Need a check [Solved]
Started by
Samballen
, Apr 28 2013 06:09 AM
This topic is locked
#16
Posted 30 April 2013 - 08:26 AM
Samballen
- Topic Starter
-
- Banned
-
- 76 posts
Member
#17
Posted 30 April 2013 - 08:35 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Which programme is causing the error ?
#18
Posted 30 April 2013 - 09:20 AM
Samballen
- Topic Starter
-
- Banned
-
- 76 posts
Member
I told name eralier, no idea what kid of program.
#19
Posted 30 April 2013 - 09:38 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
So explorer.exe keeps freezing
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
#20
Posted 30 April 2013 - 10:10 AM
Samballen
- Topic Starter
-
- Banned
-
- 76 posts
Member
Does ComboFix work on Windows 8?
#21
Posted 30 April 2013 - 11:01 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Nope, an option is to refresh windows 8... Do you have the windows CD ?
#22
Posted 30 April 2013 - 11:20 AM
Samballen
- Topic Starter
-
- Banned
-
- 76 posts
Member
No, and I don't want a re-install.
#23
Posted 30 April 2013 - 11:51 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
No it is not a re-install it is a refresh.. I.e. replacement of windows files
However, without a CD we cannot do that
Prior to the freezing did you install a new programme or update any drivers ?
Does the same thing happen if you start the computer in safe mode
However, without a CD we cannot do that
Prior to the freezing did you install a new programme or update any drivers ?
Does the same thing happen if you start the computer in safe mode
#24
Posted 01 May 2013 - 12:03 AM
Samballen
- Topic Starter
-
- Banned
-
- 76 posts
Member
No, and is only with that stupid program.
#25
Posted 01 May 2013 - 01:42 AM
Samballen
- Topic Starter
-
- Banned
-
- 76 posts
Member
Ok, I reinstall windows.
#26
Posted 01 May 2013 - 03:27 AM
Samballen
- Topic Starter
-
- Banned
-
- 76 posts
Member
Didn't have the CD.
But I screened that program!
http://www.imgdumper...4e26c0d-aaa.png
http://www.imgdumper...8f77bd3-bbb.png
But I screened that program!
http://www.imgdumper...4e26c0d-aaa.png
http://www.imgdumper...8f77bd3-bbb.png
#27
Posted 01 May 2013 - 07:35 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK it is Avast blocking that programme from running as it is a crack for some windows programmes like Office
Did you install KMSpico
Did you install KMSpico
#28
Posted 01 May 2013 - 07:44 AM
Samballen
- Topic Starter
-
- Banned
-
- 76 posts
Member
Yes, I think. I deleted it.
Can you chek what programs I can delete?
Can you chek what programs I can delete?
#29
Posted 01 May 2013 - 08:02 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Could you run a fresh OTL scan after uninstalling KMSpico and I will then remove any remnants. So explorer is not the problem
#30
Posted 01 May 2013 - 08:10 AM
Samballen
- Topic Starter
-
- Banned
-
- 76 posts
Member
OTL logfile created on: 1-5-2013 16:04:16 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark de Jager\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
11,86 Gb Total Physical Memory | 9,37 Gb Available Physical Memory | 79,07% Memory free
13,54 Gb Paging File | 10,87 Gb Available in Paging File | 80,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,42 Gb Total Space | 307,12 Gb Free Space | 68,19% Space Free | Partition Type: NTFS
Drive D: | 350,00 Mb Total Space | 308,92 Mb Free Space | 88,26% Space Free | Partition Type: NTFS
Computer Name: MARK-PC | User Name: Mark de Jager | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013-05-01 11:20:20 | 000,261,149 | -H-- | M] () -- C:\Program Files\KMSpico\5E31OO7XI2T.exe
PRC - [2013-05-01 10:20:20 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-04-28 13:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
PRC - [2013-04-27 19:43:48 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Mark de Jager\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013-04-19 16:00:08 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe
PRC - [2013-03-07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013-03-07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013-02-15 16:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013-01-15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012-12-25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012-12-16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2012-12-11 11:22:38 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-11-01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012-11-01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012-11-01 02:57:50 | 013,234,176 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012-11-01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012-09-24 20:59:32 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012-09-20 07:55:29 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2012-09-06 02:46:12 | 000,912,896 | ---- | M] (KARPOLAN) -- C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
PRC - [2012-03-08 07:05:06 | 000,432,952 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
PRC - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2009-12-20 00:00:00 | 000,148,112 | ---- | M] (Apache Friends) -- C:\xampp\xampp-control.exe
========== Modules (No Company Name) ==========
MOD - [2013-05-01 11:20:20 | 000,261,149 | -H-- | M] () -- C:\Program Files\KMSpico\5E31OO7XI2T.exe
MOD - [2013-05-01 10:20:19 | 003,115,928 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-04-19 16:00:07 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013-03-07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013-03-07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013-03-07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013-02-15 18:20:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30fabfc2d4fe632ecf463a0901bba2d3\System.Windows.Forms.ni.dll
MOD - [2013-02-05 12:06:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\253546cd467b0fd7e57623921595182d\System.Configuration.ni.dll
MOD - [2013-02-05 12:01:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d981792ebf85627e57c7d95594aa7092\System.Xml.ni.dll
MOD - [2013-02-05 12:01:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\97e24281000ae702b067281f3a01878a\System.Drawing.ni.dll
MOD - [2013-02-05 12:01:37 | 006,656,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\68ec2130ceb6a257762c70bc87ed0129\System.Data.ni.dll
MOD - [2013-02-05 12:01:11 | 007,989,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0b80769ba127fce3221c1fd47e87c4a7\System.ni.dll
MOD - [2013-02-05 12:01:01 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012-09-14 00:03:56 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012-07-06 04:01:13 | 002,972,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013-03-02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-03-02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-02-02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-01-29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-01-10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-01-10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012-11-27 15:56:28 | 000,118,272 | ---- | M] (DeadPihto) [Auto | Running] -- C:\Windows\SysNative\wsservice_crk.dll -- (WSServiceCrk)
SRV:64bit: - [2012-11-06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-11-06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012-09-20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012-09-20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012-09-20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012-09-16 10:25:58 | 000,662,104 | ---- | M] (Genie9) [Auto | Running] -- C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV:64bit: - [2012-09-11 23:14:40 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2012-07-26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012-07-26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012-07-26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013-05-01 10:20:20 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-04-19 16:00:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013-02-26 15:42:53 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2013-02-15 16:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013-02-15 16:27:52 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013-02-15 14:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-01-15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012-12-16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012-12-14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-12-11 11:22:38 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-11-06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-11-01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012-11-01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012-11-01 02:57:50 | 013,234,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012-11-01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012-10-11 18:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012-07-26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-12-20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Stopped] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009-12-20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-03-07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013-03-07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013-03-07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013-03-07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013-03-07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-03-07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013-03-07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013-03-07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013-03-05 15:10:52 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013-03-02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-03-02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013-03-02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-03-02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-03-02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-03-02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-02-05 19:34:43 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2013-02-05 19:34:37 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2013-02-05 19:34:37 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2013-02-02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-02-02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-01-29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-01-29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-01-27 15:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013-01-10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012-12-21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2012-12-21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012-12-19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012-12-14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-12-11 11:22:46 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012-11-27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012-11-20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012-11-06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012-11-01 03:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012-11-01 03:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012-11-01 03:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012-11-01 03:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012-11-01 03:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012-10-24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012-10-24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012-10-12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-10-11 18:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012-10-11 18:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012-10-11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012-10-11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012-09-20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012-09-20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012-09-20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-09-20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-07-26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012-07-26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012-07-26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012-07-26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012-07-26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012-07-26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012-07-26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-06-02 16:31:37 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2012-06-02 16:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-12-26 16:27:24 | 000,015,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ampa.sys -- (ampa)
DRV:64bit: - [2011-12-15 02:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011-06-15 22:10:58 | 000,015,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ddmdrv.sys -- (ddmdrv)
DRV:64bit: - [2010-11-06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010-10-20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV - [2013-02-15 16:28:06 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012-12-21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2012-12-21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2012-07-05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012-07-05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012-01-05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2011-12-26 16:27:22 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2011-06-15 22:09:42 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ddmdrv.sys -- (ddmdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.nl.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 41 45 52 3E 02 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.nl/"
FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
FF - prefs.js..extensions.enabledAddons: %7B563e4790-7e70-11da-a72b-0800200c9a66%7D:0.9f
FF - prefs.js..extensions.enabledAddons: %7Ba5312b79-bf0d-4825-a25f-b33d67d4a58a%7D:13.15.63
FF - prefs.js..extensions.enabledAddons: rssicon%40jasnapaka.com:1.4
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: coralietab%40mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledAddons: %7Bac2cfa60-bc96-11e0-962b-0800200c9a66%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mark de Jager\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-28 17:31:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-06 13:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-04-27 18:03:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\CaptureSaver\Firefox [2013-03-19 10:57:39 | 000,000,000 | ---D | M]
[2013-02-03 20:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Extensions
[2013-04-27 18:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions
[2013-03-01 16:23:09 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013-04-20 17:27:22 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\[email protected]
[2013-04-22 09:51:21 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\[email protected]
[2013-03-06 14:25:15 | 000,207,249 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-06 21:15:48 | 000,015,618 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-08 21:59:50 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-05 11:34:49 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2013-02-06 18:51:54 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi
[2013-02-06 21:01:15 | 000,045,996 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi
[2013-04-27 18:56:04 | 000,052,139 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi
[2013-02-14 11:09:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-04-05 19:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-04-05 19:06:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-05-01 10:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\distribution\extensions
[2013-01-11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mark de Jager\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Documenten = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Documenten = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Zoeken = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Zoeken = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013-04-29 16:57:40 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (CaptureSaver) - {5148AB7D-8868-4490-B6DA-F98368488582} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [Photobucket Backup] C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe (Photobucket)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [KeyboardLeds.exe] C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe (KARPOLAN)
O4 - HKCU..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow File not found
O4 - HKCU..\Run: [SkyDrive] C:\Users\Mark de Jager\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O8:64bit: - Extra context menu item: Add to CaptureSaver - C:\Program Files (x86)\CaptureSaver\\AddFromIE.htm ()
O8:64bit: - Extra context menu item: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O8 - Extra context menu item: Add to CaptureSaver - C:\Program Files (x86)\CaptureSaver\\AddFromIE.htm ()
O8 - Extra context menu item: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
O9 - Extra 'Tools' menuitem : CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mediapluspro.com ([www] https in Vertrouwde websites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{404E2125-F77B-4A20-89E5-7CE2767B2BAF}: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{72e93269-6e2f-11e2-be65-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72e93269-6e2f-11e2-be65-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\setup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013-05-01 15:44:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-05-01 10:04:16 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Aangepaste Office-sjablonen
[2013-04-28 17:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013-04-28 17:33:14 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013-04-28 17:33:14 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013-04-28 17:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013-04-28 17:33:08 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013-04-28 17:33:08 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013-04-28 17:32:11 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013-04-28 17:32:10 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013-04-28 17:30:17 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-04-28 17:16:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-04-28 17:12:12 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013-04-28 16:01:39 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013-04-28 16:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013-04-28 15:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013-04-28 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Leawo
[2013-04-28 15:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2013-04-28 15:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2013-04-28 15:38:23 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll
[2013-04-28 15:38:23 | 000,438,272 | ---- | C] (Gabest) -- C:\Windows\SysWow64\Mpeg2DecFilter.ax
[2013-04-28 15:38:23 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2013-04-28 15:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo
[2013-04-28 14:31:27 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\liQeNSoft
[2013-04-28 14:05:40 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\TeknoGods
[2013-04-28 13:46:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
[2013-04-28 13:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MW3
[2013-04-28 13:14:46 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW3
[2013-04-28 13:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\MW3
[2013-04-27 20:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\RealPopup
[2013-04-27 20:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealPopup
[2013-04-27 20:23:56 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Computerspeeltuin.{ED7BA470-8E54-465E-825C-99712043E01C}
[2013-04-27 20:14:21 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\HTML Executable
[2013-04-27 19:44:46 | 000,000,000 | R--D | C] -- C:\Users\Mark de Jager\Desktop\SkyDrive
[2013-04-27 19:43:54 | 000,000,000 | R--D | C] -- C:\Users\Mark de Jager\SkyDrive
[2013-04-27 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013-04-27 19:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013-04-27 17:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSR Soft
[2013-04-27 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\TSR Software
[2013-04-27 17:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TSR Soft
[2013-04-27 16:04:58 | 000,000,000 | ---D | C] -- C:\gql
[2013-04-27 16:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluge
[2013-04-27 15:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013-04-27 15:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013-04-27 15:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-04-27 15:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\KMSpico
[2013-04-27 15:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013-04-27 15:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Toolkit
[2013-04-26 18:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2013-04-26 18:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2013-04-23 08:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013-04-20 18:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013-04-20 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Anti-Malware
[2013-04-20 17:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013-04-19 20:38:06 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Navicat
[2013-04-19 17:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013-04-19 17:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013-04-19 17:42:51 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\IObit
[2013-04-19 17:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013-04-17 11:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
[2013-04-17 11:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PremiumSoft
[2013-04-16 08:58:23 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Enplase
[2013-04-16 08:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima Steganography
[2013-04-16 08:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultima Steganography
[2013-04-15 19:28:20 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Keygens en activators
[2013-04-15 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Host Hotel
[2013-04-14 10:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013-04-14 10:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-04-14 09:51:03 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\QFX Software
[2013-04-14 09:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2013-04-14 09:51:01 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2013-04-14 09:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2013-04-14 09:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2013-04-13 21:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uTorrent Turbo Booster
[2013-04-13 21:47:25 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent Turbo Booster
[2013-04-13 21:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent Turbo Booster
[2013-04-13 21:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WNR
[2013-04-13 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\WNR
[2013-04-13 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxy Switcher Standard
[2013-04-13 19:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013-04-13 19:38:35 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\GoforFiles
[2013-04-13 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2013-04-13 19:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013-04-12 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2013-04-11 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\PicaJet.Com
[2013-04-11 16:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicaJet.Com
[2013-04-11 16:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicaJet.Com
[2013-04-08 10:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Logo Remover
[2013-04-08 10:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Logo Remover
[2013-04-06 13:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013-04-06 13:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013-04-04 08:30:09 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Apple Computer
[2013-04-03 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\CyberLink
[2013-04-03 14:56:52 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\CyberLink
[2013-04-03 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013-04-03 14:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2013-04-03 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2013-04-03 14:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2013-04-03 14:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013-04-03 14:51:53 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\Apple
[2013-04-03 14:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013-04-03 14:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013-04-03 14:51:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 11
[2013-04-03 14:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013-04-03 14:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2013-04-03 14:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013-04-03 14:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2013-04-03 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013-04-03 13:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013-04-03 13:25:47 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysNative\DfSdkBt.exe
[2013-04-03 13:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013-04-02 19:00:09 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2013-04-02 19:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2013-04-02 10:09:49 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Opdrachten Nederlands, Dennis
[2013-04-01 16:16:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
========== Files - Modified Within 30 Days ==========
[2013-05-01 16:01:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-05-01 15:46:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-05-01 14:12:01 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001UA.job
[2013-05-01 11:19:40 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-05-01 11:19:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-05-01 11:17:52 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013-05-01 11:17:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013-05-01 11:09:36 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013-05-01 11:09:36 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013-04-30 20:12:03 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001Core.job
[2013-04-29 16:57:40 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013-04-28 18:32:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013-04-28 13:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
[2013-04-28 13:06:26 | 000,002,190 | -H-- | M] () -- C:\Users\Mark de Jager\Documents\Default.rdp
[2013-04-27 18:26:31 | 000,001,105 | ---- | M] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-04-27 16:06:38 | 004,874,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-04-14 10:53:17 | 001,808,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-04-14 10:53:17 | 000,802,560 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-04-14 10:53:17 | 000,715,832 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-04-14 10:53:17 | 000,161,432 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-04-14 10:53:17 | 000,134,668 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-04-14 10:29:21 | 000,000,024 | ---- | M] () -- C:\Users\Mark de Jager\random.dat
[2013-04-14 10:28:59 | 000,000,052 | ---- | M] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE.dat
[2013-04-13 21:47:26 | 000,001,163 | ---- | M] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
[2013-04-13 19:35:47 | 000,000,271 | RH-- | M] () -- C:\Windows\Stop.cmd
[2013-04-10 13:32:59 | 000,000,024 | ---- | M] () -- C:\Users\Mark de Jager\jagexappletviewer.preferences
[2013-04-06 18:08:22 | 000,005,632 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2013-05-01 11:17:36 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013-04-28 17:32:10 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-04-28 17:32:10 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-04-28 16:01:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013-04-27 20:39:32 | 000,000,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealPopup.lnk
[2013-04-27 19:43:53 | 000,002,304 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013-04-27 16:21:11 | 000,001,105 | ---- | C] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-04-17 11:45:52 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2013-04-13 21:47:26 | 000,001,163 | ---- | C] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
[2013-04-13 20:32:35 | 004,874,416 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-04-13 19:34:23 | 000,001,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013-04-13 19:32:55 | 000,000,271 | RH-- | C] () -- C:\Windows\Stop.cmd
[2013-04-13 16:10:00 | 000,002,190 | -H-- | C] () -- C:\Users\Mark de Jager\Documents\Default.rdp
[2013-04-12 19:58:00 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2013-04-10 20:12:49 | 000,001,494 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013-04-10 14:25:02 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013-04-03 14:51:51 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013-03-23 15:12:54 | 000,000,054 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_speccollect_LIVE.dat
[2013-03-19 21:10:59 | 000,230,206 | ---- | C] () -- C:\ProgramData\1363720194.bdinstall.bin
[2013-03-19 20:49:39 | 000,579,637 | ---- | C] () -- C:\ProgramData\1363718718.bdinstall.bin
[2013-03-18 14:12:08 | 000,000,038 | ---- | C] () -- C:\Program Files (x86)\cfg.ini
[2013-03-18 14:10:48 | 001,645,496 | ---- | C] () -- C:\Windows\ampa.exe
[2013-03-18 14:10:48 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2013-03-18 14:10:42 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ddmdrv.sys
[2013-03-18 14:10:41 | 001,293,240 | ---- | C] () -- C:\Windows\ddmmain.exe
[2013-03-17 12:49:46 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013-03-12 15:41:44 | 000,000,416 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-03-09 12:18:07 | 000,005,632 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-03-02 17:07:06 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013-02-28 10:04:32 | 000,000,053 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE1.dat
[2013-02-26 15:43:40 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013-02-25 17:16:37 | 000,000,052 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_oldschool_LIVE.dat
[2013-02-22 19:41:39 | 000,000,054 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_loginapplet_LIVE.dat
[2013-02-11 13:17:40 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013-02-11 13:17:40 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013-02-11 13:17:40 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013-02-11 13:17:40 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013-02-11 13:17:40 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013-02-08 19:49:28 | 000,004,096 | -H-- | C] () -- C:\Users\Mark de Jager\AppData\Local\keyfile3.drm
[2013-02-07 16:19:56 | 000,211,665 | ---- | C] () -- C:\ProgramData\1360246678.bdinstall.bin
[2013-02-07 16:09:23 | 000,371,893 | ---- | C] () -- C:\ProgramData\1360245933.bdinstall.bin
[2013-02-07 10:17:14 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013-02-06 13:02:47 | 001,821,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-02-05 09:12:38 | 000,088,362 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\spritesa
[2013-02-04 13:30:59 | 000,000,052 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE.dat
[2013-02-04 13:30:59 | 000,000,024 | ---- | C] () -- C:\Users\Mark de Jager\random.dat
[2013-02-04 13:30:55 | 000,000,024 | ---- | C] () -- C:\Users\Mark de Jager\jagexappletviewer.preferences
[2013-02-04 11:27:40 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012-12-14 03:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012-12-14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-12-14 03:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012-07-26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012-07-26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012-07-26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012-07-26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012-07-25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012-07-25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012-06-02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== ZeroAccess Check ==========
[2013-04-01 16:18:47 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-03-02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-03-02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013-03-14 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\1-abc
[2013-02-08 12:51:39 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Acronis
[2013-02-05 18:30:56 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\ActiveX
[2013-04-27 20:30:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Atari
[2013-03-19 10:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\CaptureSaver
[2013-03-03 11:47:03 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013-04-16 08:58:23 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Enplase
[2013-02-06 15:31:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\ESET
[2013-04-14 10:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\FileZilla
[2013-02-27 16:30:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Firetrust
[2013-03-21 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Genie9
[2013-04-13 19:38:35 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\GoforFiles
[2013-04-27 20:14:21 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\HTML Executable
[2013-03-09 11:47:50 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\idoo
[2013-04-20 17:29:01 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\IObit
[2013-02-25 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Lamantine
[2013-02-11 17:57:06 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Notepad++
[2013-03-02 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Photobucket
[2013-04-11 16:12:10 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\PicaJet.Com
[2013-02-05 20:03:24 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\PowerISO
[2013-03-13 15:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Publish Providers
[2013-04-14 09:51:03 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\QFX Software
[2013-02-07 16:06:02 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\QuickScan
[2013-02-05 20:16:55 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Returnil
[2013-02-05 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Soft4Boost
[2013-03-09 12:18:07 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Solveig Multimedia
[2013-03-10 17:02:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Sony
[2013-03-02 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TeamViewer
[2013-03-01 13:17:48 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TechSmith
[2013-03-05 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TrueCrypt
[2013-02-09 17:01:16 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Unity
[2013-05-01 16:09:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent
[2013-04-13 21:47:25 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent Turbo Booster
[2013-04-13 21:20:38 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\WNR
[2013-02-13 11:42:54 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\X-Chat 2
[2013-03-03 13:11:32 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\XUSSoft
========== Purity Check ==========
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark de Jager\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
11,86 Gb Total Physical Memory | 9,37 Gb Available Physical Memory | 79,07% Memory free
13,54 Gb Paging File | 10,87 Gb Available in Paging File | 80,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,42 Gb Total Space | 307,12 Gb Free Space | 68,19% Space Free | Partition Type: NTFS
Drive D: | 350,00 Mb Total Space | 308,92 Mb Free Space | 88,26% Space Free | Partition Type: NTFS
Computer Name: MARK-PC | User Name: Mark de Jager | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013-05-01 11:20:20 | 000,261,149 | -H-- | M] () -- C:\Program Files\KMSpico\5E31OO7XI2T.exe
PRC - [2013-05-01 10:20:20 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-04-28 13:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
PRC - [2013-04-27 19:43:48 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Mark de Jager\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013-04-19 16:00:08 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe
PRC - [2013-03-07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013-03-07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013-02-15 16:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013-01-15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012-12-25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012-12-16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2012-12-11 11:22:38 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-11-01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012-11-01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012-11-01 02:57:50 | 013,234,176 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012-11-01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012-09-24 20:59:32 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012-09-20 07:55:29 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2012-09-06 02:46:12 | 000,912,896 | ---- | M] (KARPOLAN) -- C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
PRC - [2012-03-08 07:05:06 | 000,432,952 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
PRC - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2009-12-20 00:00:00 | 000,148,112 | ---- | M] (Apache Friends) -- C:\xampp\xampp-control.exe
========== Modules (No Company Name) ==========
MOD - [2013-05-01 11:20:20 | 000,261,149 | -H-- | M] () -- C:\Program Files\KMSpico\5E31OO7XI2T.exe
MOD - [2013-05-01 10:20:19 | 003,115,928 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-04-19 16:00:07 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013-03-07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013-03-07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013-03-07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013-02-15 18:20:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30fabfc2d4fe632ecf463a0901bba2d3\System.Windows.Forms.ni.dll
MOD - [2013-02-05 12:06:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\253546cd467b0fd7e57623921595182d\System.Configuration.ni.dll
MOD - [2013-02-05 12:01:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d981792ebf85627e57c7d95594aa7092\System.Xml.ni.dll
MOD - [2013-02-05 12:01:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\97e24281000ae702b067281f3a01878a\System.Drawing.ni.dll
MOD - [2013-02-05 12:01:37 | 006,656,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\68ec2130ceb6a257762c70bc87ed0129\System.Data.ni.dll
MOD - [2013-02-05 12:01:11 | 007,989,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0b80769ba127fce3221c1fd47e87c4a7\System.ni.dll
MOD - [2013-02-05 12:01:01 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012-09-14 00:03:56 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012-07-06 04:01:13 | 002,972,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013-03-02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-03-02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-02-02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-01-29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-01-10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-01-10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012-11-27 15:56:28 | 000,118,272 | ---- | M] (DeadPihto) [Auto | Running] -- C:\Windows\SysNative\wsservice_crk.dll -- (WSServiceCrk)
SRV:64bit: - [2012-11-06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-11-06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012-09-20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012-09-20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012-09-20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012-09-16 10:25:58 | 000,662,104 | ---- | M] (Genie9) [Auto | Running] -- C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV:64bit: - [2012-09-11 23:14:40 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2012-07-26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012-07-26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012-07-26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013-05-01 10:20:20 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-04-19 16:00:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013-02-26 15:42:53 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2013-02-15 16:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013-02-15 16:27:52 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013-02-15 14:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-01-15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012-12-16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012-12-14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-12-11 11:22:38 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-11-06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-11-01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012-11-01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012-11-01 02:57:50 | 013,234,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012-11-01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012-10-11 18:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012-07-26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-12-20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Stopped] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009-12-20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-03-07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013-03-07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013-03-07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013-03-07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013-03-07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-03-07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013-03-07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013-03-07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013-03-05 15:10:52 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013-03-02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-03-02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013-03-02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-03-02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-03-02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-03-02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-02-05 19:34:43 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2013-02-05 19:34:37 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2013-02-05 19:34:37 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2013-02-02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-02-02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-01-29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-01-29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-01-27 15:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013-01-10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012-12-21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2012-12-21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012-12-19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012-12-14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-12-11 11:22:46 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012-11-27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012-11-20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012-11-06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012-11-01 03:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012-11-01 03:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012-11-01 03:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012-11-01 03:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012-11-01 03:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012-10-24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012-10-24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012-10-12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-10-11 18:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012-10-11 18:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012-10-11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012-10-11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012-09-20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012-09-20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012-09-20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-09-20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-07-26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012-07-26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012-07-26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012-07-26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012-07-26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012-07-26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012-07-26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-06-02 16:31:37 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2012-06-02 16:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-12-26 16:27:24 | 000,015,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ampa.sys -- (ampa)
DRV:64bit: - [2011-12-15 02:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011-06-15 22:10:58 | 000,015,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ddmdrv.sys -- (ddmdrv)
DRV:64bit: - [2010-11-06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010-10-20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV - [2013-02-15 16:28:06 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012-12-21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2012-12-21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2012-07-05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012-07-05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012-01-05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2011-12-26 16:27:22 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2011-06-15 22:09:42 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ddmdrv.sys -- (ddmdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.nl.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 41 45 52 3E 02 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.nl/"
FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
FF - prefs.js..extensions.enabledAddons: %7B563e4790-7e70-11da-a72b-0800200c9a66%7D:0.9f
FF - prefs.js..extensions.enabledAddons: %7Ba5312b79-bf0d-4825-a25f-b33d67d4a58a%7D:13.15.63
FF - prefs.js..extensions.enabledAddons: rssicon%40jasnapaka.com:1.4
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: coralietab%40mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledAddons: %7Bac2cfa60-bc96-11e0-962b-0800200c9a66%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mark de Jager\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-28 17:31:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-06 13:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-04-27 18:03:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\CaptureSaver\Firefox [2013-03-19 10:57:39 | 000,000,000 | ---D | M]
[2013-02-03 20:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Extensions
[2013-04-27 18:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions
[2013-03-01 16:23:09 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013-04-20 17:27:22 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\[email protected]
[2013-04-22 09:51:21 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\[email protected]
[2013-03-06 14:25:15 | 000,207,249 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-06 21:15:48 | 000,015,618 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-08 21:59:50 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-05 11:34:49 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2013-02-06 18:51:54 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi
[2013-02-06 21:01:15 | 000,045,996 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi
[2013-04-27 18:56:04 | 000,052,139 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi
[2013-02-14 11:09:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-04-05 19:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-04-05 19:06:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-05-01 10:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\distribution\extensions
[2013-01-11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mark de Jager\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Documenten = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Documenten = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Zoeken = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Zoeken = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013-04-29 16:57:40 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (CaptureSaver) - {5148AB7D-8868-4490-B6DA-F98368488582} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [Photobucket Backup] C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe (Photobucket)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [KeyboardLeds.exe] C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe (KARPOLAN)
O4 - HKCU..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow File not found
O4 - HKCU..\Run: [SkyDrive] C:\Users\Mark de Jager\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O8:64bit: - Extra context menu item: Add to CaptureSaver - C:\Program Files (x86)\CaptureSaver\\AddFromIE.htm ()
O8:64bit: - Extra context menu item: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O8 - Extra context menu item: Add to CaptureSaver - C:\Program Files (x86)\CaptureSaver\\AddFromIE.htm ()
O8 - Extra context menu item: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
O9 - Extra 'Tools' menuitem : CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mediapluspro.com ([www] https in Vertrouwde websites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{404E2125-F77B-4A20-89E5-7CE2767B2BAF}: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{72e93269-6e2f-11e2-be65-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{72e93269-6e2f-11e2-be65-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\setup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013-05-01 15:44:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-05-01 10:04:16 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Aangepaste Office-sjablonen
[2013-04-28 17:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013-04-28 17:33:14 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013-04-28 17:33:14 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013-04-28 17:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013-04-28 17:33:08 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013-04-28 17:33:08 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013-04-28 17:32:11 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013-04-28 17:32:10 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013-04-28 17:30:17 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-04-28 17:16:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-04-28 17:12:12 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013-04-28 16:01:39 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013-04-28 16:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013-04-28 15:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013-04-28 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Leawo
[2013-04-28 15:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2013-04-28 15:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2013-04-28 15:38:23 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll
[2013-04-28 15:38:23 | 000,438,272 | ---- | C] (Gabest) -- C:\Windows\SysWow64\Mpeg2DecFilter.ax
[2013-04-28 15:38:23 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2013-04-28 15:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo
[2013-04-28 14:31:27 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\liQeNSoft
[2013-04-28 14:05:40 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\TeknoGods
[2013-04-28 13:46:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
[2013-04-28 13:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MW3
[2013-04-28 13:14:46 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW3
[2013-04-28 13:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\MW3
[2013-04-27 20:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\RealPopup
[2013-04-27 20:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealPopup
[2013-04-27 20:23:56 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Computerspeeltuin.{ED7BA470-8E54-465E-825C-99712043E01C}
[2013-04-27 20:14:21 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\HTML Executable
[2013-04-27 19:44:46 | 000,000,000 | R--D | C] -- C:\Users\Mark de Jager\Desktop\SkyDrive
[2013-04-27 19:43:54 | 000,000,000 | R--D | C] -- C:\Users\Mark de Jager\SkyDrive
[2013-04-27 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013-04-27 19:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013-04-27 17:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSR Soft
[2013-04-27 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\TSR Software
[2013-04-27 17:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TSR Soft
[2013-04-27 16:04:58 | 000,000,000 | ---D | C] -- C:\gql
[2013-04-27 16:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluge
[2013-04-27 15:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013-04-27 15:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013-04-27 15:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-04-27 15:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\KMSpico
[2013-04-27 15:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013-04-27 15:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Toolkit
[2013-04-26 18:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2013-04-26 18:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2013-04-23 08:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013-04-20 18:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013-04-20 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Anti-Malware
[2013-04-20 17:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013-04-19 20:38:06 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Navicat
[2013-04-19 17:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013-04-19 17:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013-04-19 17:42:51 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\IObit
[2013-04-19 17:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013-04-17 11:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
[2013-04-17 11:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PremiumSoft
[2013-04-16 08:58:23 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Enplase
[2013-04-16 08:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima Steganography
[2013-04-16 08:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultima Steganography
[2013-04-15 19:28:20 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Keygens en activators
[2013-04-15 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Host Hotel
[2013-04-14 10:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013-04-14 10:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-04-14 09:51:03 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\QFX Software
[2013-04-14 09:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2013-04-14 09:51:01 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2013-04-14 09:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2013-04-14 09:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2013-04-13 21:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uTorrent Turbo Booster
[2013-04-13 21:47:25 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent Turbo Booster
[2013-04-13 21:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent Turbo Booster
[2013-04-13 21:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WNR
[2013-04-13 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\WNR
[2013-04-13 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxy Switcher Standard
[2013-04-13 19:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013-04-13 19:38:35 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\GoforFiles
[2013-04-13 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2013-04-13 19:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013-04-12 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2013-04-11 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\PicaJet.Com
[2013-04-11 16:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicaJet.Com
[2013-04-11 16:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicaJet.Com
[2013-04-08 10:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Logo Remover
[2013-04-08 10:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Logo Remover
[2013-04-06 13:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013-04-06 13:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013-04-04 08:30:09 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Apple Computer
[2013-04-03 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\CyberLink
[2013-04-03 14:56:52 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\CyberLink
[2013-04-03 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013-04-03 14:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2013-04-03 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2013-04-03 14:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2013-04-03 14:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013-04-03 14:51:53 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\Apple
[2013-04-03 14:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013-04-03 14:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013-04-03 14:51:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 11
[2013-04-03 14:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013-04-03 14:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2013-04-03 14:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013-04-03 14:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2013-04-03 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013-04-03 13:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013-04-03 13:25:47 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysNative\DfSdkBt.exe
[2013-04-03 13:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013-04-02 19:00:09 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2013-04-02 19:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2013-04-02 10:09:49 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Opdrachten Nederlands, Dennis
[2013-04-01 16:16:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
========== Files - Modified Within 30 Days ==========
[2013-05-01 16:01:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-05-01 15:46:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-05-01 14:12:01 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001UA.job
[2013-05-01 11:19:40 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-05-01 11:19:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-05-01 11:17:52 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013-05-01 11:17:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013-05-01 11:09:36 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013-05-01 11:09:36 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013-04-30 20:12:03 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001Core.job
[2013-04-29 16:57:40 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013-04-28 18:32:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013-04-28 13:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
[2013-04-28 13:06:26 | 000,002,190 | -H-- | M] () -- C:\Users\Mark de Jager\Documents\Default.rdp
[2013-04-27 18:26:31 | 000,001,105 | ---- | M] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-04-27 16:06:38 | 004,874,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-04-14 10:53:17 | 001,808,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-04-14 10:53:17 | 000,802,560 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-04-14 10:53:17 | 000,715,832 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-04-14 10:53:17 | 000,161,432 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-04-14 10:53:17 | 000,134,668 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-04-14 10:29:21 | 000,000,024 | ---- | M] () -- C:\Users\Mark de Jager\random.dat
[2013-04-14 10:28:59 | 000,000,052 | ---- | M] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE.dat
[2013-04-13 21:47:26 | 000,001,163 | ---- | M] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
[2013-04-13 19:35:47 | 000,000,271 | RH-- | M] () -- C:\Windows\Stop.cmd
[2013-04-10 13:32:59 | 000,000,024 | ---- | M] () -- C:\Users\Mark de Jager\jagexappletviewer.preferences
[2013-04-06 18:08:22 | 000,005,632 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2013-05-01 11:17:36 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013-04-28 17:32:10 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-04-28 17:32:10 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-04-28 16:01:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013-04-27 20:39:32 | 000,000,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealPopup.lnk
[2013-04-27 19:43:53 | 000,002,304 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013-04-27 16:21:11 | 000,001,105 | ---- | C] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-04-17 11:45:52 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2013-04-13 21:47:26 | 000,001,163 | ---- | C] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
[2013-04-13 20:32:35 | 004,874,416 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-04-13 19:34:23 | 000,001,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013-04-13 19:32:55 | 000,000,271 | RH-- | C] () -- C:\Windows\Stop.cmd
[2013-04-13 16:10:00 | 000,002,190 | -H-- | C] () -- C:\Users\Mark de Jager\Documents\Default.rdp
[2013-04-12 19:58:00 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2013-04-10 20:12:49 | 000,001,494 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013-04-10 14:25:02 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013-04-03 14:51:51 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013-03-23 15:12:54 | 000,000,054 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_speccollect_LIVE.dat
[2013-03-19 21:10:59 | 000,230,206 | ---- | C] () -- C:\ProgramData\1363720194.bdinstall.bin
[2013-03-19 20:49:39 | 000,579,637 | ---- | C] () -- C:\ProgramData\1363718718.bdinstall.bin
[2013-03-18 14:12:08 | 000,000,038 | ---- | C] () -- C:\Program Files (x86)\cfg.ini
[2013-03-18 14:10:48 | 001,645,496 | ---- | C] () -- C:\Windows\ampa.exe
[2013-03-18 14:10:48 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2013-03-18 14:10:42 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ddmdrv.sys
[2013-03-18 14:10:41 | 001,293,240 | ---- | C] () -- C:\Windows\ddmmain.exe
[2013-03-17 12:49:46 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013-03-12 15:41:44 | 000,000,416 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-03-09 12:18:07 | 000,005,632 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-03-02 17:07:06 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013-02-28 10:04:32 | 000,000,053 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE1.dat
[2013-02-26 15:43:40 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013-02-25 17:16:37 | 000,000,052 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_oldschool_LIVE.dat
[2013-02-22 19:41:39 | 000,000,054 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_loginapplet_LIVE.dat
[2013-02-11 13:17:40 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013-02-11 13:17:40 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013-02-11 13:17:40 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013-02-11 13:17:40 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013-02-11 13:17:40 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013-02-08 19:49:28 | 000,004,096 | -H-- | C] () -- C:\Users\Mark de Jager\AppData\Local\keyfile3.drm
[2013-02-07 16:19:56 | 000,211,665 | ---- | C] () -- C:\ProgramData\1360246678.bdinstall.bin
[2013-02-07 16:09:23 | 000,371,893 | ---- | C] () -- C:\ProgramData\1360245933.bdinstall.bin
[2013-02-07 10:17:14 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013-02-06 13:02:47 | 001,821,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-02-05 09:12:38 | 000,088,362 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\spritesa
[2013-02-04 13:30:59 | 000,000,052 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE.dat
[2013-02-04 13:30:59 | 000,000,024 | ---- | C] () -- C:\Users\Mark de Jager\random.dat
[2013-02-04 13:30:55 | 000,000,024 | ---- | C] () -- C:\Users\Mark de Jager\jagexappletviewer.preferences
[2013-02-04 11:27:40 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012-12-14 03:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012-12-14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-12-14 03:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012-07-26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012-07-26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012-07-26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012-07-26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012-07-25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012-07-25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012-06-02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== ZeroAccess Check ==========
[2013-04-01 16:18:47 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-03-02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-03-02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013-03-14 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\1-abc
[2013-02-08 12:51:39 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Acronis
[2013-02-05 18:30:56 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\ActiveX
[2013-04-27 20:30:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Atari
[2013-03-19 10:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\CaptureSaver
[2013-03-03 11:47:03 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013-04-16 08:58:23 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Enplase
[2013-02-06 15:31:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\ESET
[2013-04-14 10:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\FileZilla
[2013-02-27 16:30:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Firetrust
[2013-03-21 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Genie9
[2013-04-13 19:38:35 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\GoforFiles
[2013-04-27 20:14:21 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\HTML Executable
[2013-03-09 11:47:50 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\idoo
[2013-04-20 17:29:01 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\IObit
[2013-02-25 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Lamantine
[2013-02-11 17:57:06 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Notepad++
[2013-03-02 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Photobucket
[2013-04-11 16:12:10 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\PicaJet.Com
[2013-02-05 20:03:24 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\PowerISO
[2013-03-13 15:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Publish Providers
[2013-04-14 09:51:03 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\QFX Software
[2013-02-07 16:06:02 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\QuickScan
[2013-02-05 20:16:55 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Returnil
[2013-02-05 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Soft4Boost
[2013-03-09 12:18:07 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Solveig Multimedia
[2013-03-10 17:02:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Sony
[2013-03-02 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TeamViewer
[2013-03-01 13:17:48 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TechSmith
[2013-03-05 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TrueCrypt
[2013-02-09 17:01:16 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Unity
[2013-05-01 16:09:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent
[2013-04-13 21:47:25 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent Turbo Booster
[2013-04-13 21:20:38 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\WNR
[2013-02-13 11:42:54 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\X-Chat 2
[2013-03-03 13:11:32 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\XUSSoft
========== Purity Check ==========
< End of report >
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
