxAudMsg64.exe, versie: 1.6.0.0, tijdstempel: 0x4fd1c0c1Naam van module met fout: ntdll.dll, versie: 6.3.9600.16502, tijdstempel: 0x52c359e8Uitzonderingscode: 0xc0000374Foutmarge: 0x00000000000f387cId van proces met fout: 0x794Starttijd van toepassing met fout: 0xCxAudMsg64.exe0Pad naar toepassing met fout: CxAudMsg64.exe1Pad naar module met fout: CxAudMsg64.exe2Rapport-id: CxAudMsg64.exe3Volledige pakketnaam met fout: CxAudMsg64.exe4Relatieve toepassings-id van pakket met fout: CxAudMsg64.exe5 Error: (03/18/2014 08:33:06 PM) (Source: Microsoft-Windows-Defrag) (User: )Description: Het volume \\?\Volume{d28ea912-ebab-4a21-a4d2-bfcdc5a83b17}\ is niet geoptimaliseerd, omdat er een fout is opgetreden: The parameter is incorrect. (0x80070057) Error: (03/18/2014 08:33:05 PM) (Source: Microsoft-Windows-Defrag) (User: )Description: Het volume WINRE_DRV is niet geoptimaliseerd, omdat er een fout is opgetreden: The parameter is incorrect. (0x80070057) Error: (03/18/2014 08:03:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: HARRIE)Description: Het activeren van de app DefaultBrowser_NOPUBLISHERID!Chrome is mislukt door de fout -2144927148. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. System errors:=============Error: (03/19/2014 06:45:10 PM) (Source: Service Control Manager) (User: )Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (03/18/2014 09:44:24 PM) (Source: Service Control Manager) (User: )Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (03/18/2014 07:34:02 PM) (Source: Service Control Manager) (User: )Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (03/18/2014 07:15:03 PM) (Source: Service Control Manager) (User: )Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (03/18/2014 06:29:38 PM) (Source: Service Control Manager) (User: )Description: De Google Update-service (gupdate)-service is bij het starten vastgelopen. Error: (03/18/2014 06:28:30 PM) (Source: DCOM) (User: NT AUTHORITY)Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (03/18/2014 06:25:35 PM) (Source: Service Control Manager) (User: )Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (03/17/2014 08:33:36 PM) (Source: Service Control Manager) (User: )Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error: (03/17/2014 04:25:59 PM) (Source: DCOM) (User: NT AUTHORITY)Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (03/16/2014 08:54:51 PM) (Source: Service Control Manager) (User: )Description: De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Microsoft Office Sessions:=========================Error: (03/19/2014 06:45:30 PM) (Source: DptfPolicyLpmServiceHelper)(User: )Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (03/19/2014 06:45:30 PM) (Source: DptfPolicyLpmServiceHelper)(User: )Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (03/19/2014 06:45:19 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HARRIE)Description: DefaultBrowser_NOPUBLISHERID!Chrome-2144927148 Error: (03/19/2014 06:45:09 PM) (Source: Application Error)(User: )Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.3.9600.1650252c359e8c000037400000000000f387c79801cf439af62dcb37C:\windows\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dll36785492-af8e-11e3-bf90-2016d8b06cee Error: (03/18/2014 09:44:40 PM) (Source: DptfPolicyLpmServiceHelper)(User: )Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed. Error: (03/18/2014 09:44:40 PM) (Source: DptfPolicyLpmServiceHelper)(User: )Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005] Error: (03/18/2014 09:44:17 PM) (Source: Application Error)(User: )Description: CxAudMsg64.exe1.6.0.04fd1c0c1ntdll.dll6.3.9600.1650252c359e8c000037400000000000f387c79401cf42ead24e7958C:\windows\system32\CxAudMsg64.exeC:\WINDOWS\SYSTEM32\ntdll.dll12432cdf-aede-11e3-bf8f-2016d8b06cee Error: (03/18/2014 08:33:06 PM) (Source: Microsoft-Windows-Defrag)(User: )Description: \\?\Volume{d28ea912-ebab-4a21-a4d2-bfcdc5a83b17}\The parameter is incorrect. (0x80070057) Error: (03/18/2014 08:33:05 PM) (Source: Microsoft-Windows-Defrag)(User: )Description: WINRE_DRVThe parameter is incorrect. (0x80070057) Error: (03/18/2014 08:03:55 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: HARRIE)Description: DefaultBrowser_NOPUBLISHERID!Chrome-2144927148 CodeIntegrity Errors:=================================== Date: 2014-02-03 16:12:23.002 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-02-03 16:10:52.895 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-01-14 21:58:25.025 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-16 22:53:09.985 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-16 22:53:09.860 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-16 22:53:09.673 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-16 22:53:09.517 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-16 22:53:09.282 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-16 22:53:09.032 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2013-12-16 22:53:08.782 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 47%Total physical RAM: 3975.27 MBAvailable physical RAM: 2098.64 MBTotal Pagefile: 4679.27 MBAvailable Pagefile: 2293.39 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:92.57 GB) (Free:48.23 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.29 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 119 GB) (Disk ID: CEDC17DD) Partition: GPT Partition Type. ==================== End Of Log ============================
- March 19, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

I downloaded the Farbar Recovery Scan tool and scanned my pc Here is the content of the file FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Harrie_Terhorst (administrator) on HARRIE on 19-03-2014 18:48:10Running from C:\Users\Harrie_Terhorst\DownloadsWindows 8.1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe() C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe() C:\WINDOWS\system32\DptfParticipantProcessorService.exe(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe() C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\windows\SysWOW64\irstrtsv.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(LENOVO INCORPORATED.) C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe(Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Microsoft Corporation) C:\Windows\System32\skydrive.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\ProgramData\YogaSmartSwicth\yogaserver.exe() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe(Dropbox, Inc.) C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\Dropbox.exe(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Barnesandnoble.com llc) C:\Program Files\WindowsApps\BarnesNoble.Nook_1.8.0.6307_x86__ahnzqzva31enc\NookClient.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [DptfPolicyLpmServiceHelper] - C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-15] (Conexant Systems, Inc.)HKLM\...\Run: [ForteConfig] - C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)HKLM\...\Run: [btServer] - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [449024 2012-08-29] (Realtek Semiconductor Corporation)HKLM\...\Run: [synLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-24] (Synaptics)HKLM\...\Run: [Lenovo Transition] - C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2013-01-05] (Lenovo)HKLM\...\Run: [yogaserver] - C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2013-01-05] ()HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-01-05] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-01-05] (Lenovo(beijing) Limited)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2968376 2012-11-24] (Synaptics Incorporated)HKLM-x32\...\Run: [332BigDog] - C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-09-06] (Vimicro)HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2534936 2014-02-24] (Sony Corporation)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-231642352-623416637-1905510808-1001\...\Run: [Google Update] - C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-19] (Google Inc.)HKU\S-1-5-21-231642352-623416637-1905510808-1001\...\MountPoints2: {8711b680-31db-11e3-bead-80f9d4e77867} - "E:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-231642352-623416637-1905510808-1001\...\MountPoints2: {b3e6f6bd-4405-11e3-beb4-000ec6817901} - "E:\HTC_Sync_Manager_PC.exe" Startup: C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnkShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.comSearchScopes: HKLM - {721DC94E-F4CD-42AB-BA0D-466FF61E92A1} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKLM-x32 - {721DC94E-F4CD-42AB-BA0D-466FF61E92A1} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKCU - DefaultScope {564FF2E6-9F50-40FC-8C03-7E2902043B50} URL = http://www.google.nl/search?hl=nl&q={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {564FF2E6-9F50-40FC-8C03-7E2902043B50} URL = http://www.google.nl/search?hl=nl&q={searchTerms}SearchScopes: HKCU - {721DC94E-F4CD-42AB-BA0D-466FF61E92A1} URL = BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cabDPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 62.179.104.196 213.46.228.196 FireFox:========FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Harrie_Terhorst\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: =======CHR RestoreOnStartup: "spellcheck": { "dictionary": "en-US"CHR Plugin: (Shockwave Flash) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No FileCHR Extension: (Google Documenten) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-04]CHR Extension: (Google Drive) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-04]CHR Extension: (YouTube) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-04]CHR Extension: (Adblock Plus) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-02-04]CHR Extension: (Google Zoeken) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-04]CHR Extension: (Google Mail Checker) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-02-04]CHR Extension: (Google Wallet) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]CHR Extension: (Google Chrome to Phone) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-02-04]CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2013-04-05]CHR Extension: (Gmail) - C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-04]CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-04-04]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [51200 2012-09-01] ()R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [36224 2012-07-30] ()R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [585032 2013-07-16] (LENOVO INCORPORATED.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-02-24] (Sony Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2013-01-05] (Lenovo) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)S3 AX88179; C:\Windows\system32\DRIVERS\ax88179_178a.sys [66560 2013-07-04] (ASIX Electronics Corp.)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2013-01-05] (Lenovo)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696464 2012-09-01] (Realtek Semiconductor Corporation)R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [36864 2012-11-06] (Synaptics Incorporated)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-19 18:48 - 2014-03-19 18:48 - 00023581 _____ () C:\Users\Harrie_Terhorst\Downloads\FRST.txt2014-03-19 18:47 - 2014-03-19 18:48 - 00000000 ____D () C:\FRST2014-03-19 18:46 - 2014-03-19 18:47 - 02157056 _____ (Farbar) C:\Users\Harrie_Terhorst\Downloads\FRST64.exe2014-03-18 19:00 - 2014-03-18 19:00 - 00000000 ____D () C:\_OTL2014-03-18 18:32 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll2014-03-18 18:32 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe2014-03-18 18:32 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe2014-03-18 18:32 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll2014-03-18 18:31 - 2014-01-08 02:46 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS2014-03-18 18:31 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys2014-03-18 18:31 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys2014-03-18 18:31 - 2014-01-04 16:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll2014-03-18 18:31 - 2014-01-04 16:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll2014-03-18 18:31 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll2014-03-18 18:31 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll2014-03-18 18:31 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll2014-03-18 18:31 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2014-03-18 18:31 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll2014-03-18 18:31 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2014-03-18 18:31 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll2014-03-18 18:31 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll2014-03-18 18:31 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll2014-03-18 18:31 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll2014-03-18 18:31 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll2014-03-18 18:31 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll2014-03-18 18:31 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll2014-03-18 18:31 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll2014-03-18 18:31 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll2014-03-18 18:31 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll2014-03-18 18:31 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll2014-03-18 18:31 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll2014-03-18 18:31 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll2014-03-18 18:31 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll2014-03-18 18:31 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys2014-03-18 18:31 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll2014-03-18 18:31 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll2014-03-18 18:31 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe2014-03-18 18:31 - 2013-12-13 08:24 - 00121088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys2014-03-18 18:31 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll2014-03-18 18:31 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll2014-03-18 18:31 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-03-18 18:31 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-03-14 18:18 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys2014-03-14 18:18 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys2014-03-14 18:18 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys2014-03-14 18:03 - 2014-03-14 18:09 - 00000000 ____D () C:\AdwCleaner2014-03-14 18:00 - 2014-03-14 18:00 - 01950720 _____ () C:\Users\Harrie_Terhorst\Downloads\AdwCleaner.exe2014-03-14 17:56 - 2014-03-14 17:56 - 00004923 _____ () C:\Users\Harrie_Terhorst\Desktop\JRT.txt2014-03-14 17:43 - 2014-03-14 17:43 - 00000000 ____D () C:\WINDOWS\ERUNT2014-03-14 17:42 - 2014-03-14 17:42 - 01037734 _____ (Thisisu) C:\Users\Harrie_Terhorst\Downloads\JRT.exe2014-03-13 17:59 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-03-13 17:59 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-03-13 17:59 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-03-13 17:59 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-03-13 17:59 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-03-13 17:59 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-03-13 17:59 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-03-13 17:59 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-03-13 17:59 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-03-13 17:59 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-03-13 17:59 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-03-13 17:59 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-03-13 17:59 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-03-13 17:59 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-03-13 17:59 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-03-13 17:59 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-03-13 17:59 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-03-13 17:59 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-03-13 17:59 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2014-03-13 17:59 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2014-03-13 17:59 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys2014-03-13 17:59 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2014-03-13 17:59 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2014-03-13 17:59 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2014-03-13 17:59 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll2014-03-13 17:59 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll2014-03-13 17:59 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2014-03-13 17:59 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2014-03-13 17:59 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll2014-03-13 17:59 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-03-13 17:59 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll2014-03-13 17:59 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2014-03-13 17:59 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2014-03-13 17:59 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll2014-03-13 17:59 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll2014-03-13 17:59 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll2014-03-13 17:59 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll2014-03-13 17:59 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE2014-03-13 17:59 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll2014-03-13 17:59 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll2014-03-13 17:59 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll2014-03-13 17:59 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE2014-03-13 17:59 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll2014-03-13 17:59 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll2014-03-13 17:59 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll2014-03-13 17:59 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll2014-03-13 17:59 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll2014-03-13 17:59 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll2014-03-13 17:59 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-03-13 17:59 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll2014-03-13 17:59 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll2014-03-13 17:59 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe2014-03-13 17:59 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll2014-03-13 17:59 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-03-13 17:59 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-03-10 21:49 - 2014-03-10 21:49 - 00017879 _____ () C:\Users\Harrie_Terhorst\Downloads\011778209 (2).ibv20132014-03-10 21:48 - 2014-03-10 21:48 - 00017879 _____ () C:\Users\Harrie_Terhorst\Downloads\011778210.ibv20132014-03-09 18:30 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll2014-03-09 17:43 - 2014-03-09 17:43 - 00089530 _____ () C:\Users\Harrie_Terhorst\Downloads\Extras.Txt2014-03-09 17:41 - 2014-03-16 21:14 - 00160128 _____ () C:\Users\Harrie_Terhorst\Downloads\OTL.Txt2014-03-09 17:23 - 2014-03-09 17:23 - 00602112 _____ (OldTimer Tools) C:\Users\Harrie_Terhorst\Downloads\OTL.exe2014-03-08 20:26 - 2014-03-08 20:26 - 00688992 _____ (Swearware) C:\Users\Harrie_Terhorst\Downloads\dds.com2014-03-08 20:25 - 2014-03-08 20:25 - 00688992 _____ (Swearware) C:\Users\Harrie_Terhorst\Downloads\dds.scr2014-03-08 20:17 - 2014-03-08 20:25 - 204744952 _____ (CURIOLAB S.M.B.A.) C:\Users\Harrie_Terhorst\Downloads\ExterminateItSetup.exe2014-03-08 19:38 - 2014-03-08 19:38 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-08 19:37 - 2014-03-08 19:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harrie_Terhorst\Downloads\mbam-setup-1.75.0.1300.exe2014-03-08 19:27 - 2014-03-08 19:27 - 00002792 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC2014-03-08 19:27 - 2014-03-08 19:27 - 00000000 ____D () C:\Program Files\CCleaner2014-03-08 19:26 - 2014-03-08 19:26 - 04765152 _____ (Piriform Ltd) C:\Users\Harrie_Terhorst\Downloads\ccsetup411.exe2014-03-08 17:15 - 2014-03-08 17:15 - 00390269 _____ () C:\Users\Harrie_Terhorst\Downloads\Wally73408.par2.nzb2014-03-08 17:11 - 2014-03-08 17:11 - 00158725 _____ () C:\Users\Harrie_Terhorst\Downloads\Arrow.S02E11.HDTV.x264.nzb2014-03-08 17:09 - 2014-03-08 17:09 - 00677834 _____ () C:\Users\Harrie_Terhorst\Downloads\Arrow.S02E11.720p.HDTV.X264.nzb2014-03-07 13:40 - 2014-03-07 13:40 - 00002008 _____ () C:\Users\Harrie_Terhorst\Downloads\Tornado-post-op-www.wickedreaction.ws-03-reaction032.nzb2014-03-07 13:40 - 2014-03-07 13:40 - 00000000 ____D () C:\Users\Harrie_Terhorst\Downloads\Tornado-post-op-www.wickedreaction.ws-03-reaction0322014-03-01 16:32 - 2014-03-01 16:32 - 00008450 _____ () C:\Users\Harrie_Terhorst\Downloads\011778209.ibv20132014-03-01 16:10 - 2014-03-01 16:10 - 00009596 _____ () C:\Users\Harrie_Terhorst\Downloads\096083153.ibv20132014-03-01 16:09 - 2014-03-01 16:09 - 02836400 _____ (Belastingdienst) C:\Users\Harrie_Terhorst\Downloads\ib2013_win_setup.exe2014-03-01 16:09 - 2014-03-01 16:09 - 00001438 _____ () C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk2014-03-01 15:50 - 2013-12-18 09:38 - 00029496 _____ (AVG) C:\WINDOWS\system32\authuitu.dll2014-03-01 15:50 - 2013-12-18 09:38 - 00025400 _____ (AVG) C:\WINDOWS\SysWOW64\authuitu.dll2014-03-01 15:49 - 2014-03-01 15:49 - 78353784 _____ (AVG) C:\Users\Harrie_Terhorst\Downloads\avg_tuh_stf_all_2014_295.exe2014-03-01 14:53 - 2014-03-01 14:53 - 00000760 _____ () C:\Users\Harrie_Terhorst\Downloads\Arrow-S02E10-720p-HDTV-Nl-subs-DutchReleaseTeam.rar.nzb ==================== One Month Modified Files and Folders ======= 2014-03-19 18:48 - 2014-03-19 18:48 - 00023581 _____ () C:\Users\Harrie_Terhorst\Downloads\FRST.txt2014-03-19 18:48 - 2014-03-19 18:47 - 00000000 ____D () C:\FRST2014-03-19 18:48 - 2014-02-14 20:05 - 00000000 ____D () C:\ProgramData\MFAData2014-03-19 18:47 - 2014-03-19 18:46 - 02157056 _____ (Farbar) C:\Users\Harrie_Terhorst\Downloads\FRST64.exe2014-03-19 18:46 - 2013-11-19 16:52 - 00005082 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HARRIE-Harrie_Terhorst Harrie2014-03-19 18:46 - 2013-02-19 21:48 - 00000000 ___RD () C:\Users\Harrie_Terhorst\Dropbox2014-03-19 18:46 - 2013-02-19 21:46 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox2014-03-19 18:46 - 2013-02-04 07:47 - 00001084 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-03-19 18:45 - 2013-10-18 15:46 - 00000000 __RDO () C:\Users\Harrie_Terhorst\SkyDrive2014-03-19 18:45 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-03-19 18:45 - 2013-02-03 07:02 - 00016378 _____ () C:\Users\Harrie_Terhorst\AppData\Local\BTServer.log2014-03-19 18:45 - 2013-01-05 10:04 - 00000000 ____D () C:\ProgramData\Realtek2014-03-18 22:19 - 2013-08-22 14:25 - 02097152 ___SH () C:\WINDOWS\system32\config\BBI2014-03-18 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-03-18 21:50 - 2013-02-03 07:08 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-231642352-623416637-1905510808-10012014-03-18 21:48 - 2013-09-30 05:04 - 01823174 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-03-18 21:48 - 2013-02-03 08:03 - 00812244 _____ () C:\WINDOWS\system32\perfh013.dat2014-03-18 21:48 - 2013-02-03 08:03 - 00164488 _____ () C:\WINDOWS\system32\perfc013.dat2014-03-18 20:27 - 2013-02-04 07:47 - 00001088 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-03-18 20:21 - 2013-02-20 20:46 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001UA.job2014-03-18 19:56 - 2013-10-18 12:29 - 01488586 _____ () C:\WINDOWS\WindowsUpdate.log2014-03-18 19:27 - 2013-02-16 17:51 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Roaming\HpUpdate2014-03-18 19:21 - 2013-02-03 07:02 - 00000000 ___RD () C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-18 19:21 - 2013-02-03 07:02 - 00000000 ___RD () C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-03-18 19:14 - 2013-09-30 04:55 - 00019830 _____ () C:\WINDOWS\PFRO.log2014-03-18 19:14 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-03-18 19:00 - 2014-03-18 19:00 - 00000000 ____D () C:\_OTL2014-03-18 18:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-03-18 18:46 - 2013-08-18 11:11 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-03-18 18:45 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-03-18 18:31 - 2014-02-14 20:07 - 00000000 ____D () C:\Program Files (x86)\AVG2014-03-18 18:30 - 2014-02-14 20:25 - 00003694 _____ () C:\WINDOWS\System32\Tasks\Adobe-online actualiseringsprogramma2014-03-18 18:30 - 2014-02-14 20:25 - 00003676 _____ () C:\WINDOWS\System32\Tasks\HP-Online updateprogramma2014-03-18 18:28 - 2013-10-18 15:48 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{90BBEC23-288E-4157-8A95-8C1E31FBD983}2014-03-16 21:45 - 2013-11-10 17:36 - 00039292 _____ () C:\Users\Harrie_Terhorst\Downloads\Energie-verbruik.xlsx2014-03-16 21:14 - 2014-03-09 17:41 - 00160128 _____ () C:\Users\Harrie_Terhorst\Downloads\OTL.Txt2014-03-15 10:26 - 2013-11-15 16:32 - 00000000 ____D () C:\Users\Harrie_Terhorst\.MAX2014-03-15 09:27 - 2013-11-15 16:32 - 00000000 ____D () C:\ProgramData\MAX2014-03-14 18:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-03-14 18:29 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-03-14 18:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-03-14 18:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-03-14 18:09 - 2014-03-14 18:03 - 00000000 ____D () C:\AdwCleaner2014-03-14 18:00 - 2014-03-14 18:00 - 01950720 _____ () C:\Users\Harrie_Terhorst\Downloads\AdwCleaner.exe2014-03-14 17:56 - 2014-03-14 17:56 - 00004923 _____ () C:\Users\Harrie_Terhorst\Desktop\JRT.txt2014-03-14 17:43 - 2014-03-14 17:43 - 00000000 ____D () C:\WINDOWS\ERUNT2014-03-14 17:42 - 2014-03-14 17:42 - 01037734 _____ (Thisisu) C:\Users\Harrie_Terhorst\Downloads\JRT.exe2014-03-13 19:17 - 2013-08-22 15:44 - 00661056 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-03-13 19:17 - 2013-02-03 08:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-03-13 19:17 - 2013-02-03 08:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-03-12 18:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2014-03-12 18:14 - 2014-02-14 20:08 - 00001002 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2014-03-10 22:12 - 2013-03-04 17:29 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Roaming\Belastingdienst2014-03-10 21:49 - 2014-03-10 21:49 - 00017879 _____ () C:\Users\Harrie_Terhorst\Downloads\011778209 (2).ibv20132014-03-10 21:48 - 2014-03-10 21:48 - 00017879 _____ () C:\Users\Harrie_Terhorst\Downloads\011778210.ibv20132014-03-09 18:31 - 2013-10-09 20:35 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation2014-03-09 18:29 - 2013-10-09 20:34 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared2014-03-09 18:26 - 2013-10-09 20:33 - 00002190 _____ () C:\Users\Public\Desktop\PlayMemories Home.lnk2014-03-09 18:26 - 2013-10-09 20:33 - 00002090 _____ () C:\Users\Public\Desktop\PlayMemories Home Help.lnk2014-03-09 18:24 - 2013-10-09 20:33 - 00000000 ____D () C:\ProgramData\Sony Corporation2014-03-09 17:43 - 2014-03-09 17:43 - 00089530 _____ () C:\Users\Harrie_Terhorst\Downloads\Extras.Txt2014-03-09 17:23 - 2014-03-09 17:23 - 00602112 _____ (OldTimer Tools) C:\Users\Harrie_Terhorst\Downloads\OTL.exe2014-03-08 20:26 - 2014-03-08 20:26 - 00688992 _____ (Swearware) C:\Users\Harrie_Terhorst\Downloads\dds.com2014-03-08 20:25 - 2014-03-08 20:25 - 00688992 _____ (Swearware) C:\Users\Harrie_Terhorst\Downloads\dds.scr2014-03-08 20:25 - 2014-03-08 20:17 - 204744952 _____ (CURIOLAB S.M.B.A.) C:\Users\Harrie_Terhorst\Downloads\ExterminateItSetup.exe2014-03-08 20:08 - 2013-02-20 20:46 - 00001068 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001Core.job2014-03-08 19:38 - 2014-03-08 19:38 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-08 19:38 - 2013-08-19 14:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-08 19:37 - 2014-03-08 19:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Harrie_Terhorst\Downloads\mbam-setup-1.75.0.1300.exe2014-03-08 19:27 - 2014-03-08 19:27 - 00002792 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC2014-03-08 19:27 - 2014-03-08 19:27 - 00000000 ____D () C:\Program Files\CCleaner2014-03-08 19:26 - 2014-03-08 19:26 - 04765152 _____ (Piriform Ltd) C:\Users\Harrie_Terhorst\Downloads\ccsetup411.exe2014-03-08 17:27 - 2013-08-22 15:46 - 00302598 _____ () C:\WINDOWS\setupact.log2014-03-08 17:24 - 2013-02-20 20:46 - 00004086 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001UA2014-03-08 17:24 - 2013-02-20 20:46 - 00003706 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001Core2014-03-08 17:24 - 2013-02-04 07:47 - 00004060 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-08 17:24 - 2013-02-04 07:47 - 00003824 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-08 17:17 - 2013-03-11 21:39 - 00000000 ____D () C:\Users\Harrie_Terhorst\Downloads\Incompleet2014-03-08 17:15 - 2014-03-08 17:15 - 00390269 _____ () C:\Users\Harrie_Terhorst\Downloads\Wally73408.par2.nzb2014-03-08 17:11 - 2014-03-08 17:11 - 00158725 _____ () C:\Users\Harrie_Terhorst\Downloads\Arrow.S02E11.HDTV.x264.nzb2014-03-08 17:09 - 2014-03-08 17:09 - 00677834 _____ () C:\Users\Harrie_Terhorst\Downloads\Arrow.S02E11.720p.HDTV.X264.nzb2014-03-07 13:49 - 2013-02-03 07:02 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Local\Packages2014-03-07 13:40 - 2014-03-07 13:40 - 00002008 _____ () C:\Users\Harrie_Terhorst\Downloads\Tornado-post-op-www.wickedreaction.ws-03-reaction032.nzb2014-03-07 13:40 - 2014-03-07 13:40 - 00000000 ____D () C:\Users\Harrie_Terhorst\Downloads\Tornado-post-op-www.wickedreaction.ws-03-reaction0322014-03-05 21:00 - 2013-10-19 15:28 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Local\Deployment2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-03-03 23:01 - 2013-02-05 07:29 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Roaming\vlc2014-03-02 19:42 - 2013-08-19 13:27 - 00000000 _____ () C:\Users\Harrie_Terhorst\AppData\Local\RegisteredPackageInformation.xml2014-03-02 14:35 - 2013-09-08 12:16 - 00000280 _____ () C:\Users\Harrie_Terhorst\Desktop\harrie.txt2014-03-02 14:05 - 2013-02-09 18:07 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-03-01 16:32 - 2014-03-01 16:32 - 00008450 _____ () C:\Users\Harrie_Terhorst\Downloads\011778209.ibv20132014-03-01 16:10 - 2014-03-01 16:10 - 00009596 _____ () C:\Users\Harrie_Terhorst\Downloads\096083153.ibv20132014-03-01 16:09 - 2014-03-01 16:09 - 02836400 _____ (Belastingdienst) C:\Users\Harrie_Terhorst\Downloads\ib2013_win_setup.exe2014-03-01 16:09 - 2014-03-01 16:09 - 00001438 _____ () C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk2014-03-01 15:53 - 2014-02-14 20:17 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}2014-03-01 15:53 - 2013-02-16 16:55 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Local\Microsoft Help2014-03-01 15:49 - 2014-03-01 15:49 - 78353784 _____ (AVG) C:\Users\Harrie_Terhorst\Downloads\avg_tuh_stf_all_2014_295.exe2014-03-01 14:53 - 2014-03-01 14:53 - 00000760 _____ () C:\Users\Harrie_Terhorst\Downloads\Arrow-S02E10-720p-HDTV-Nl-subs-DutchReleaseTeam.rar.nzb2014-03-01 07:05 - 2014-03-13 17:59 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-03-01 05:58 - 2014-03-13 17:59 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-03-01 05:30 - 2014-03-13 17:59 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-03-01 05:17 - 2014-03-13 17:59 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-03-01 04:54 - 2014-03-13 17:59 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-03-01 04:47 - 2014-03-13 17:59 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-03-01 04:42 - 2014-03-13 17:59 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-03-01 04:18 - 2014-03-13 17:59 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-03-01 04:14 - 2014-03-13 17:59 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-03-01 04:10 - 2014-03-13 17:59 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-03-01 04:03 - 2014-03-13 17:59 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-03-01 03:57 - 2014-03-13 17:59 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-03-01 03:38 - 2014-03-13 17:59 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-03-01 03:32 - 2014-03-13 17:59 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-03-01 03:27 - 2014-03-13 17:59 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-03-01 03:25 - 2014-03-13 17:59 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-03-01 03:25 - 2014-03-13 17:59 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-02-22 14:56 - 2013-12-28 16:52 - 00000000 ____D () C:\ProgramData\Sonos,_Inc2014-02-18 21:22 - 2013-12-30 09:36 - 00000000 ____D () C:\Users\Harrie_Terhorst\AppData\Roaming\MediaMonkey2014-02-18 21:18 - 2013-12-30 09:36 - 00001066 _____ () C:\Users\Public\Desktop\MediaMonkey.lnk2014-02-18 21:18 - 2013-12-30 09:36 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey2014-02-17 20:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache2014-02-17 20:18 - 2014-01-25 11:47 - 00000000 ____D () C:\Users\Harrie_Terhorst\Downloads\COMPLETE Nederlandse Top 40 van 2014 week 4 ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys[2014-03-13 17:59] - [2014-01-31 17:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 LastRegBack: 2014-03-18 20:32 ==================== End Of Log ============================
- March 19, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

I runned the fix with OTL. The output was too long to post Here is the beginning and the end of the list: All processes killed========== OTL ==========C:\Users\Harrie_Terhorst\AppData\Roaming\mozilla\firefox\profiles\extensions\fhdp3@freehdsp.tv.xpi moved successfully.C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.C:\Users\Default\AppData\Roaming\TuneUp Software folder moved successfully.Folder C:\Users\Default User\AppData\Roaming\TuneUp Software\ not found.C:\Users\Harrie_Terhorst\AppData\Roaming\42800797 folder moved successfully.C:\Users\Harrie_Terhorst\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.C:\Users\Harrie_Terhorst\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.C:\Users\Harrie_Terhorst\AppData\Roaming\TuneUp Software folder moved successfully.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Harrie_Terhorst\Downloads\cmd.bat deleted successfully.C:\Users\Harrie_Terhorst\Downloads\cmd.txt deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default.migrated User: Harrie_Terhorst->Temp folder emptied: 669149208 bytes->Temporary Internet Files folder emptied: 910261046 bytes->Google Chrome cache emptied: 278645373 bytes->Flash cache emptied: 76128 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 1525990 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 2381484530 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 4.045,00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 03182014_190038 Files\Folders moved on Reboot...C:\Users\Harrie_Terhorst\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.C:\WINDOWS\temp\CR_13080.tmp\setup.exe moved successfully.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft.windows.s..ation.badcomponents_31bf3856ad364e35_6.3.9600.16384_none_cd3183f2deb856d2\suppression.xml scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-usermodensi.resources_31bf3856ad364e35_6.3.9600.16384_en-us_d0f0daaffb6cc7bb\nsisvc.dll.mui scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\bfsvc.dll scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\CbsCore.dll scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\CbsMsg.dll scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cleanupai.dll scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cmiadapter.dll scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cmiaisupport.dll scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cmitrust.dll scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\cmiv2.dll scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.16384_none_9dff25cfe2e40fa2\CntrtextInstaller.dll scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Program Files\Common Files\Microsoft Shared\ink\en-us\tabskb.dll.mui scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Program Files\Common Files\Microsoft Shared\ink\en-us\TabTip.exe.mui scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Program Files\Common Files\Microsoft Shared\ink\en-us\TipBand.dll.mui scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Program Files\Common Files\Microsoft Shared\ink\en-us\TipRes.dll.mui scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Program Files\Common Files\Microsoft Shared\ink\en-us\tipresx.dll.mui scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\a9631f3d-f308-4d72-bd8f-7b7ca45c16ca\Program Files\Common Files\Microsoft Shared\ink\en-us\TipTsf.dll.mui scheduled to be moved on reboot.C:\WINDOWS\temp\chrome_installer.log moved successfully.C:\WINDOWS\temp\FireFly(20140318182531A04).log moved successfully.C:\WINDOWS\temp\integratedoffice.exe_c2ruidll(20140318182531A04).log moved successfully.C:\WINDOWS\temp\integratedoffice.exe_streamserver(20140318182531A04).log moved successfully.File move failed. C:\WINDOWS\temp\ood_stream.x86.nl-nl.dat scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
- March 18, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

I uninstalled the application AVG PC TuneUp 2014. The applications AVG PC TuneUp 2014 (nl-NL) and AVG Nation Toolbar are not in the list
- March 18, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

After the reboot I still see the messages "Enigma Software Systems, custom removal in action" It is not removed yet
- March 18, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

There was no new Extras.txt file created after the second run of OTL scan Thanks for your reply
- March 16, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

Here is the new OTL log file: OTL logfile created on: 16-3-2014 20:58:43 - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Harrie_Terhorst\Downloads64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.16521)Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy 3,88 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 58,00% Memory free4,57 Gb Paging File | 2,86 Gb Available in Paging File | 62,63% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)Drive C: | 92,57 Gb Total Space | 45,04 Gb Free Space | 48,65% Space Free | Partition Type: NTFSDrive D: | 4,00 Gb Total Space | 2,29 Gb Free Space | 57,21% Space Free | Partition Type: NTFS Computer Name: HARRIE | User Name: Harrie_Terhorst | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014-03-09 17:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Harrie_Terhorst\Downloads\OTL.exePRC - [2014-03-07 13:49:19 | 001,358,848 | ---- | M] (Barnesandnoble.com llc) -- C:\Program Files\WindowsApps\BarnesNoble.Nook_1.8.0.6307_x86__ahnzqzva31enc\NookClient.exePRC - [2014-03-02 03:35:27 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exePRC - [2014-01-22 12:17:36 | 004,962,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exePRC - [2014-01-19 13:34:56 | 000,078,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXEPRC - [2014-01-19 13:34:49 | 000,448,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXEPRC - [2014-01-03 01:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\Dropbox.exePRC - [2013-09-24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exePRC - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exePRC - [2013-07-16 20:56:36 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exePRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2013-01-05 10:10:03 | 000,208,464 | ---- | M] () -- C:\ProgramData\YogaSmartSwicth\yogaserver.exePRC - [2012-07-27 20:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exePRC - [2012-07-19 19:09:42 | 000,708,648 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exePRC - [2012-07-19 19:09:42 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exePRC - [2012-07-16 09:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE ========== Modules (No Company Name) ========== MOD - [2014-03-11 21:41:07 | 000,785,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\805be8b7f84002fd634adf0a6cc01047\System.ServiceModel.Internals.ni.dllMOD - [2014-03-08 17:38:31 | 000,482,304 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud.1553bc1e#\8f840a59c1f25dd08984252630915c00\Nook.Cloud.NativeServices.ni.dllMOD - [2014-03-08 17:38:29 | 000,241,152 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Notificatioc5a47191#\1186610703e36f98640197deefaf312a\NotificationsExtensions.ni.dllMOD - [2014-03-08 17:38:27 | 000,513,024 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Local\Packages\barnesnoble.nook_ahnzqzva31enc\AC\Microsoft\CLR_v4.0_32\NativeImages\Nook.Cloud\9b380dfa65f768d2d2a662b0348ddd89\Nook.Cloud.ni.dllMOD - [2014-03-08 17:38:11 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\c2f2c5073965c1d04b9023f65d3fe349\SMDiagnostics.ni.dllMOD - [2014-03-08 17:38:08 | 000,337,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\f867cb52dc4fcc5ebaa80ffbd2976b3e\Windows.Data.ni.dllMOD - [2014-03-08 17:38:07 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Globalization\8117ba37bd357ad43611bbc9bdfca567\System.Globalization.ni.dllMOD - [2014-03-08 17:38:06 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.429e8964#\f2cc82f8999d2aa1c6660c806177ec61\System.Xml.XmlSerializer.ni.dllMOD - [2014-03-08 17:38:06 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IO\042586835cba6dc3b2850f9f5a9483e7\System.IO.ni.dllMOD - [2014-03-08 17:38:05 | 000,238,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\d5b9aa521932d0e448fcec4c8a7668ee\Windows.Globalization.ni.dllMOD - [2014-03-08 17:38:04 | 000,960,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c9f5748b453ed1334d500ba0f8cd893b\Windows.UI.ni.dllMOD - [2014-03-08 17:38:04 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ObjectModel\ddc4d9d5d71dc5987a0ccc8a3109cf3c\System.ObjectModel.ni.dllMOD - [2014-03-08 17:38:01 | 000,133,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\a89efd02ed532244af2618bd2258658d\Windows.System.ni.dllMOD - [2014-03-08 17:38:00 | 000,808,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\ae4e23764df4e166aae70ec4bfa75616\Windows.Storage.ni.dllMOD - [2014-03-08 17:37:59 | 000,797,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\19a8d1fd6ba18245c4dde13875b6e1d3\Windows.Networking.ni.dllMOD - [2014-03-08 17:37:57 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Thre7bb2aad0#\377a9fc969cd342e46c970eef309c528\System.Threading.Tasks.ni.dllMOD - [2014-03-08 17:37:56 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Collections\ed21f43f727dc714483c4dc389adffb4\System.Collections.ni.dllMOD - [2014-03-08 17:37:54 | 001,131,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\7afc662c6dd9522510958dd7b23baad7\Windows.ApplicationModel.ni.dllMOD - [2014-03-08 17:37:49 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtbff93e24#\380573a8261d3347ae37503ddc854abf\System.Runtime.InteropServices.WindowsRuntime.ni.dllMOD - [2014-03-08 17:37:48 | 003,536,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\4946d643ed8c96ecda72bacf7b61430f\Windows.UI.Xaml.ni.dllMOD - [2014-03-07 13:49:19 | 012,953,600 | ---- | M] () -- C:\Program Files\WindowsApps\BarnesNoble.Nook_1.8.0.6307_x86__ahnzqzva31enc\Nook.Cloud.NativeServices.dllMOD - [2014-03-02 03:35:20 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dllMOD - [2014-03-02 03:35:19 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dllMOD - [2014-03-02 03:35:15 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dllMOD - [2014-02-16 16:07:45 | 000,228,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\944bf33aded9f0e78c282767583019d9\Windows.Foundation.ni.dllMOD - [2014-02-16 16:07:45 | 000,018,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime\cb94f731a1ebd6b9877cd110c0c6ed45\System.Runtime.ni.dllMOD - [2014-02-16 16:02:52 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a7db022b87017cc62542ef85d19c7fb1\CustomMarshalers.ni.dllMOD - [2014-02-16 16:02:02 | 002,297,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3430f069c93f4233f0dbb775cb73b49b\System.Core.ni.dllMOD - [2014-02-16 15:59:17 | 005,463,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\672138dc2f47a077f59ef14290a6973e\System.Xml.ni.dllMOD - [2014-02-16 15:59:13 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a673aacf407b499981342bb709cce917\System.Windows.Forms.ni.dllMOD - [2014-02-16 15:59:05 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d76ae95d56d39a59f727f5518ac8e396\System.Drawing.ni.dllMOD - [2014-02-16 15:58:32 | 007,993,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\20af51394609c937507288c2b1cf2c8c\System.ni.dllMOD - [2014-02-16 15:58:26 | 011,499,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3de119146ed0e59408f896aa69cdfc42\mscorlib.ni.dllMOD - [2014-02-16 15:58:18 | 007,803,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\fd6afdb3a9309e9af89222b778f5901c\System.Xml.ni.dllMOD - [2014-02-16 15:57:48 | 000,098,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#\00fd6b9fc7353b024079f65164bdc73f\System.Runtime.WindowsRuntime.UI.Xaml.ni.dllMOD - [2014-02-16 15:57:47 | 000,573,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#\e209e80a78aee1367c92f1dd884d8f58\System.Runtime.WindowsRuntime.ni.dllMOD - [2014-02-16 15:57:46 | 002,804,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\b110ef93e43ad2abdfa7b12c99443144\System.Runtime.Serialization.ni.dllMOD - [2014-02-16 15:57:34 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\9ab0202718d44c5bfe5120745304808a\System.Configuration.ni.dllMOD - [2014-02-16 15:57:08 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ab8978239d891c4afffd6a6df3996a6e\System.Core.ni.dllMOD - [2014-02-16 15:57:03 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8455c031f8ffe82a0109c563873260e8\System.ni.dllMOD - [2014-01-19 13:34:55 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dllMOD - [2014-01-19 13:32:53 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dllMOD - [2014-01-03 01:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dllMOD - [2013-12-03 01:37:02 | 017,376,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\ebdd49343f711b2029293f8e621b28a2\mscorlib.ni.dllMOD - [2013-11-19 16:50:01 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dllMOD - [2013-11-19 16:45:13 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dllMOD - [2013-10-19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\libcef.dllMOD - [2013-08-17 01:06:23 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dllMOD - [2013-01-05 10:10:03 | 000,208,464 | ---- | M] () -- C:\ProgramData\YogaSmartSwicth\yogaserver.exe ========== Services (SafeList) ========== SRV:64bit: - [2014-02-06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)SRV:64bit: - [2013-11-27 16:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)SRV:64bit: - [2013-11-27 10:17:40 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)SRV:64bit: - [2013-11-23 05:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)SRV:64bit: - [2013-11-08 04:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)SRV:64bit: - [2013-10-31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)SRV:64bit: - [2013-10-31 01:29:53 | 000,348,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)SRV:64bit: - [2013-10-31 01:29:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)SRV:64bit: - [2013-10-22 02:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)SRV:64bit: - [2013-10-07 11:43:16 | 009,281,840 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)SRV:64bit: - [2013-10-04 09:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)SRV:64bit: - [2013-09-30 05:03:28 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)SRV:64bit: - [2013-09-30 05:03:28 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)SRV:64bit: - [2013-09-30 05:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)SRV:64bit: - [2013-08-22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV:64bit: - [2013-08-22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)SRV:64bit: - [2013-08-22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)SRV:64bit: - [2013-08-22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)SRV:64bit: - [2013-08-22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)SRV:64bit: - [2013-08-22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)SRV:64bit: - [2013-08-22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)SRV:64bit: - [2013-08-22 11:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)SRV:64bit: - [2013-08-22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)SRV:64bit: - [2013-08-22 10:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)SRV:64bit: - [2013-08-22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)SRV:64bit: - [2013-08-22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)SRV:64bit: - [2013-08-22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)SRV:64bit: - [2013-08-22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)SRV:64bit: - [2013-08-22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)SRV:64bit: - [2013-08-22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)SRV:64bit: - [2013-08-22 10:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)SRV:64bit: - [2013-08-22 10:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)SRV:64bit: - [2013-08-22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)SRV:64bit: - [2013-08-22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)SRV:64bit: - [2013-07-16 20:56:36 | 000,585,032 | ---- | M] (LENOVO INCORPORATED.) [Auto | Running] -- C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe -- (Lenovo System Agent Service)SRV:64bit: - [2012-07-30 12:27:06 | 000,036,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)SRV:64bit: - [2012-07-30 12:27:00 | 000,030,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)SRV:64bit: - [2012-07-30 12:26:58 | 000,029,056 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)SRV:64bit: - [2012-06-08 10:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Stopped] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)SRV:64bit: - [2012-04-20 23:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®SRV:64bit: - [2011-12-01 10:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)SRV - [2014-02-24 02:24:38 | 000,481,816 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)SRV - [2014-01-22 12:19:38 | 003,788,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)SRV - [2014-01-16 10:34:08 | 000,495,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)SRV - [2013-12-21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013-12-18 09:38:40 | 002,102,072 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)SRV - [2013-12-03 10:56:50 | 000,079,000 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)SRV - [2013-10-03 22:43:02 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2013-09-30 05:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)SRV - [2013-09-24 01:35:44 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)SRV - [2013-09-24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)SRV - [2013-08-22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV - [2013-08-22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)SRV - [2013-08-22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2013-01-05 10:10:03 | 000,027,216 | ---- | M] (Lenovo) [Auto | Running] -- C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe -- (ymc)SRV - [2012-09-01 01:26:58 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe -- (BTDevManager)SRV - [2012-07-19 19:09:42 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)SRV - [2012-07-17 10:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2012-07-17 10:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2012-07-17 10:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)SRV - [2012-07-16 09:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)SRV - [2012-07-13 10:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)SRV - [2011-08-18 01:29:52 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)SRV - [2011-05-24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)SRV - [2011-04-26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013-11-25 21:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)DRV:64bit: - [2013-11-25 21:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)DRV:64bit: - [2013-11-25 21:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)DRV:64bit: - [2013-11-11 03:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)DRV:64bit: - [2013-11-09 12:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)DRV:64bit: - [2013-11-01 12:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)DRV:64bit: - [2013-10-31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)DRV:64bit: - [2013-10-31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)DRV:64bit: - [2013-10-31 01:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)DRV:64bit: - [2013-10-31 01:29:36 | 000,236,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)DRV:64bit: - [2013-10-31 01:29:36 | 000,124,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)DRV:64bit: - [2013-10-31 01:28:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)DRV:64bit: - [2013-10-26 02:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)DRV:64bit: - [2013-10-21 22:28:28 | 000,252,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgwfpa.sys -- (Avgwfpa)DRV:64bit: - [2013-10-13 03:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)DRV:64bit: - [2013-10-05 16:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)DRV:64bit: - [2013-10-03 22:42:44 | 004,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2013-10-01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)DRV:64bit: - [2013-09-30 05:03:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)DRV:64bit: - [2013-09-30 05:03:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2013-09-30 05:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)DRV:64bit: - [2013-09-30 04:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2013-09-30 04:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)DRV:64bit: - [2013-09-30 04:51:01 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)DRV:64bit: - [2013-09-26 10:08:22 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)DRV:64bit: - [2013-09-26 10:08:22 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)DRV:64bit: - [2013-09-26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)DRV:64bit: - [2013-09-10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)DRV:64bit: - [2013-09-04 15:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgboota.sys -- (Avgboota)DRV:64bit: - [2013-08-22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)DRV:64bit: - [2013-08-22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2013-08-22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)DRV:64bit: - [2013-08-22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)DRV:64bit: - [2013-08-22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)DRV:64bit: - [2013-08-22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)DRV:64bit: - [2013-08-22 13:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)DRV:64bit: - [2013-08-22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)DRV:64bit: - [2013-08-22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2013-08-22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2013-08-22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)DRV:64bit: - [2013-08-22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2013-08-22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)DRV:64bit: - [2013-08-22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)DRV:64bit: - [2013-08-22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2013-08-22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2013-08-22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)DRV:64bit: - [2013-08-22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2013-08-22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)DRV:64bit: - [2013-08-22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)DRV:64bit: - [2013-08-22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2013-08-22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)DRV:64bit: - [2013-08-22 13:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)DRV:64bit: - [2013-08-22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)DRV:64bit: - [2013-08-22 13:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)DRV:64bit: - [2013-08-22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2013-08-22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)DRV:64bit: - [2013-08-22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)DRV:64bit: - [2013-08-22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)DRV:64bit: - [2013-08-22 13:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)DRV:64bit: - [2013-08-22 13:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)DRV:64bit: - [2013-08-22 13:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)DRV:64bit: - [2013-08-22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)DRV:64bit: - [2013-08-22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)DRV:64bit: - [2013-08-22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)DRV:64bit: - [2013-08-22 12:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)DRV:64bit: - [2013-08-22 12:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)DRV:64bit: - [2013-08-22 12:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)DRV:64bit: - [2013-08-22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)DRV:64bit: - [2013-08-22 12:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)DRV:64bit: - [2013-08-22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)DRV:64bit: - [2013-08-22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)DRV:64bit: - [2013-08-22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)DRV:64bit: - [2013-08-22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)DRV:64bit: - [2013-08-22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)DRV:64bit: - [2013-08-22 12:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)DRV:64bit: - [2013-08-22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)DRV:64bit: - [2013-08-22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)DRV:64bit: - [2013-08-22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)DRV:64bit: - [2013-08-22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)DRV:64bit: - [2013-08-22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)DRV:64bit: - [2013-08-22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2013-08-22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)DRV:64bit: - [2013-08-22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2013-08-22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)DRV:64bit: - [2013-08-22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)DRV:64bit: - [2013-08-22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)DRV:64bit: - [2013-08-22 12:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)DRV:64bit: - [2013-08-22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)DRV:64bit: - [2013-08-22 12:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)DRV:64bit: - [2013-08-22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)DRV:64bit: - [2013-08-22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)DRV:64bit: - [2013-08-22 11:27:46 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)DRV:64bit: - [2013-08-22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)DRV:64bit: - [2013-08-13 00:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)DRV:64bit: - [2013-08-10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)DRV:64bit: - [2013-07-31 19:25:45 | 001,975,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTWlanU.sys -- (RtlWlanu)DRV:64bit: - [2013-07-30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)DRV:64bit: - [2013-07-25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)DRV:64bit: - [2013-07-04 10:22:20 | 000,066,560 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88179_178a.sys -- (AX88179)DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013-01-05 10:11:08 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)DRV:64bit: - [2013-01-05 10:11:08 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)DRV:64bit: - [2013-01-05 10:10:03 | 000,017,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\leymc.sys -- (leymc)DRV:64bit: - [2012-11-24 06:42:18 | 000,461,624 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2012-11-06 14:04:20 | 000,036,864 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)DRV:64bit: - [2012-09-03 06:26:02 | 001,609,376 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)DRV:64bit: - [2012-09-01 11:22:22 | 000,696,464 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtkBtfilter.sys -- (RtkBtFilter)DRV:64bit: - [2012-08-25 03:10:12 | 000,981,112 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)DRV:64bit: - [2012-07-20 10:09:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)DRV:64bit: - [2012-07-13 09:50:40 | 000,361,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)DRV:64bit: - [2012-07-13 09:50:34 | 000,096,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)DRV:64bit: - [2012-07-13 09:50:32 | 000,228,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)DRV:64bit: - [2012-07-02 08:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2012-06-19 00:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2012-06-15 06:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)DRV:64bit: - [2012-06-14 02:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)DRV:64bit: - [2005-09-23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)DRV - [2013-12-16 14:34:30 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.comIE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{721DC94E-F4CD-42AB-BA0D-466FF61E92A1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{721DC94E-F4CD-42AB-BA0D-466FF61E92A1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data]IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = PreserveIE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\..\SearchScopes,DefaultScope = {564FF2E6-9F50-40FC-8C03-7E2902043B50}IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\..\SearchScopes\{564FF2E6-9F50-40FC-8C03-7E2902043B50}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}IE - HKU\S-1-5-21-231642352-623416637-1905510808-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Harrie_Terhorst\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Harrie_Terhorst\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014-02-14 20:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harrie_Terhorst\AppData\Roaming\mozilla\Firefox\Profiles\extensions[2013-06-30 09:44:04 | 000,242,624 | ---- | M] () (No name found) -- C:\Users\Harrie_Terhorst\AppData\Roaming\mozilla\firefox\profiles\extensions\fhdp3@freehdsp.tv.xpi ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.google.nl/CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllCHR - plugin: IntelÂ® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllCHR - plugin: IntelÂ® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllCHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dllCHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dllCHR - Extension: Google Documenten = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Adblock Plus = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\CHR - Extension: Google Zoeken = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: Google Mail Checker = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\CHR - Extension: Google Wallet = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\CHR - Extension: Google Chrome to Phone = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\CHR - Extension: MyHarmony Chrome Plugin = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf\1.2.0.0_0\CHR - Extension: Gmail = C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013-08-22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)O4:64bit: - HKLM..\Run: [btServer] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe (Realtek Semiconductor Corporation)O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe ()O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Lenovo Transition] C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe (Lenovo)O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)O4:64bit: - HKLM..\Run: [synLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)O4:64bit: - HKLM..\Run: [yogaserver] C:\ProgramData\YogaSmartSwicth\yogaserver.exe ()O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332STI.EXE (Vimicro)O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)O4 - Startup: C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O4 - Startup: C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O8:64bit: - Extra context menu item: Afbeelding verzenden naar Bluetooth-apparaat - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm ()O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)O8:64bit: - Extra context menu item: Pagina verzenden naar Bluetooth-apparaat - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm ()O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)O8:64bit: - Extra context menu item: Send image to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm ()O8:64bit: - Extra context menu item: Send page to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm ()O8 - Extra context menu item: Afbeelding verzenden naar Bluetooth-apparaat - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm ()O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Pagina verzenden naar Bluetooth-apparaat - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm ()O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)O8 - Extra context menu item: Send image to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie_ctx.htm ()O8 - Extra context menu item: Send page to Bluetooth Device - C:\Program Files (x86)\Realtek\Realtek Bluetooth\btsendto_ie.htm ()O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.104.196 213.46.228.196O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{056A7E73-B38D-4DA3-AB17-FAE68F3E6275}: DhcpNameServer = 62.179.104.196 213.46.228.196O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A82160DD-72B9-46E5-94A3-2BFBB0A78AA1}: DhcpNameServer = 62.179.104.196 213.46.228.196O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C288C22B-BA5F-45FE-AC89-195C662F340D}: DhcpNameServer = 62.179.104.196 213.46.228.196O18:64bit: - Protocol\Handler\osf - No CLSID value foundO18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27:64bit: - HKLM IFEO\lenovo transition.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27:64bit: - HKLM IFEO\motioncontrol.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27:64bit: - HKLM IFEO\pmbbrowser.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27:64bit: - HKLM IFEO\pmbinit.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27:64bit: - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27 - HKLM IFEO\lenovo transition.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27 - HKLM IFEO\motioncontrol.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27 - HKLM IFEO\pmbbrowser.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27 - HKLM IFEO\pmbinit.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O27 - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)O30 - LSA: Security Packages - (livessp) - File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2013-08-18 22:39:09 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O33 - MountPoints2\{8711b680-31db-11e3-bead-80f9d4e77867}\Shell - "" = AutoRunO33 - MountPoints2\{8711b680-31db-11e3-bead-80f9d4e77867}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe" O33 - MountPoints2\{b3e6f6bd-4405-11e3-beb4-000ec6817901}\Shell - "" = AutoRunO33 - MountPoints2\{b3e6f6bd-4405-11e3-beb4-000ec6817901}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe" O34 - HKLM BootExecute: (autocheck autochk *)O34 - HKLM BootExecute: (sh4native Sh4Removal)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014-03-14 18:03:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2014-03-14 17:43:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT[2014-03-12 18:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG[2014-03-08 19:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner[2014-03-01 15:50:47 | 000,040,248 | ---- | C] (AVG) -- C:\WINDOWS\SysNative\TURegOpt.exe[2014-03-01 15:50:47 | 000,029,496 | ---- | C] (AVG) -- C:\WINDOWS\SysNative\authuitu.dll[2014-03-01 15:50:47 | 000,025,400 | ---- | C] (AVG) -- C:\WINDOWS\SysWow64\authuitu.dll[2014-03-01 15:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014-03-16 20:59:45 | 001,823,174 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI[2014-03-16 20:59:45 | 000,812,244 | ---- | M] () -- C:\WINDOWS\SysNative\perfh013.dat[2014-03-16 20:59:45 | 000,728,134 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat[2014-03-16 20:59:45 | 000,164,488 | ---- | M] () -- C:\WINDOWS\SysNative\perfc013.dat[2014-03-16 20:59:45 | 000,137,954 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat[2014-03-16 20:56:34 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2014-03-16 20:55:18 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2014-03-16 20:54:33 | 3334,696,960 | -HS- | M] () -- C:\hiberfil.sys[2014-03-16 20:54:33 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys[2014-03-16 16:27:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2014-03-16 15:21:41 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001UA.job[2014-03-13 19:17:35 | 000,661,056 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT[2014-03-12 18:14:39 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk[2014-03-09 18:26:56 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home.lnk[2014-03-09 18:26:56 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home Help.lnk[2014-03-08 20:08:18 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-231642352-623416637-1905510808-1001Core.job[2014-03-08 19:38:20 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2014-03-02 19:42:04 | 000,000,000 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Local\RegisteredPackageInformation.xml[2014-03-01 16:09:23 | 000,001,438 | ---- | M] () -- C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk[2014-03-01 15:50:46 | 000,002,244 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-klik Onderhoud.lnk[2014-03-01 15:50:46 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk[2014-02-23 12:39:47 | 000,001,140 | ---- | M] () -- C:\Users\Harrie_Terhorst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk[2014-02-18 21:18:49 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2014-03-13 17:59:10 | 000,386,722 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml[2014-03-08 19:38:20 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2014-03-01 16:09:23 | 000,001,438 | ---- | C] () -- C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2013.lnk[2014-03-01 15:50:46 | 000,002,244 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-klik Onderhoud.lnk[2014-03-01 15:50:46 | 000,002,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk[2014-03-01 15:50:46 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk[2014-02-17 20:05:22 | 3334,696,960 | -HS- | C] () -- C:\hiberfil.sys[2014-01-22 20:25:51 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll[2013-12-23 18:15:36 | 000,003,584 | ---- | C] () -- C:\Users\Harrie_Terhorst\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2013-11-04 21:54:09 | 000,003,349 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat.temp[2013-10-18 15:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\dlumd9.dll[2013-10-18 15:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\dlumd11.dll[2013-10-18 15:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\dlumd10.dll[2013-10-03 22:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll[2013-10-03 22:42:40 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll[2013-10-03 22:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll[2013-08-22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat[2013-08-22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT[2013-08-22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2013-08-22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin[2013-08-22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll[2013-08-22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll[2013-08-22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat[2013-08-19 13:27:56 | 000,000,000 | ---- | C] () -- C:\Users\Harrie_Terhorst\AppData\Local\RegisteredPackageInformation.xml[2013-04-04 18:50:06 | 000,000,600 | ---- | C] () -- C:\Users\Harrie_Terhorst\AppData\Local\PUTTY.RND[2013-03-17 13:01:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\SysWow64\srvany.exe[2013-02-16 17:44:24 | 000,236,675 | ---- | C] () -- C:\WINDOWS\hpwins05.dat[2013-02-16 17:44:24 | 000,003,349 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat[2013-02-03 07:03:04 | 000,016,435 | ---- | C] () -- C:\Users\Harrie_Terhorst\AppData\Roaming\AbsoluteReminder.xml[2013-01-05 10:04:25 | 000,451,072 | ---- | C] () -- C:\WINDOWS\SysWow64\ISSRemoveSP.exe[2013-01-05 10:04:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\runSW.exe[2013-01-05 10:04:13 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl[2013-01-05 10:01:58 | 000,001,915 | ---- | C] () -- C:\WINDOWS\vm332Rmv.ini[2013-01-05 10:01:58 | 000,001,915 | ---- | C] () -- C:\WINDOWS\SysWow64\vm332Rmv.ini[2012-07-25 21:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin[2012-07-25 21:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin[2012-04-20 22:59:44 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013-12-23 17:43:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013-11-23 12:49:06 | 021,196,664 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013-11-23 09:19:35 | 018,642,504 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014-03-12 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software[2014-03-12 18:14:39 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software[2013-11-18 21:59:38 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\.ACEStream[2014-02-14 20:29:42 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\42800797[2013-11-18 21:59:38 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\ACEStream[2013-10-18 15:53:44 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Actual Tools[2014-02-14 20:17:44 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\AVG[2014-02-14 20:08:59 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\AVG2014[2014-03-10 22:12:56 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Belastingdienst[2014-03-16 20:56:18 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Dropbox[2013-02-20 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\IDM[2013-05-10 14:14:57 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Leadertech[2013-04-29 10:14:20 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\MAGIX[2014-02-18 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\MediaMonkey[2013-02-16 17:28:10 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Nitro PDF[2013-02-16 14:06:52 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\Spotnet[2014-02-14 20:08:35 | 000,000,000 | ---D | M] -- C:\Users\Harrie_Terhorst\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 220 bytes -> C:\Users\Harrie_Terhorst\SkyDrive:ms-properties < End of report >
- March 16, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

Thanks for your reply. During start up I still see the messages. It is not removed yet.
- March 16, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

Here is the result from step 2: # AdwCleaner v3.022 - Report created 14/03/2014 at 18:08:56# Updated 13/03/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : Harrie_Terhorst - HARRIE# Running from : C:\Users\Harrie_Terhorst\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\Program Files (x86)\AVG Nation toolbarFolder Deleted : C:\Program Files (x86)\FreeHDSport TVFolder Deleted : C:\Program Files (x86)\FreeHDSport.TVFolder Deleted : C:\Users\HARRIE~1\AppData\Local\Temp\apnFile Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnkFile Deleted : C:\Users\HARRIE~1\AppData\Local\Temp\Uninstall.exeFile Deleted : C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorageFile Deleted : C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage-journalFile Deleted : C:\WINDOWS\System32\Tasks\Dealply ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfoKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbdbmopeebalgaeghmjoegpkngglikgnKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535536}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12C1F3F5-4FB2-4191-A1FD-CA464E6823C0}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FA9C2C7-B82C-4944-B077-E1D8EA9E2B3D}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{730C3A0D-8C88-468A-B617-7E9913DD6ABC}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA267627-1EF3-4619-A982-8B57C636CA73}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C11CE4D0-9C73-491D-A95C-23C0B7BBD490}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535536}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536636}Key Deleted : HKCU\Software\AppDataLow\Software\FreeHDSport TVKey Deleted : HKLM\Software\FreeHDSport TVKey Deleted : HKLM\Software\PIPKey Deleted : [x64] HKLM\SOFTWARE\Tarma Installer ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v -\\ Google Chrome v33.0.1750.146 [ File : C:\Users\Harrie_Terhorst\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4665 octets] - [14/03/2014 18:03:56]AdwCleaner[s0].txt - [3887 octets] - [14/03/2014 18:08:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3947 octets] ##########
- March 14, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

Thanks for the reply. Here is the text from step 1 JRT.txt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.2 (02.20.2014:1)OS: Windows 8.1 x64Ran by Harrie_Terhorst on vr 14-03-2014 at 17:43:44,23~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exeFailed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossriderFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355535536}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366536636}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550355535536}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366536636}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355535536}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366536636}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355535536}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366536636}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{54B0371E-C2AA-4A32-AB9A-8D4F30141D79}Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\apn"Successfully deleted: [Folder] "C:\Users\Harrie_Terhorst\appdata\local\apn"Failed to delete: [Folder] "C:\Program Files (x86)\freehdsport.tv" ~~~ Chrome Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfoFailed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on vr 14-03-2014 at 17:56:47,12End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- March 14, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

I removed the 2 applications and then a scan with this result: Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300 www.malwarebytes.org Databaseversie: v2014.03.13.06 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16518 Harrie_Terhorst :: HARRIE [administrator] Bescherming: Ingeschakeld 13-3-2014 19:01:41 mbam-log-2014-03-13 (19-01-41).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: Heuristiek/Extra | P2P Objecten gescand: 50094 Verstreken tijd: 7 minuut/minuten, 4 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) The problem is still there after a restart of the pc Thanks
- March 13, 2014
- 45 replies
Enigma spyhunter problems

Harrie1 replied to Harrie1's topic in Resolved Malware Removal Logs

Hello, here is the info from the file Extras.txt OTL Extras logfile created on: 9-3-2014 17:25:44 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Harrie_Terhorst\Downloads64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.16518)Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy 3,88 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 55,79% Memory free4,57 Gb Paging File | 2,74 Gb Available in Paging File | 59,91% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)Drive C: | 92,57 Gb Total Space | 46,06 Gb Free Space | 49,76% Space Free | Partition Type: NTFSDrive D: | 4,00 Gb Total Space | 2,29 Gb Free Space | 57,21% Space Free | Partition Type: NTFS Computer Name: HARRIE | User Name: Harrie_Terhorst | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation).url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_USERS\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htafile [open] -- "%1" %*htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htafile [open] -- "%1" %*htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]"UpgradeTime" = [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]"UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{14393207-60E8-4579-9BA3-4B3B93A1E5FC}" = lport=62910 | protocol=6 | dir=out | name=java max 62910 | "{16B53B57-3852-492A-957F-89A57DB827F4}" = lport=62910 | protocol=6 | dir=out | name=java max 62910 | "{1B57D4D2-BDA8-4C0C-B74E-2C8132376457}" = lport=62910 | protocol=6 | dir=in | name=java max 62910 | "{1C88E7FD-1B1F-442B-8BC0-15D5485C5A2E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{208CA954-FAF1-4354-AAEE-48798894E1F7}" = lport=62910 | protocol=6 | dir=out | name=java max 62910 | "{22E67994-C517-442E-B0D9-9BE2DC1F9AB0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{28E9B38E-24F6-4020-9D1B-C409A4409306}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{2B2DF26E-FD88-45E7-9A8A-B85469E879EB}" = lport=23272 | protocol=17 | dir=in | name=java max 23272 | "{2E0F0012-E129-44C2-8DC3-B089CDB4DACC}" = lport=23272 | protocol=17 | dir=in | name=java max 23272 | "{3FCD5E0E-9977-4F77-9678-5F4CF63F74DB}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe | "{45C401AC-7B8D-4EBE-9574-5DEB5D1F8A9C}" = lport=62910 | protocol=6 | dir=out | name=java max 62910 | "{50135D88-010C-4356-94F1-5615E6860B3C}" = lport=23272 | protocol=17 | dir=out | name=java max 23272 | "{50879C88-B656-4923-A650-0B60D8170C2B}" = lport=23272 | protocol=17 | dir=out | name=java max 23272 | "{8095F460-99D5-4CCA-BFC7-36FE9E11B3BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{92DC108E-34A4-4758-BB73-2C23CB7353BC}" = lport=23272 | protocol=17 | dir=in | name=java max 23272 | "{99D8059E-7514-468C-88AA-38F79080F165}" = lport=10243 | protocol=6 | dir=in | app=system | "{B14D3DF5-009D-4D6F-8F48-A68026A3E96B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B441F041-5D27-475C-92E8-436E219C9AB8}" = lport=62910 | protocol=6 | dir=in | name=java max 62910 | "{C5436ABB-6D9D-42EF-808D-9C736E7E5F9A}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe | "{C694975B-D0C4-40D3-A20C-F51E1330C352}" = lport=23272 | protocol=17 | dir=out | name=java max 23272 | "{C9EE1782-59B5-46F7-941B-62CAC1A1234E}" = lport=23272 | protocol=17 | dir=out | name=java max 23272 | "{D2DA54CD-EE19-4BED-9E0F-388135F57F06}" = lport=62910 | protocol=6 | dir=in | name=java max 62910 | "{D4333243-47C5-4D16-8226-9E41A81D96AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DC899D63-3CA5-4AA6-9687-8786F382CE3B}" = lport=2869 | protocol=6 | dir=in | app=system | "{DD44E6A0-1A43-4183-AC52-C23D0385F0BE}" = lport=62910 | protocol=6 | dir=in | name=java max 62910 | "{EB329AC4-CD7D-4D07-B45C-672022DD1A4E}" = lport=23272 | protocol=17 | dir=in | name=java max 23272 | "{ED30C3BB-1044-4311-8B29-6CA27C8F6DC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F5779C10-EE54-45B3-A02F-992E80994AAD}" = lport=1900 | protocol=17 | dir=in | app=c:\program files (x86)\sony\playmemories home\pmbbrowser.exe | "{F6AF35DC-3962-431E-BE6C-FDC44226C548}" = rport=10243 | protocol=6 | dir=out | app=system | "{FAEB6912-049B-4B72-B22A-BA04448570F4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{01534924-6F57-4BF7-9319-59A20F8AB2F4}" = dir=out | name=trackseries | "{0510A9DF-8988-4E8E-98E9-515F8A668FC4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{09FE6D66-7EC6-42F8-AB5E-BF3FEB3B0A8B}" = dir=out | name=f5 vpn | "{0A00A1CC-EE2F-4725-91E4-1B36B95FF826}" = dir=out | name=lenovo companion | "{0A678835-6528-48BF-B7C7-53EE0B940B1C}" = dir=in | name=juniper networks junos pulse | "{0EB1F8B1-ACFD-487C-BD9E-5B9185C44A6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{e6a512d4-e5fb-4d42-8e83-d87f3a760802}\setup\hpznui40.exe | "{15B1C159-AA72-4413-878E-DD5885023279}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{166A6D7D-8050-4168-A5A6-375D6D23283E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1697739A-DD46-4E27-BCC1-C658FE5C0222}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{18671729-A299-4C1D-B605-B006D596F6B7}" = dir=out | name=netflix | "{1876BACD-9C97-4A40-8F20-98A85D93B8CC}" = dir=out | name=woordenboek nl | "{19355F58-44A8-4CA6-AEE8-0FECFC933BA8}" = dir=out | name=vitesse nieuws | "{1A45AECB-4E9C-4D7E-9029-9D4C36C011F0}" = dir=in | name=wd | "{1BD99066-38E5-48A3-AEBD-277F83908EC4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{23EAC28A-97F4-430E-802F-318B51EFF6D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{242EF4F8-C223-46B0-ACD4-E624FB79CC12}" = dir=out | name=dropbox | "{2785389F-EE4F-44FF-88D8-29740CA5C52E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | "{2AF57265-3243-4C4B-BFB9-0C60D73F04C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{2C02CC01-FCD1-4109-B2AF-3B5742F87201}" = dir=out | name=nu.nl | "{2F214D27-A02E-4A58-8471-34C08D62806E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3386DB24-6F52-413C-A59E-D7332DA88937}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe | "{35433AE7-8854-4817-B7C0-9969768953F2}" = dir=out | name=accuweather for windows 8 | "{35514EA6-8AF8-4C49-9D7E-CAC554BEE0AE}" = dir=out | name=windows_ie_ac_001 | "{35A86677-4428-4B47-85E0-43AAC621CAA0}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{3B183F7C-9E20-4394-A6B2-1D17BC515EF3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | "{3BD9F312-5C25-4107-B488-8AF633483E55}" = dir=out | name=sonicwall mobile connect | "{3CB5E1BD-E02C-4E9D-8029-03CE030F03F6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{3CE5EB4C-EFE9-4735-83C7-D2DF399F157E}" = dir=in | name=microsoft minesweeper | "{3DF09878-2DD1-4EDF-BE03-FABDCCF69082}" = dir=in | name=skype | "{3F0439C6-1340-43F7-ADDB-F88A33E79103}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{4562E218-C2D2-478A-8DD7-66DEA97AB4AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{499FBC7E-B6C1-490D-BB44-312725C95036}" = dir=out | name=juniper networks junos pulse | "{4B1A5E99-4EC4-4C23-9641-8269F6C932E3}" = protocol=17 | dir=in | app=c:\users\harrie_terhorst\appdata\roaming\dropbox\bin\dropbox.exe | "{4B740B1A-F711-433E-8828-221CD1A4298A}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe | "{52C41EB0-ED71-4220-8EAF-DACC9E065B17}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\playmemories home\pmbbrowser.exe | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{5F5CA56A-AE5A-48DE-BB2E-2221B36D512A}" = dir=out | name=facebook | "{63DC5ECE-95E5-43E2-BD37-EA4822ACC2A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{66A10EFB-583C-402A-80F2-ADFA20C89617}" = dir=out | name=skype | "{6A4D9E67-7FF0-4BCC-88AD-8AE8B876756D}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe | "{6AC80DDA-BF82-40E7-AF27-20561A76BF3C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | "{6DB0F062-5043-4653-A783-0950B24367A6}" = dir=out | name=check point vpn | "{6E46DD8A-08B4-41A0-84DE-E87C0647421A}" = dir=out | name=canon inkjet print utility | "{6F12944D-4CAC-45A9-A7B2-D29217FF3BDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7025CA56-6865-4D13-A9EC-6235C8902D80}" = dir=out | name=fokke & sukke | "{733F857C-6404-4289-B5AC-73C53F55E05A}" = dir=out | name=lenovo support | "{7BED7EE1-D31D-4131-8E37-6052EFDB0E71}" = dir=out | name=tvgids.nl | "{7E705AEA-8198-452E-A008-18BF9E7DD149}" = dir=out | name=nos | "{7F09FBB6-8229-4C1E-82D4-A2D19997AED5}" = dir=out | name=kindle | "{804DD113-2D9A-4C06-A4D5-3BA1559FE8C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{80F7D88E-BF37-48B2-B60E-930ADAC68C90}" = dir=out | name=windows_ie_ac_001 | "{8AA165B0-5470-4C99-B342-0BC9FA10DE94}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{911F8149-1AF5-4B82-A8D6-7FE143B39E73}" = dir=in | name=sonicwall mobile connect | "{9E2D6265-ECFF-4CE5-9870-79DE139E51E1}" = dir=in | name=f5 vpn | "{A27D8349-5EFF-47F9-B50D-067238904071}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | "{A4045EF1-EEBD-4801-9FF9-EBBB9E713F0C}" = dir=out | name=rara music | "{A7136434-F7E0-4D68-804D-25B501954A2E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{A87DA9C9-CFDA-4CB1-A8C9-9F9594DE6C6B}" = dir=in | app=c:\users\harrie_terhorst\appdata\local\microsoft\skydrive\skydrive.exe | "{AB397E52-9729-4BE9-A9FE-B4893C01BB2C}" = dir=out | name=mahjong deluxe free | "{B29BB78A-C8D0-4818-90D6-E4E33688C464}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{B830EC4D-60B4-4094-B23D-566FA706D2AD}" = protocol=6 | dir=in | app=c:\users\harrie_terhorst\appdata\roaming\dropbox\bin\dropbox.exe | "{C0C980B2-8B29-4B82-971A-72A6797723C7}" = dir=out | name=microsoft solitaire collection | "{C2A4BB40-1396-4C36-97BF-7343FA13EBE8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | "{C60410DC-84B9-4468-97C6-CC1533D9DC9E}" = protocol=6 | dir=out | app=system | "{C71003CA-DDB5-40E1-A517-A25A6593142B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C71EFC99-0ECB-4EBB-A851-5E9A0DF9707B}" = dir=in | name=rara music | "{C7BEC2F7-65AC-4694-9A46-C7F98C40E0C3}" = dir=out | name=teletekst | "{C9513BE1-93B3-4F6F-AA0E-E76D9D325F8D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{CA5DD065-ED71-453F-85E8-91C6A70D3FB8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | "{CF2475A5-868B-43C1-83AF-0F382FF16544}" = dir=out | name=youp | "{D4A64DD4-4E67-4882-AE3D-5F4976195B19}" = dir=in | name=check point vpn | "{D50EB254-264C-46AB-B700-3E6C251B139C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | "{D52B760E-DE0F-47D1-9FBB-36ABE2E1D0F6}" = dir=out | name=tweakers.net | "{D5B74603-8BB0-4590-8C80-4616F337FB0D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{D73E926A-BE01-4098-8479-7A10E74E386C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{D8D517A9-31E8-444B-B61E-E1F3ED9CCEB5}" = dir=out | name=twitter | "{DA3A27D3-4AB0-43B7-B80D-9A17945BF787}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{DFC1ACC6-94D7-41F8-B893-E0401A7AEDC0}" = dir=in | name=microsoft solitaire collection | "{E079BBB4-A519-4E06-A3FC-493B3D1B8E1B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe | "{E2B3180D-2D88-4671-AFD3-47FFA3656C26}" = dir=out | name=wd | "{E392CA80-F416-461B-8F24-10CDC02F8AC4}" = dir=out | name=hydro thunder hurricane | "{E4AB7556-F0EB-44AC-8144-8C8F2A4564E2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | "{E6C28B28-95EF-4122-878A-5F6350FB753E}" = dir=out | name=feyenoordnieuws | "{EA5DF2DF-D146-4F83-95E7-8D2CA70A4FD7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{ED920BBD-4AAB-4BB0-AE47-08BAEA30E8AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{EEABE2F2-189B-4958-96C9-6359BE369D80}" = dir=out | name=microsoft minesweeper | "{F49C1F0D-B831-4950-AB42-0D719FFDF8FD}" = dir=out | name=google search | "{F49FEE79-60A3-49C1-9B8A-E3A6DB3B0C66}" = dir=out | name=fiction book reader lite | "{F4B9F7F9-840E-499B-8732-F053B94A4A82}" = dir=in | name=canon inkjet print utility | "{F4E1156E-277E-43A2-8BFC-1A10987110EB}" = dir=out | name=sudoku free | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F72953E0-369A-4933-AC57-688BE8A31C18}" = dir=out | name=rtl xl | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "{F7AE7E44-30E8-43CC-971B-D4C6CC1E4760}" = dir=out | name=npo uitzending gemist | "{FA38778A-0967-477C-BA1D-CCB58A6FFC54}" = dir=out | name=windows_ie_ac_001 | "{FF724A18-B382-4592-ABAA-B06CB9A7485F}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe | "{FFE0DE1E-CA9D-42B5-9C64-8683138BA400}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | "TCP Query User{19AAABF1-B59C-4C4C-B8B7-660B92670E9C}C:\program files (x86)\sabnzbd\sabnzbd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sabnzbd\sabnzbd.exe | "TCP Query User{2B03FCD3-893E-4DD9-85D4-5837D2DAB38C}C:\users\harrie_terhorst\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\harrie_terhorst\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{6C64C68E-BF16-4D96-AB57-5569902BF804}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | "TCP Query User{852E76A5-6DE4-4F13-A2E6-C52D29686C27}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{A0C974B4-E49B-4E24-98B9-6EF2B5ED3A60}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{A40C202F-2161-46A2-B408-680D41937575}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{CDC43676-2825-4F54-8BE4-FB6298DC44D7}C:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sonos\sonos.exe | "TCP Query User{DAAC4B54-EDE3-4CE2-874F-950EDD1B9038}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{403329F9-A604-4154-B2DA-D28D1A0358A0}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{68CDE30C-14B8-425E-B261-A0317AA6CAA9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{9C3B9586-E583-4FC7-9D0D-A17C775159B3}C:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sonos\sonos.exe | "UDP Query User{AC0C93BF-B0D5-494A-9444-4B70A34CAFBE}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{BD9A0710-8C56-4855-8803-A11DE8168ACE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{C96D5E47-3385-44F9-AAD1-1950D6DD6BEC}C:\program files (x86)\sabnzbd\sabnzbd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sabnzbd\sabnzbd.exe | "UDP Query User{EF4AB29D-4027-4D38-9A3D-3528EA9CEA01}C:\users\harrie_terhorst\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\harrie_terhorst\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{F130CE5C-A748-4EE1-AF76-66EAF9B04BCF}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{20E0665F-E4EE-4E2A-8E86-EFC65129FE41}" = MergeModule_x64"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)"{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{57EA1945-DF48-4F44-8599-C273C5E23F35}" = DisplayLink Core Software"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle videodriver"{78932FC4-1215-4A11-BC25-7F1B846474D3}" = Update for Microsoft en-us Dictionary"{7C4C5901-A58F-4018-A93B-01C93EF8D3F3}" = AVG 2014"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component"{A5C6F9B8-8277-4C1A-8E83-EFADA80A79CF}" = DisplayLink Graphics"{B5CF4CFE-3080-4436-A8A5-00CFDC0F7918}" = MAGIX Video deluxe Premium 2013 Update"{DE8DF526-74E8-4ED3-880B-B6049D2E00AC}" = SOHLib for PlayMemories Home"{DFB2D93E-DEAE-4DF5-8863-CE2AB8F0B6AB}" = AVG 2014"{E6A512D4-E5FB-4D42-8E83-D87F3A760802}" = HP OfficeJet L7300/L7500/7600/7700"{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer"71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42" = Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1)"8A223E56FB1ED4F697B54E5BF96F1EB63B512684" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733)"AVG" = AVG 2014"CCleaner" = CCleaner"HP Imaging Device Functions" = HP Imaging Device Functions 14.0"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0"HPOCR" = OCR Software by I.R.I.S. 14.0"Lenovo Transition" = Lenovo Transition"Motion Control" = Motion Control"O365HomePremRetail - nl-nl" = Microsoft Office 365 voor Thuisgebruik Premium - nl-nl"SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01BD4FC9-2F86-4706-A62E-774BB7E9D308}" = AVG PC TuneUp 2014"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox"{2B7885B0-27A9-11E0-91FA-0800200C9A66}" = Max Local Application"{2E9E5756-B244-4096-94E3-BFCB961B75F2}" = ProductContext"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module"{555E1FDF-9BF4-4943-BF75-C7DE98F7CF8A}" = AVG PC TuneUp 2014 (nl-NL)"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status"{5D47D0E9-1DD3-4A11-8AE1-D41566BFFD10}" = L7600"{5FC13A4C-BC27-4414-A2E4-9E2277AA88AE}" = PlayMemories Home"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software (x86)"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component"{90150000-008C-0413-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax"{9615E45B-7670-4D17-9ED5-28B9E936EEDD}" = 7500_7600_7700_Help1"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14"{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Nederlands"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}" = Lenovo EasyCamera"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update"{B20316C8-F453-46E1-9BBD-607D584400EA}" = Spotnet"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4"{B6322D12-A133-4128-8306-DAFFF7231152}" = REALTEK Wireless LAN and Bluetooth Driver"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm"{FACA2377-913E-4BF4-BC7B-6DEF40614218}" = BPDSoftware"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology"Aangifte inkomstenbelasting 2012" = Aangifte inkomstenbelasting 2012"Aangifte inkomstenbelasting 2013" = Aangifte inkomstenbelasting 2013"Actual Multiple Monitors_is1" = Actual Multiple Monitors 8.0.1"Adobe Shockwave Player" = Adobe Shockwave Player 12.0"AVG Nation toolbar" = AVG Nation toolbar"AVG PC TuneUp" = AVG PC TuneUp 2014"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel® Dynamic Platform and Thermal Framework"Google Chrome" = Google Chrome"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio"Lenovo Dependency Package_is1" = Lenovo Dependency Package"Lightspark" = Lightspark 0.5.3-git"Magic Bullet Looks Studio" = Magic Bullet Looks Studio"MAGIX_{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)"MAGIX_{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.75.0.1300"MediaMonkey_is1" = MediaMonkey 4.1"optimizer_chrome" = Widevine Media Optimizer Chrome 6.0.0"QuickPar" = QuickPar 0.9"Red Giant ToonIt Studio" = Red Giant ToonIt Studio"SABnzbd" = SABnzbd 0.7.11"SopCast" = SopCast 3.8.2"Spotnet 1.8.1.1" = Spotnet"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio"Trapcode Particular Studio" = Trapcode Particular Studio"Trapcode Shine Studio" = Trapcode Shine Studio"Veetle TV" = Veetle TV"VLC media player" = VLC media player 2.1.1"WD Link" = WD Link"WinRAR archiver" = WinRAR 4.20 (32-bit) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-231642352-623416637-1905510808-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Dropbox" = Dropbox"optimizer_chrome" = Widevine Media Optimizer Chrome 6.0.0"optimizer_ie" = Widevine Media Optimizer IE 6.0.0"SkyDriveSetup.exe" = Microsoft SkyDrive"UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 20-10-2013 11:14:08 | Computer Name = Harrie | Source = Microsoft-Windows-Immersive-Shell | ID = 5973Description = Het activeren van de app DefaultBrowser_NOPUBLISHERID!Chrome is mislukt door de fout -2144927148. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error - 20-10-2013 11:16:20 | Computer Name = Harrie | Source = Customer Experience Improvement Program | ID = 1008Description = Error - 21-10-2013 14:29:44 | Computer Name = Harrie | Source = DptfPolicyLpmServiceHelper | ID = 131073Description = Error - 21-10-2013 14:29:44 | Computer Name = Harrie | Source = DptfPolicyLpmServiceHelper | ID = 131073Description = Error - 21-10-2013 14:29:47 | Computer Name = Harrie | Source = Microsoft-Windows-Immersive-Shell | ID = 5973Description = Het activeren van de app DefaultBrowser_NOPUBLISHERID!Chrome is mislukt door de fout -2144927148. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error - 21-10-2013 14:42:29 | Computer Name = Harrie | Source = Microsoft-Windows-Immersive-Shell | ID = 5973Description = Het activeren van de app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 is mislukt door de fout -2147023174. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error - 21-10-2013 15:59:24 | Computer Name = Harrie | Source = Customer Experience Improvement Program | ID = 1008Description = Error - 21-10-2013 15:59:35 | Computer Name = Harrie | Source = Microsoft-Windows-Immersive-Shell | ID = 5973Description = Het activeren van de app DefaultBrowser_NOPUBLISHERID!Chrome is mislukt door de fout -2144927148. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error - 21-10-2013 15:59:44 | Computer Name = Harrie | Source = DptfPolicyLpmServiceHelper | ID = 131073Description = Error - 21-10-2013 15:59:44 | Computer Name = Harrie | Source = DptfPolicyLpmServiceHelper | ID = 131073Description = [ System Events ]Error - 2-3-2014 15:03:12 | Computer Name = Harrie | Source = Service Control Manager | ID = 7034Description = De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error - 2-3-2014 15:06:58 | Computer Name = Harrie | Source = Service Control Manager | ID = 7034Description = De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error - 2-3-2014 16:13:57 | Computer Name = Harrie | Source = Service Control Manager | ID = 7034Description = De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error - 2-3-2014 16:37:45 | Computer Name = Harrie | Source = Service Control Manager | ID = 7034Description = De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error - 2-3-2014 17:01:07 | Computer Name = Harrie | Source = Service Control Manager | ID = 7034Description = De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error - 2-3-2014 17:13:53 | Computer Name = Harrie | Source = Service Control Manager | ID = 7034Description = De Conexant Audio Message Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd. Error - 2-3-2014 17:27:50 | Computer Name = Harrie | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x80246007: Windows Malicious Software Removal Tool for Windows 8, 8.1 and Windows Server 2012, 2012 R2 x64 Edition - February 2014 (KB890830). Error - 2-3-2014 17:37:55 | Computer Name = Harrie | Source = DCOM | ID = 10016Description = Error - 2-3-2014 17:37:55 | Computer Name = Harrie | Source = DCOM | ID = 10016Description = Error - 2-3-2014 17:37:55 | Computer Name = Harrie | Source = DCOM | ID = 10016Description = < End of report >
- March 9, 2014
- 45 replies

Events

Profiles

Forums

Everything posted by Harrie1

Important Information