Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fake scvhost processes taking up 99% of CPU, but no performance loss [

Started by DeZiekeNon , Jan 16 2015 09:43 AM

  • This topic is locked This topic is locked

#1
DeZiekeNon
Posted 16 January 2015 - 09:43 AM

DeZiekeNon

    Member

  • Member
  • PipPipPip
  • 134 posts

In this thread, Aura has referred me to the Virus, Spyware, Malware Removal section.

 

A few days ago Starcraft 2 started switching to desktop while I was playing. It happens about every few minutes. Other full screen applications might have the same problem, but I don't know this yet. Probably some application/notificaton is switching the game back to the desktop. Related or not, in troubleshouting is stumbled upon this:

 

UOTzhGX.png

 

In the Processes tab the processes don't have a name and take up 99% of the CPU. The file location of the svchost processes:

 

BXvL9Fj.png

 

According to Aura (and I agree) this is probably an infection. I hope you guys can help me get rid of it. I don't know what may have caused the infection. Below the OTL log:

 

OTL logfile created on: 16-1-2015 16:26:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy
 
8,00 Gb Total Physical Memory | 4,59 Gb Available Physical Memory | 57,34% Memory free
16,00 Gb Paging File | 11,62 Gb Available in Paging File | 72,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71,37 Gb Total Space | 24,60 Gb Free Space | 34,47% Space Free | Partition Type: NTFS
Drive D: | 3,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 139,73 Gb Total Space | 41,84 Gb Free Space | 29,94% Space Free | Partition Type: NTFS
Drive F: | 68,36 Gb Total Space | 61,24 Gb Free Space | 89,58% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 163,04 Gb Free Space | 17,50% Space Free | Partition Type: NTFS
 
Computer Name: PC-VAN-GD | User Name: GD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015-01-16 16:25:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Downloads\OTL.exe
PRC - [2014-12-17 15:11:06 | 000,401,416 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- F:\Evernote\EvernoteTray.exe
PRC - [2014-12-17 15:11:02 | 019,796,488 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- F:\Evernote\Evernote.exe
PRC - [2014-12-17 15:11:02 | 001,115,144 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- F:\Evernote\EvernoteClipper.exe
PRC - [2014-12-09 04:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014-12-06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-12-03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014-10-31 23:46:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014-08-20 12:06:22 | 000,010,752 | ---- | M] (Microsoft) -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
PRC - [2014-08-19 09:43:12 | 001,065,352 | ---- | M] (Innovative Solutions) -- F:\DriverMax\innostp.exe
PRC - [2014-07-14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014-07-14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2012-12-21 11:10:14 | 000,974,864 | ---- | M] (Razer USA Ltd) -- F:\Drivers\Razer Mamba\RazerMambaSysTray.exe
PRC - [2012-10-09 00:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Wacom\WacomHost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015-01-16 11:45:04 | 000,043,008 | ---- | M] () -- c:\users\gerryt~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphbblda.dll
MOD - [2014-12-17 15:11:18 | 000,098,312 | ---- | M] () -- F:\Evernote\websockets.dll
MOD - [2014-12-17 15:11:14 | 000,439,304 | ---- | M] () -- F:\Evernote\libxml2.dll
MOD - [2014-12-17 15:11:14 | 000,321,032 | ---- | M] () -- F:\Evernote\libtidy.dll
MOD - [2014-12-17 15:11:12 | 021,121,032 | ---- | M] () -- F:\Evernote\libcef.dll
MOD - [2014-12-17 15:11:00 | 000,195,096 | ---- | M] () -- F:\Evernote\avformat-54.dll
MOD - [2014-12-17 15:11:00 | 000,138,776 | ---- | M] () -- F:\Evernote\avutil-51.dll
MOD - [2014-12-17 15:10:58 | 000,988,696 | ---- | M] () -- F:\Evernote\avcodec-54.dll
MOD - [2014-12-14 13:05:24 | 016,843,952 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
MOD - [2014-12-06 02:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014-12-06 02:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014-12-06 02:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014-12-06 02:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014-10-22 01:22:50 | 000,750,080 | ---- | M] () -- C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2014-10-22 01:22:50 | 000,047,616 | ---- | M] () -- C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2014-10-22 01:22:48 | 000,863,744 | ---- | M] () -- C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2014-10-22 01:22:46 | 000,200,704 | ---- | M] () -- C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2013-09-04 23:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010-10-20 14:45:26 | 008,801,120 | ---- | M] () -- F:\Office Pro 2010 EN\Office14\1033\GrooveIntlResource.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-12-06 02:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014-11-04 19:49:46 | 000,671,000 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro)
SRV:64bit: - [2014-10-31 05:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-09-22 04:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014-09-22 04:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014-09-15 23:03:18 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2014-08-16 04:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014-08-16 01:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014-08-16 01:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014-07-24 08:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014-07-21 02:58:51 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014-07-21 02:58:51 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014-07-21 02:55:12 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014-03-18 11:15:02 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-03-18 11:15:02 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014-03-18 11:14:55 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014-03-18 11:14:54 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014-03-18 11:14:53 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014-03-18 11:14:49 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014-03-18 10:46:02 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2014-03-18 10:46:02 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2014-01-24 18:08:18 | 002,647,256 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV:64bit: - [2013-08-22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2014-12-27 01:07:49 | 001,903,472 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- F:\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014-12-11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014-12-03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014-11-18 21:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014-10-31 23:46:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014-08-20 12:06:22 | 000,010,752 | ---- | M] (Microsoft) [Auto | Running] -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe -- (Time)
SRV - [2014-08-16 04:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014-08-07 12:11:54 | 000,037,176 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- F:\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2014-07-21 02:55:12 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014-07-14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014-07-14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013-12-18 23:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Office Pro 2010 EN\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013-08-22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.2.0)
DRV:64bit: - [2014-12-12 01:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2014-10-13 03:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014-10-13 03:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014-10-13 03:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014-10-10 02:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014-10-07 00:54:47 | 000,100,664 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2014-10-07 00:54:47 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2014-10-07 00:54:47 | 000,014,136 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2014-09-22 04:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014-09-22 04:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014-09-22 03:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014-09-15 23:26:58 | 016,750,080 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014-09-15 22:59:06 | 000,576,000 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014-08-15 01:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014-08-02 21:33:00 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014-07-24 16:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014-07-24 16:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014-07-24 12:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014-07-21 02:59:58 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014-07-21 02:58:51 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014-07-21 02:58:51 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014-07-21 02:58:51 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014-07-21 02:55:12 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2014-04-08 14:33:44 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2014-03-18 11:14:54 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014-03-18 11:14:50 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014-03-18 11:14:37 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014-03-18 11:14:36 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014-03-18 11:14:35 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014-03-18 11:14:35 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014-03-18 11:14:35 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014-03-18 11:14:35 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014-03-18 10:46:04 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2014-03-18 10:45:53 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2014-03-18 10:45:53 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2014-03-18 10:45:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2014-03-18 10:45:53 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2014-03-18 10:45:53 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014-03-11 15:20:04 | 000,222,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWB6.sys -- (AtiHDAudioService)
DRV:64bit: - [2014-01-24 18:06:48 | 000,126,168 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\bckd.sys -- (bckd)
DRV:64bit: - [2013-08-22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-13 00:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-07-30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-06-18 15:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013-05-17 10:13:26 | 000,017,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2012-12-10 15:51:52 | 000,011,776 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mamba2.sys -- (mamba2)
DRV:64bit: - [2012-09-23 03:17:22 | 000,021,160 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdkmafd.sys -- (amdkmafd)
DRV:64bit: - [2011-01-15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009-12-03 05:00:00 | 000,103,224 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WibuKey64.sys -- (WIBUKEY)
DRV:64bit: - [2009-08-07 07:59:16 | 000,016,896 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Wibukey2_64.sys -- (Wibukey2_64)
DRV:64bit: - [2008-05-06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.nl.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL,nl;q=0.8,en-US;q=0.5,en;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 DE E6 07 EF B6 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: F:\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: F:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\Office Pro 2010 EN\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\Visio 2013 Pro\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: F:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = F:\Java\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U51 (Enabled) = F:\Java\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Disabled) = F:\Office Pro 2010 EN\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Disabled) = F:\Office Pro 2010 EN\Office14\NPSPWRAP.DLL
CHR - plugin: VLC Web Plugin (Disabled) = F:\VLC\npvlc.dll
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm\1.5_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb\0.2.3_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofjbfnpecflopfknbpnhhpnegbflfph\1.3.44_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn\2.4_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkjpdnomgodmagfmhojepjlajpoicip\1.7_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.16.3_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.5.4_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao\1.0.9_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm\1.0_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.2.6_0\
CHR - Extension: No name found = C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014-09-11 14:31:14 | 000,005,715 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip4.adobe.com
O1 - Hosts: 111 more lines...
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - F:\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Office Pro 2010 EN\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Java\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Razer Mamba Elite Driver] F:\Drivers\Razer Mamba\RazerMambaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] F:\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [DriverMax] F:\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKCU..\Run: [DriverMax_RESTART]  File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\GerrytDouwe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = F:\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip bookmark - F:\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Clip image - F:\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - F:\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - F:\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - F:\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - F:\Office Pro 2010 EN\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: New note - F:\Evernote\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - F:\Office Pro 2010 EN\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Clip bookmark - F:\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip image - F:\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - F:\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - F:\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - F:\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Office Pro 2010 EN\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: New note - F:\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Se&nd to OneNote - F:\Office Pro 2010 EN\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @F:\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @F:\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Office Pro 2010 EN\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Office Pro 2010 EN\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Office Pro 2010 EN\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Office Pro 2010 EN\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @F:\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @F:\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\Evernote\\EvernoteIERes\AddNote.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: twitch.tv ([www] * in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B2B441B-7FBA-49E9-91B9-7884C27331DB}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8650518-6C44-45AF-8B52-116D44B6A36C}: DhcpNameServer = 198.18.0.1 198.18.0.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Visio 2013 Pro\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{33929889-1a83-11e4-be9e-002618783dfc}\Shell - "" = AutoRun
O33 - MountPoints2\{33929889-1a83-11e4-be9e-002618783dfc}\Shell\AutoRun\command - "" = "H:\setup.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015-01-07 23:04:19 | 000,000,000 | ---D | C] -- C:\tmp
[2015-01-07 23:03:35 | 000,000,000 | ---D | C] -- C:\Users\GerrytDouwe\.thumbnails
[2015-01-07 16:22:20 | 000,000,000 | ---D | C] -- C:\Users\GerrytDouwe\AppData\Roaming\WTablet
[2015-01-07 16:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2015-01-07 16:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2015-01-07 16:19:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
[2015-01-07 16:19:52 | 000,015,160 | ---- | C] (Wacom Technology) -- C:\WINDOWS\SysNative\drivers\wacomrouterfilter.sys
[2015-01-07 16:19:49 | 000,100,664 | ---- | C] (Wacom Technology) -- C:\WINDOWS\SysNative\drivers\wachidrouter.sys
[2015-01-07 16:19:49 | 000,014,136 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\SysNative\drivers\hidkmdf.sys
[2015-01-07 16:19:43 | 002,029,336 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\SysNative\WacomMT.dll
[2015-01-07 16:19:43 | 001,995,544 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\SysNative\Wacom_Tablet.dll
[2015-01-07 16:19:43 | 001,988,888 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\SysNative\Wacom_Touch_Tablet.dll
[2015-01-07 16:19:43 | 001,863,448 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\SysNative\Wintab32.dll
[2015-01-07 16:19:43 | 001,626,392 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\SysWow64\WacomMT.dll
[2015-01-07 16:19:43 | 001,617,176 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\SysWow64\Wacom_Tablet.dll
[2015-01-07 16:19:43 | 001,610,008 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\SysWow64\Wacom_Touch_Tablet.dll
[2015-01-07 16:19:43 | 001,497,368 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\SysWow64\Wintab32.dll
[2015-01-07 16:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2015-01-02 00:42:48 | 000,000,000 | ---D | C] -- C:\Users\GerrytDouwe\AppData\Roaming\Mozilla
[2015-01-02 00:42:47 | 000,000,000 | ---D | C] -- C:\Users\GerrytDouwe\AppData\Roaming\Octoshape
[2014-12-30 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2014-12-29 00:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4 Update 6 - RELOADED + 17 Languages
 
========== Files - Modified Within 30 Days ==========
 
[2015-01-16 16:20:11 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015-01-16 11:44:56 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015-01-16 11:44:56 | 000,722,278 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015-01-16 11:44:56 | 000,135,394 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015-01-16 11:44:43 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Application Starter - e59f1e4b45dd829c4c6703b808149960.job
[2015-01-16 11:44:42 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015-01-16 11:39:53 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015-01-16 11:37:50 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015-01-15 11:52:50 | 000,062,292 | ---- | M] () -- C:\WINDOWS\temp023423.vbe
[2014-12-28 16:02:19 | 464,553,862 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014-12-26 14:47:38 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2014-12-18 00:41:06 | 000,001,212 | ---- | M] () -- C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2015-01-09 11:21:22 | 000,062,292 | ---- | C] () -- C:\WINDOWS\temp023423.vbe
[2014-12-28 16:02:19 | 464,553,862 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2014-10-31 23:46:32 | 000,281,688 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2014-10-31 23:46:30 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2014-09-30 16:49:10 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2014-09-15 17:19:58 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
[2014-09-11 14:50:29 | 000,001,456 | ---- | C] () -- C:\Users\GerrytDouwe\AppData\Local\Adobe Opslaan voor web 12.0 Prefs
[2014-07-27 13:15:54 | 000,007,597 | ---- | C] () -- C:\Users\GerrytDouwe\AppData\Local\Resmon.ResmonCfg
[2014-07-20 17:09:15 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2014-07-20 17:09:15 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SysWow64\BD2150N.DAT
[2014-07-20 17:09:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2014-06-09 23:52:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2014-06-09 23:52:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2014-03-18 11:15:05 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014-03-18 11:14:37 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013-08-22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2014-09-05 16:26:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-08-31 01:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-08-30 23:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014-10-21 17:02:52 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\AMD
[2014-09-25 14:33:11 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\Battle.net
[2015-01-04 01:47:15 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\BitTorrent
[2014-10-29 16:46:12 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\Colasoft MAC Scanner
[2014-10-29 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\Colasoft Packet Player
[2014-10-29 16:46:12 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\Colasoft Ping Tool
[2014-08-20 12:01:09 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\DAEMON Tools Lite
[2015-01-16 11:45:13 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\Dropbox
[2014-11-09 23:12:02 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\GameMaker-Studio
[2014-11-16 15:50:35 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\livestreamer
[2014-12-03 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\Local
[2015-01-15 22:23:33 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\Octoshape
[2014-12-27 12:46:39 | 000,000,000 | -H-D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\Origin
[2014-09-19 10:15:20 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\Spotify
[2014-10-03 11:32:18 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\Steam
[2014-12-17 22:01:58 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\GerrytDouwe\OneDrive:ms-properties
 
< End of report >
 

 


  • 0

Advertisements

#2
DeZiekeNon
Posted 16 January 2015 - 10:45 AM

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

In the temp folder I found log files that are created about every 5 minutes. It seems to be the same interval that Starcraft 2 crashes. I opened a few of them and it appears that an application called Claymore CryptoNote CPU Miner is active on my PC. I have never done any bitcoin mining, so this is highly suspicious. I posted the contents of one of the log files below:

 

16:23:22:476 ff0
16:23:29:871 ff0 ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
16:23:34:622 ff0 º            Claymore CryptoNote CPU Miner  v3.4 Beta            º
16:23:39:371 ff0 ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
16:23:44:322 ff0 64-bit version
16:23:53:621 ff0 CPU does not support AES-NI - slower mining!
16:24:03:121 ff0 Logical CPU cores: 4
16:24:12:621 ff0 Number of threads: Autoselection...
16:24:22:121 ff0 Using 4 threads
16:24:31:622 ff0 scfg: 1
16:24:36:373 ff0 1 pool specified.
16:24:41:122 ff0 Press "m" key for tune mode.
16:24:50:884 16bc Stratum - connecting to 'pool.cryptmonero.com' <46.165.232.77> port 1001
16:25:01:337 16bc Stratum - Connected
16:25:06:059 16bc got 303 bytes
16:25:15:559 16bc buf: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"118100750492885","job":{"blob":"010099d7e4a5059bd6784943356aad33d2e9633154370eb186947822db00c2b0048be0b7c1ceb900000000e781d0513717608f318389beb874ca76aff7498ea4c48cdc605e9db03b47f32f01","job_id":"711804073792882","target":"cfb02b00"},"status":"OK"}}
 
16:25:20:309 16bc parse packet: 303
16:25:25:059 16bc new buf size: 0
16:25:29:808 16bc DevFee: Pool Diff 1500
16:25:50:627 ff0 watchdog - thread 0, hb time 8016
16:25:55:934 ff0 WATCHDOG: Thread 0 hangs in OpenCL call, you need to restart miner :( 
16:26:00:684 ff0 watchdog - thread 1, hb time 0
16:26:05:433 ff0 WATCHDOG: Thread 1 hangs in OpenCL call, you need to restart miner :( 
16:26:14:934 ff0 watchdog - thread 2, hb time 0
16:26:24:433 ff0 WATCHDOG: Thread 2 hangs in OpenCL call, you need to restart miner :( 
16:26:33:934 ff0 watchdog - thread 3, hb time 0
16:26:48:184 ff0 WATCHDOG: Thread 3 hangs in OpenCL call, you need to restart miner :( 
16:27:02:434 ff0 WATCHDOG: GPU memory error, you need to restart miner :( 
16:27:07:186 ff0 Restarting OK, exit...
 
 
16:31:54:368 1384 round found 1 shares
16:32:39:031 1384 round found 1 shares
16:33:17:476 13dc round found 1 shares
16:37:48:566 1b10 round found 1 shares
16:42:46:026 af0 round found 1 shares
16:43:10:765 1b10 round found 1 shares
16:44:29:889 13dc round found 1 shares
16:44:51:493 116c No new jobs were received for 20 mins - something wrong with this pool, disconnect.

  • 0

#3
ruggie_uk
Posted 16 January 2015 - 10:46 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Greetings DeZiekeNon

My nickname is Ruggie and I will be assisting you in cleaning your computer.

  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

 

We need to look with a different scanner to check this out properly for you.

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, you need the 64bit version.

  • Right click frst.png to run as administrator. >> Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

Drivers MD5
Shortcut.txt
Addition.txt

frst-addition.png

  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Items I need to see in your next post:

  • FRST.txt
  • Shortcut.txt
  • Addition.txt
     

  • 0

#4
DeZiekeNon
Posted 16 January 2015 - 12:46 PM

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by GD (administrator) on PC-VAN-GD on 16-01-2015 19:42:14
Running from C:\Users\GerrytDouwe\Desktop
Loaded Profiles: GD (Available profiles: GD)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft) C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Innovative Solutions) F:\DriverMax\innostp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Razer USA Ltd) F:\Drivers\Razer Mamba\RazerMambaSysTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) F:\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) F:\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) F:\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\Temp\svchost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Mamba Elite Driver] => F:\Drivers\Razer Mamba\RazerMambaSysTray.exe [974864 2012-12-21] (Razer USA Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Run: [DAEMON Tools Lite] => F:\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Run: [DriverMax] => F:\DriverMax\drivermax.exe [8790904 2014-08-19] (Innovative Solutions)
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Run: [DriverMax_RESTART] => [X]
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Run: [Spotify Web Helper] => C:\Users\GerrytDouwe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-18] (Spotify Ltd)
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\MountPoints2: {33929889-1a83-11e4-be9e-002618783dfc} - "H:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> F:\WibuKey\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> F:\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.nl.msn.com/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> F:\Office Pro 2010 EN\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> F:\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Office Pro 2010 EN\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Java\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Visio 2013 Pro\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> F:\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> F:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> F:\Office Pro 2010 EN\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> F:\Visio 2013 Pro\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> F:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.nl/
CHR StartupUrls: Default -> "hxxp://www.gomtv.net/2013wcs3/vod/80857", "https://mail.google....mail/u/0/#inbox", "hxxp://www.pathe.nl/bioscoop/groningen/agenda/6-9-2013", "hxxp://www.nzbindex.nl/search/?q=pacific+rim&age=&max=25&minage=&sort=agedesc&minsize=2000&maxsize=&dq=&poster=&nfo=&hidespam=0&hidespam=1&more=1", "hxxp://forum.dutchbodybuilding.com/", "https://mail.google.com/mail/u/0/", "https://www.google.nl/"
CHR Profile: C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (QR Code) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm [2014-07-22]
CHR Extension: (Media Hint) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb [2014-11-28]
CHR Extension: (Google Documenten) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-22]
CHR Extension: (Google Drive) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-22]
CHR Extension: (YouTube) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-22]
CHR Extension: (Netflix Rate) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofjbfnpecflopfknbpnhhpnegbflfph [2014-12-14]
CHR Extension: (Google Zoeken) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-22]
CHR Extension: (Mailto: for Gmail™) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2014-07-22]
CHR Extension: (witte ruis) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkjpdnomgodmagfmhojepjlajpoicip [2014-07-22]
CHR Extension: (AdBlock) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-22]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-12-27]
CHR Extension: (Rekenmachine) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao [2014-07-22]
CHR Extension: (Google Maps) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-07-22]
CHR Extension: (Google Wallet) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-22]
CHR Extension: (Greyscale) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm [2014-07-22]
CHR Extension: (Evernote Web Clipper) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-07-22]
CHR Extension: (Gmail) - C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2647256 2014-01-24] (Blue Coat Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Microsoft SharePoint Workspace Audit Service; F:\Office Pro 2010 EN\Office14\GROOVE.EXE [30814400 2013-12-18] (Microsoft Corporation)
S3 OpenVPNService; F:\OpenVPN\bin\openvpnserv.exe [37176 2014-08-07] (The OpenVPN Project)
S3 Origin Client Service; F:\Origin\OriginClientService.exe [1903472 2014-12-27] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-10-31] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2014-08-20] (Microsoft) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671000 2014-11-04] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R2 bckd; C:\Windows\System32\drivers\bckd.sys [126168 2014-01-24] (Blue Coat Systems, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-08-02] (Disc Soft Ltd)
R3 mamba2; C:\Windows\System32\drivers\mamba2.sys [11776 2012-12-10] (Razer USA Ltd)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG)
S3 Wibukey2_64; C:\Windows\system32\drivers\wibukey2_64.sys [16896 2009-08-07] (WIBU-SYSTEMS AG)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-07-21] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys 9539F7917B4B6D92C90F0FAA6B86C605
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys 374E27295F0A9DCAA8FC96370F9BEEA5
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys F0CB6DB513CAC393D04A0FCE0A59E1BF
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\System32\drivers\amdkmafd.sys F2FF8C1B41B3784EDBD5C6D5397F403C
C:\Windows\system32\DRIVERS\atikmdag.sys 81FCDBBA547919D59DC134ED717658B4
C:\Windows\system32\DRIVERS\atikmpag.sys AF6B384E03D15471EDCEDDDEBAA363B2
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\drivers\appid.sys 04951A9A937CBE28A2D3FEEA360B6D1F
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\system32\drivers\AtihdWB6.sys 517334A411CD079EE9AEF4C2167875A5
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\Windows\System32\drivers\bckd.sys C6CD10195F9D303F879147D2CB5CA7AB
C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697
C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7
C:\Windows\System32\drivers\bthhfenum.sys 746B9F94214915AECDE4B7FEA5FF9664
C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07
C:\Windows\System32\drivers\bthmodem.sys 66B791F6B11DC4303DD18A224A501542
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B
C:\Windows\System32\drivers\CLFS.sys 179A41249055D5F039F1B6703F3B6D2B
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys 4E1207CE16E615B0B7A70DC889F4500E
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\drivers\csc.sys EE2F3C0D6ADBC975D6B621EC15ACF4E2
C:\Windows\System32\drivers\dam.sys 315BA4BC19316D72B2E037534E048B93
C:\Windows\System32\Drivers\dfsc.sys A03F362C5557E238CBFA914689C77248
C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\system32\drivers\drmkaud.sys DDC11A202207C0400CBE07315B8FDE5E
C:\Windows\System32\drivers\dtsoftbus01.sys 33F90B202E9DD9B7D489EB59310FDC34
C:\Windows\System32\drivers\dxgkrnl.sys 313DCE665B57000B18CB26C6B6A10DFE
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9
C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys 6592D192E2823C043EDBC010E7774053
C:\Windows\System32\drivers\FsDepends.sys 35005534E600E993A90B036E4E599F2B
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\DRIVERS\fvevol.sys F152D55E497E12256290C43B31C7D0CE
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19
C:\Windows\system32\drivers\HdAudio.sys 56F69F7C25FB67C970997D7066DBC593
C:\Windows\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidbth.sys 1EA1B4FABB8CC348E73CA90DBA22E104
C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17
C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95
C:\Windows\System32\drivers\hidkmdf.sys 720DF11CACA61177EB779987F393086E
C:\Windows\System32\drivers\hidusb.sys 8DB8EAB9D0C6A5DF0BDCADEA239220B4
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\System32\drivers\HTTP.sys 9DDCA7F18983C5410DEFF79F819DF93C
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 84CFC5EFA97D0C965EDE1D56F116A541
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05
C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelpep.sys A770340FC02B999EF0DE6C2A6BC8437C
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys 9C096BF5E10CA8BFA56F32522A89FAF1
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys D90AB68D0FAC9F357F663670FDBB511E
C:\Windows\System32\drivers\kbdclass.sys 8BE92376799B6B44D543E8D07CDCF885
C:\Windows\System32\drivers\kbdhid.sys FB6E47E569D4872ABEB506BE03A45FBA
C:\Windows\System32\drivers\kbldfltr.sys DB7A09BC90DF20F44F16F8B0F9ED3491
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\Drivers\ksecdd.sys ADDECBCC777665BD113BED437E602AB0
C:\Windows\System32\Drivers\ksecpkg.sys 6D2EE96150E35B9EA49F2B481DE0369A
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\System32\drivers\mamba2.sys 385D4585532CB2AC616CD49CBAF2D7F5
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys CEAC6D40FE887CE8406C2393CF97DE06
C:\Windows\System32\drivers\mouhid.sys 02D98BF804084E9A0D69D1C69B02CCA9
C:\Windows\System32\drivers\mountmgr.sys 515549560D481138E6E21AF7C6998E56
C:\Windows\System32\drivers\mpsdrv.sys F170510BE94CF45E3C6274578F6204B2
C:\Windows\system32\drivers\mrxdav.sys DB32958F0E704EFBF7F15161A569E39F
C:\Windows\System32\DRIVERS\mrxsmb.sys 7A1A3F213CDB3363D179D5014272025D
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3E28B99198B514DFEB152EACF913025E
C:\Windows\System32\DRIVERS\mrxsmb20.sys C910E5D18958914A66F0E45689D0B40A
C:\Windows\system32\DRIVERS\bridge.sys E0927EFA25D473367C3341B9F5969779
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D
C:\Windows\system32\DRIVERS\mslldp.sys 375E44168F2DFB91A68B8A3F619C5A7C
C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6
C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\system32\DRIVERS\ASACPI.sys 640617B6E682A150C36BE39D78547F6C
C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\system32\DRIVERS\nwifi.sys 26ACA481FAFEC59FE311D719E3027BBA
C:\Windows\System32\drivers\ndis.sys E4B4BE2D7750849C07589DA0B0AABA01
C:\Windows\system32\DRIVERS\ndiscap.sys C6BB12BC35D1637CA17AE16D3A4725EB
C:\Windows\system32\DRIVERS\NdisImPlatform.sys B1AA3B19A2E596A59224F893E01A5A75
C:\Windows\system32\DRIVERS\ndistapi.sys 9423421E735BD5394351E0C47C76BB92
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\System32\Drivers\NDProxy.sys A5BD69A8812FA79D1A487691DD3FB244
C:\Windows\System32\drivers\Ndu.sys 5A072F0B90C29C5233D78BE33EF5ED78
C:\Windows\System32\DRIVERS\netbios.sys A83D67D347A684F10B7D3019C8A6380C
C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD
C:\Windows\system32\DRIVERS\netvsc63.sys 70414DB660BFBB7BD58FCE8EA4364E1B
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys E490B459978CB87779E84C761D22B827
C:\Windows\System32\Drivers\Ntfs.sys 038C77D577900EE39410662478BB0D50
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B
C:\Windows\System32\drivers\partmgr.sys EF0C1749C9A8CEE9A457473D433CC00F
C:\Windows\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys 24A8DFC07E4BAF29AEA26E383D4CC886
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys 8528BB05E4D4E25945F78B00B2555FB7
C:\Windows\system32\drivers\qwavedrv.sys 3FB466684609A4329858CF2EBD62E0FD
C:\Windows\System32\DRIVERS\rasacd.sys 2C56F0EE27E4EF70CA4B4983D3638905
C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys 9F08A6608F98B5407E7DDBCF306573EF
C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6
C:\Windows\System32\Drivers\ReFS.sys E515A287C8FAE901EB8FB42F168E14F2
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\system32\DRIVERS\Rt630x64.sys 19764658C1468C2C0CEF133D28414A6B
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys ABD0237B15DBD2B4695F4B7D734A58F7
C:\Windows\System32\drivers\sdbus.sys 7B7C482CF48E6EE33664340D1A78E6FE
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E
C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166
C:\Windows\System32\drivers\sermouse.sys 0BD2B65DCE756FDE95A2E5CCCBF7705D
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\System32\drivers\spaceport.sys 240C5C3793206725AA05665851E8C214
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\DRIVERS\srv.sys 6416E79A58A8FCC33A447A4DDDD3BF04
C:\Windows\System32\DRIVERS\srv2.sys 5BED3AB69797C8786EF70AEA8C33748B
C:\Windows\System32\DRIVERS\srvnet.sys D047CD668E6277FD80F0C613946F034C
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\DRIVERS\vmstorfl.sys 7A08CEE1535F5A448215634C5EA74E50
C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\storvsp.sys 03618F935379614837F915D04C45FC0E
C:\Windows\System32\drivers\swenum.sys 84E0F5D41C138C5CC975137A2A98F6D3
C:\Windows\system32\DRIVERS\tap0901.sys 7F5BFF7A547AE4BBF9CB8A80F844206C
C:\Windows\System32\drivers\tcpip.sys CCB3A2BB60FE5073F2DEA63FE83CF8FE
C:\Windows\system32\DRIVERS\tcpip.sys CCB3A2BB60FE5073F2DEA63FE83CF8FE
C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\Windows\system32\DRIVERS\tdx.sys FFF28F9F6823EB1756C60F1649560BBF
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\system32\drivers\tpm.sys 82F909359600D3603FE852DB7F135626
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys E0088068DCE2EE82897027DDB8E05254
C:\Windows\system32\DRIVERS\tunnel.sys C8E0E78B5D284C2FF59BDFFDAF997242
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys B034A41891A36457B994307DFA772293
C:\Windows\System32\DRIVERS\udfs.sys 1EC649F112896FAE33250F0B97AC5D0B
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\system32\drivers\usbaudio.sys DF355EB0199198728027962DCFCDE5FB
C:\Windows\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8
C:\Windows\System32\drivers\usbcir.sys B3D6457D841A0CAEF4C52D88621715F2
C:\Windows\System32\drivers\usbehci.sys 48BA326A3DBA5B5BEB5F2777F4618696
C:\Windows\System32\drivers\usbhub.sys FEF0BC107812B36849741C3211BA6B60
C:\Windows\System32\drivers\UsbHub3.sys 65392F3F3F65E4C6CC82A0F4F8A0B051
C:\Windows\System32\drivers\usbohci.sys 3019097FB6C985EF24C058090FF3BDBD
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\System32\drivers\USBSTOR.SYS 66732C13628BDB1AB0D6FD46027327C2
C:\Windows\System32\drivers\usbuhci.sys 064260B3A5868AC894A4943543BC7AB7
C:\Windows\System32\drivers\USBXHCI.SYS 48430B0313FC1CFE3D2400553F1A93CD
C:\Windows\System32\drivers\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys 52E483A3701A5A61A75A06993720347D
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\Vid.sys 3CE922E34DB12D9F3C0EA856BC09687C
C:\Windows\System32\drivers\vmbus.sys C6305BDFC4F7CE51F72BB072C03D4ACE
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\vmbusr.sys 68F8C26DEA2D42E8DEC0778943433C80
C:\Windows\System32\drivers\volmgr.sys 55D7D963DE85162F1C49721E502F9744
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 64CA2B4A49A8EAF495E435623ECCE7DB
C:\Windows\System32\drivers\vpci.sys 01355C98B5C3ED1EC446743CDA848FCE
C:\Windows\System32\drivers\vpcivsp.sys ADBE96C33D1A5BB1BBAF90B4BC84F523
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\vwifibus.sys BE970C369E43B509C1EDA2B8FA7CECB0
C:\Windows\System32\drivers\wachidrouter.sys D8DD34F9AC790781797A690C40906E09
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\System32\drivers\wacomrouterfilter.sys 8D151B5ACA3D12E00D119D1DC238B5DA
C:\Windows\System32\drivers\WdBoot.sys 0359607177E5E9F6041136CC0A5CB0B6
C:\Windows\System32\drivers\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\System32\drivers\WdFilter.sys DE8D12B4C3F55FA2C5E9774314F6C58A
C:\Windows\System32\Drivers\WdNisDrv.sys 4AD874CDC812EC156265E451B6B09DAB
C:\Windows\System32\DRIVERS\wfplwfs.sys BFBE1C5F57FE7A885673A1962D5532B7
C:\Windows\System32\DRIVERS\WibuKey64.sys F27BD4135954690B9C2C24258CACA933
C:\Windows\system32\drivers\wibukey2_64.sys 9B33BD737B6620E5DCD4909EFF719216
C:\Windows\System32\drivers\wimmount.sys 867BCC69ED9C31C501465EB0E8BA9DFA
C:\Windows\system32\DRIVERS\WinUsb.sys AC263C2F66405589528995AA41040599
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09
C:\Windows\System32\DRIVERS\wpcfltr.sys 182561A14F2E93E81E66FE3700D17A5A
C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\WudfPf.sys D537815E450A149752C15868392AD1F3
C:\Windows\System32\drivers\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC
C:\Windows\system32\DRIVERS\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC
C:\Windows\system32\DRIVERS\WUDFRd.sys 7CCBBCEE408A5DBE3FE47297DB5A6CFC
C:\Windows\System32\drivers\xusb22.sys A0F661902AFCAAD77CC2ED3894927A10
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 19:42 - 2015-01-16 19:42 - 00039704 _____ () C:\Users\GerrytDouwe\Desktop\FRST.txt
2015-01-16 19:41 - 2015-01-16 19:42 - 00000000 ____D () C:\FRST
2015-01-16 19:41 - 2015-01-16 19:41 - 02125312 _____ (Farbar) C:\Users\GerrytDouwe\Desktop\FRST64.exe
2015-01-14 13:06 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 13:06 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 13:06 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 13:06 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 13:06 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 13:06 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 13:06 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 13:06 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 13:06 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 13:06 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 13:06 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 13:06 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 13:06 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 13:06 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 13:06 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 13:06 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 13:06 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 13:06 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 13:06 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 13:06 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 13:06 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 13:06 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 13:06 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 13:06 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 13:06 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-09 11:21 - 2015-01-15 11:52 - 00062292 _____ () C:\WINDOWS\temp023423.vbe
2015-01-07 23:04 - 2015-01-07 23:05 - 00000000 ____D () C:\tmp
2015-01-07 23:03 - 2015-01-07 23:03 - 00000000 ____D () C:\Users\GerrytDouwe\.thumbnails
2015-01-07 16:22 - 2015-01-07 16:22 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\WTablet
2015-01-07 16:19 - 2015-01-07 16:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2015-01-07 16:19 - 2015-01-07 16:19 - 00000000 ____D () C:\Program Files\TabletPlugins
2015-01-07 16:19 - 2015-01-07 16:19 - 00000000 ____D () C:\Program Files\Tablet
2015-01-07 16:19 - 2015-01-07 16:19 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2015-01-07 16:19 - 2014-11-04 19:49 - 02029336 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomMT.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01995544 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Tablet.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01988888 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01863448 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wintab32.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01626392 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\WacomMT.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01617176 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01610008 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01497368 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wintab32.dll
2015-01-07 16:19 - 2014-10-07 00:54 - 00100664 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wachidrouter.sys
2015-01-07 16:19 - 2014-10-07 00:54 - 00015160 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wacomrouterfilter.sys
2015-01-07 16:19 - 2014-10-07 00:54 - 00014136 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\hidkmdf.sys
2015-01-07 16:19 - 2012-12-11 23:12 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfcoinstaller01009.dll
2015-01-02 00:42 - 2015-01-15 22:23 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\Octoshape
2015-01-02 00:42 - 2015-01-02 00:42 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\Mozilla
2014-12-30 19:01 - 2014-12-30 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-12-29 00:06 - 2014-12-29 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4 Update 6 - RELOADED + 17 Languages
2014-12-28 16:02 - 2014-12-28 16:02 - 464553862 _____ () C:\WINDOWS\MEMORY.DMP
2014-12-28 16:02 - 2014-12-28 16:02 - 00280328 _____ () C:\WINDOWS\Minidump\122814-17812-01.dmp
2014-12-26 23:16 - 2014-12-26 23:16 - 00280328 _____ () C:\WINDOWS\Minidump\122614-14812-01.dmp
2014-12-26 22:46 - 2014-12-26 22:46 - 00280328 _____ () C:\WINDOWS\Minidump\122614-15218-01.dmp
2014-12-19 21:10 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-19 21:10 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 19:20 - 2014-07-22 11:05 - 00001084 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-16 18:44 - 2014-07-20 15:35 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\Skype
2015-01-16 17:20 - 2014-07-22 11:05 - 00001080 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 13:04 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-16 12:16 - 2014-07-20 17:18 - 01693421 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-16 12:15 - 2013-08-22 15:46 - 00313627 _____ () C:\WINDOWS\setupact.log
2015-01-16 11:45 - 2014-07-20 14:10 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\Dropbox
2015-01-16 11:44 - 2014-09-02 12:15 - 00000236 _____ () C:\WINDOWS\Tasks\Application Starter - e59f1e4b45dd829c4c6703b808149960.job
2015-01-16 11:44 - 2014-07-20 17:24 - 00000000 ___DO () C:\Users\GerrytDouwe\OneDrive
2015-01-16 11:44 - 2014-03-18 11:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-16 11:37 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-16 01:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-16 01:09 - 2014-07-20 14:57 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Local\Battle.net
2015-01-15 11:52 - 2014-08-14 14:39 - 00000000 ____D () C:\ProgramData\Origin
2015-01-14 13:33 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-14 13:32 - 2014-07-20 13:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 13:28 - 2014-07-20 13:35 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-12 13:46 - 2014-07-20 12:52 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2567469324-3570782199-4075575107-1001
2015-01-10 00:38 - 2014-07-20 17:13 - 00000000 ____D () C:\Users\GerrytDouwe
2015-01-07 23:52 - 2014-07-20 14:26 - 00000000 ___RD () C:\Users\GerrytDouwe\Desktop\Software
2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 13:29 - 2014-07-20 15:35 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\vlc
2015-01-04 01:47 - 2014-07-27 20:47 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\BitTorrent
2015-01-03 21:46 - 2014-10-21 20:22 - 00000000 ____D () C:\Users\GerrytDouwe\Documents\Telltale Games
2015-01-03 19:44 - 2014-07-25 14:19 - 01628672 ___SH () C:\Users\GerrytDouwe\Desktop\Thumbs.db
2014-12-31 12:14 - 2014-07-20 13:22 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-28 19:24 - 2014-07-20 14:26 - 00000000 ___RD () C:\Users\GerrytDouwe\Desktop\Games
2014-12-28 16:02 - 2014-08-02 21:23 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-28 01:37 - 2014-08-14 14:39 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-27 22:45 - 2014-08-14 15:12 - 00000000 ____D () C:\Users\GerrytDouwe\Documents\Electronic Arts
2014-12-27 12:46 - 2014-08-14 14:41 - 00000000 ___HD () C:\Users\GerrytDouwe\AppData\Roaming\Origin
2014-12-26 14:47 - 2014-07-20 17:09 - 00000426 _____ () C:\WINDOWS\BRWMARK.INI
2014-12-23 11:21 - 2014-07-20 15:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-23 11:21 - 2014-07-20 15:35 - 00000000 ____D () C:\ProgramData\Skype
2014-12-22 20:37 - 2014-07-20 15:08 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Local\Microsoft Help
2014-12-18 00:40 - 2014-07-20 14:10 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-17 22:01 - 2014-12-09 22:14 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\TS3Client
 
Files to move or delete:
====================
C:\Users\GerrytDouwe\AppData\Roaming\Origin\update.vbe
 
 
Some content of TEMP:
====================
C:\Users\GerrytDouwe\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\GerrytDouwe\AppData\Local\Temp\AskSLib.dll
C:\Users\GerrytDouwe\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphbblda.dll
C:\Users\GerrytDouwe\AppData\Local\Temp\InstHelper.exe
C:\Users\GerrytDouwe\AppData\Local\Temp\k9-webprotection-4.4.276.exe
C:\Users\GerrytDouwe\AppData\Local\Temp\ose00000.exe
C:\Users\GerrytDouwe\AppData\Local\Temp\unins000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-15 12:04
 
==================== End Of Log ============================
 
Users shortcut scan result (x64) Version: 15-01-2015 01
Ran by GD at 2015-01-16 19:44:30
Running from C:\Users\GerrytDouwe\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk -> F:\Adobe Photoshop 5.1\Adobe Bridge CS5.1\Bridge.exe (Adobe Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk -> F:\Adobe Photoshop 5.1\Adobe Device Central CS5.5\DeviceCentral.exe (Adobe Systems Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk -> C:\Program Files (x86)\Adobe\Adobe Utilities - CS5.5\ExtendScript Toolkit CS5.5\ExtendScript Toolkit.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk -> F:\Adobe Photoshop 5.1\Adobe Extension Manager CS5.5\Adobe Extension Manager CS5.5.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk -> C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk -> F:\Adobe Photoshop 5.1\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk -> C:\Windows\Camera\Camera.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk -> C:\Windows\FileManager\FileManager.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk -> C:\Windows\FileManager\PhotosApp.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk -> C:\Windows\WinStore\WinStore.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 16.5.lnk -> F:\WinZip\WINZIP64.EXE (WinZip Computing, S.L.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> F:\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> F:\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> F:\WinRAR\WinRAR.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WibuKey\Network Server.lnk -> F:\WibuKey\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WibuKey\Server Monitor.lnk -> F:\WibuKey\Bin\WkSvMon.exe (WIBU-SYSTEMS AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WibuKey\WibuKey Help (English).lnk -> F:\WibuKey\Help\WKUSEUS.CHM ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet\Wacom Desktop Center.lnk -> C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe (Wacom Technology, Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet\Wacom Display Settings.lnk -> C:\Program Files\Tablet\Wacom\32\LCDSettings.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet\Wacom Tablet Preference File Utility.lnk -> C:\Program Files\Tablet\Wacom\32\PrefUtil.exe (Wacom Technology, Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet\Wacom Tablet Properties.lnk -> C:\Program Files\Tablet\Wacom\Professional_CPL.exe (Wacom Technology, Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4 Update 6 - RELOADED + 17 Languages\Uninstall The Sims 4 Update 6 - RELOADED + 17 Languages.lnk -> E:\Games\The Sims 4\Uninstall ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tecnomatix\Plant Simulation 10.1 (64-bit)\Online Help.lnk -> F:\Tecnomatic Plant Simulation\Help\Plant Simulation ENU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tecnomatix\Plant Simulation 10.1 (64-bit)\Online-Hilfe.lnk -> F:\Tecnomatic Plant Simulation\Help\Plant Simulation DEU.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tecnomatix\Plant Simulation 10.1 (64-bit)\Plant Simulation 10.1.lnk -> F:\Tecnomatic Plant Simulation\PlantSimulation10_1.exe (Siemens Product Lifecycle Management Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows\Utilities\Add a new TAP virtual ethernet adapter.lnk -> C:\Program Files\TAP-Windows\bin\addtap.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows\Utilities\Delete ALL TAP virtual ethernet adapters.lnk -> C:\Program Files\TAP-Windows\bin\deltapall.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> E:\Games\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Network Server.lnk -> F:\WibuKey\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II\StarCraft II.lnk -> E:\Games\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype voor bureaublad.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Mamba\Razer Mamba Configurator.lnk -> F:\Drivers\Razer Mamba\RazerMambaConfig.exe (Razer USA Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Mamba\Razer Mamba Help.lnk -> F:\Drivers\Razer Mamba\Manuals\index.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Mamba\Razerzone Homepage.lnk -> F:\Drivers\Razer Mamba\lang\Razer Website ENG.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\OpenVPN GUI.lnk -> F:\OpenVPN\bin\openvpn-gui.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Uninstall OpenVPN.lnk -> F:\OpenVPN\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Shortcuts\OpenVPN configuration file directory.lnk -> F:\OpenVPN\config ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Shortcuts\OpenVPN log file directory.lnk -> F:\OpenVPN\log ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Shortcuts\OpenVPN Sample Configuration Files.lnk -> F:\OpenVPN\sample-config ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Manual Page.lnk -> F:\OpenVPN\doc\openvpn.8.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Windows Notes.lnk -> F:\OpenVPN\doc\INSTALL-win32.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixMeister\MixMeister BPM Analyzer.lnk -> F:\MixMeister BPM Analyzer\BpmAnalyzer.exe (MixMeister Technology LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Visio 2013.lnk -> C:\Windows\Installer\{91150000-0051-0000-0000-0000000FF1CE}\visicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk -> C:\Windows\Installer\{91150000-0051-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk -> C:\Windows\Installer\{91150000-0051-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> F:\Java\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm\Heroes of the Storm.lnk -> E:\Games\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Evernote.lnk -> C:\Windows\Installer\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}\Evernote.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax\DriverMax.lnk -> F:\DriverMax\drivermax.exe (Innovative Solutions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax\Other products by Innovative Solutions.lnk -> F:\DriverMax\dmx.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax\Uninstall DriverMax.lnk -> F:\DriverMax\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\HWMonitor.lnk -> F:\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\Uninstall HWMonitor.lnk -> F:\HWMonitor\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk -> F:\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk -> F:\CPU-Z\cpuz.ini ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk -> F:\CPU-Z\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Coat K9 Web Protection\Uninstall Blue Coat K9 Web Protection.lnk -> C:\Program Files\Blue Coat K9 Web Protection\uninst.exe (Blue Coat Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\GerrytDouwe\Documents ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\GerrytDouwe\Pictures ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\Links\Desktop.lnk -> C:\Users\GerrytDouwe\Desktop ()
Shortcut: C:\Users\GerrytDouwe\Links\Downloads.lnk -> C:\Users\GerrytDouwe\Downloads ()
Shortcut: C:\Users\GerrytDouwe\Links\Dropbox.lnk -> G:\Documenten\Studie\Dropbox ()
Shortcut: C:\Users\GerrytDouwe\Documents\StarCraft II\[email protected] -> C:\Users\GerrytDouwe\Documents\StarCraft II\Accounts\118721307\1-S2-1-4328327 ()
Shortcut: C:\Users\GerrytDouwe\Documents\StarCraft II\[email protected] -> C:\Users\GerrytDouwe\Documents\StarCraft II\Accounts\118721307\2-S2-1-1538006 ()
Shortcut: C:\Users\GerrytDouwe\Documents\StarCraft II\[email protected] -> C:\Users\GerrytDouwe\Documents\StarCraft II\Accounts\106354943\2-S2-1-280065 ()
Shortcut: C:\Users\GerrytDouwe\Documents\StarCraft II\[email protected] -> C:\Users\GerrytDouwe\Documents\StarCraft II\Accounts\101535634\2-S2-1-1641528 ()
Shortcut: C:\Users\GerrytDouwe\Documents\Heroes of the Storm\[email protected] -> C:\Users\GerrytDouwe\Documents\Heroes of the Storm\Accounts\101535634\2-Hero-1-491941 ()
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\Adobe Photoshop CS5.1 (64 Bit).lnk -> F:\Adobe Photoshop 5.1\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\BitTorrent.lnk -> C:\Users\GerrytDouwe\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\Blender.lnk -> F:\Blender\blender.exe (Blender Foundation)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\CPUID CPU-Z.lnk -> F:\CPU-Z\cpuz.exe (CPUID)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\CPUID HWMonitor.lnk -> F:\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\Creative Centrale.lnk -> C:\Program Files (x86)\Creative\Creative Centrale\Centrale.exe (No File)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\DAEMON Tools Lite.lnk -> F:\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\DriverMax.lnk -> F:\DriverMax\drivermax.exe (Innovative Solutions)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\Evernote.lnk -> C:\WINDOWS\Installer\{B1A0F908-1448-11E4-8684-00163E98E7D0}\Evernote.ico (No File)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\GameMaker-Studio.lnk -> F:\GameMaker-Studio 1.3\GameMaker-Studio.exe (YoYo Games Ltd.)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\MixMeister BPM Analyzer.lnk -> F:\MixMeister BPM Analyzer\BpmAnalyzer.exe (MixMeister Technology LLC)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\NetBalancer.lnk -> F:\NetBalancer\SeriousBit.NetBalancer.UI.exe (No File)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\OpenVPN GUI.lnk -> F:\OpenVPN\bin\openvpn-gui.exe ()
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\Pencil.lnk -> F:\Pencil\Pencil.exe ()
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\SABnzbd.lnk -> F:\SABnzbd\SABnzbd.exe ()
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\Speccy.lnk -> F:\Speccy\Speccy64.exe (Piriform Ltd)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\TeamSpeak 3 Client.lnk -> F:\TeamSpeak\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\GerrytDouwe\Desktop\Software\VLC.lnk -> F:\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\GerrytDouwe\Desktop\Games\Far Cry 3.lnk -> E:\Games\Far Cry 3\bin\farcry3.exe (Ubisoft Entertainment)
Shortcut: C:\Users\GerrytDouwe\Desktop\Games\Origin.lnk -> F:\Origin\Origin.exe (Electronic Arts)
Shortcut: C:\Users\GerrytDouwe\Desktop\Games\Paradigm.lnk -> E:\Games\Paradigm\Paradigm.exe (Visionaire Studio)
Shortcut: C:\Users\GerrytDouwe\Desktop\Games\Play Unreal Tournament 2004.lnk -> E:\Games\UT 2004\Unreal Tournament 2004\play-UT2004.exe ()
Shortcut: C:\Users\GerrytDouwe\Desktop\Games\Steam.lnk -> E:\Games\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\GerrytDouwe\Desktop\Games\The Sims 4.lnk -> E:\Games\The Sims 4\Game\Bin\TS4.exe (Electronic Arts Inc.)
Shortcut: C:\Users\GerrytDouwe\Desktop\Games\Uplay.lnk -> E:\Games\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\GerrytDouwe\Documents ()
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Libraries.lnk -> C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Libraries ()
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\GerrytDouwe\Pictures ()
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\GerrytDouwe\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> F:\WinRAR\Rar.txt ()
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> F:\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> F:\WinRAR\WinRAR.exe ()
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in\Uninstall Winamp Detector Plug-in.lnk -> F:\Winamp Detect\UninstWaDetect.exe (Nullsoft, Inc.)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk -> E:\Games\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk -> E:\Games\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk -> F:\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.3\GameMaker-Studio 1.3 Help.lnk -> C:\Users\GerrytDouwe\AppData\Roaming\GameMaker-Studio\5pice.chm ()
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.3\GameMaker-Studio 1.3.lnk -> F:\GameMaker-Studio 1.3\GameMaker-Studio.exe (YoYo Games Ltd.)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.3\Uninstall.lnk -> F:\GameMaker-Studio 1.3\uninstall.exe ()
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\SendTo\Evernote.lnk -> F:\Evernote\Evernote.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Battle.net Setup.lnk -> E:\Games\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Evernote.lnk -> C:\Windows\Installer\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}\Evernote.ico ()
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SABnzbd.lnk -> F:\SABnzbd\SABnzbd.exe ()
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Winamp.lnk -> F:\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7111c0ce965b7246\Battle.net.lnk -> E:\Games\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\GerrytDouwe\AppData\Local\Innovative Solutions\DriverMax\DriverMax.lnk -> F:\DriverMax\drivermax.exe (Innovative Solutions)
 
 
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tecnomatix\Plant Simulation 10.1 (64-bit)\License Types\Plant Simulation Application.lnk -> F:\Tecnomatic Plant Simulation\PlantSimulation10_1.exe (Siemens Product Lifecycle Management Software Inc.) -> /L Application
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tecnomatix\Plant Simulation 10.1 (64-bit)\License Types\Plant Simulation Education.lnk -> F:\Tecnomatic Plant Simulation\PlantSimulation10_1.exe (Siemens Product Lifecycle Management Software Inc.) -> /L Educational
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tecnomatix\Plant Simulation 10.1 (64-bit)\License Types\Plant Simulation Professional.lnk -> F:\Tecnomatic Plant Simulation\PlantSimulation10_1.exe (Siemens Product Lifecycle Management Software Inc.) -> /L Development
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tecnomatix\Plant Simulation 10.1 (64-bit)\License Types\Plant Simulation Research.lnk -> F:\Tecnomatic Plant Simulation\PlantSimulation10_1.exe (Siemens Product Lifecycle Management Software Inc.) -> /L Research
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tecnomatix\Plant Simulation 10.1 (64-bit)\License Types\Plant Simulation Runtime.lnk -> F:\Tecnomatic Plant Simulation\PlantSimulation10_1.exe (Siemens Product Lifecycle Management Software Inc.) -> /L Runtime
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tecnomatix\Plant Simulation 10.1 (64-bit)\License Types\Plant Simulation Standard.lnk -> F:\Tecnomatic Plant Simulation\PlantSimulation10_1.exe (Siemens Product Lifecycle Management Software Inc.) -> /L Standard
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tecnomatix\Plant Simulation 10.1 (64-bit)\License Types\Plant Simulation Student.lnk -> F:\Tecnomatic Plant Simulation\PlantSimulation10_1.exe (Siemens Product Lifecycle Management Software Inc.) -> /L Student
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tecnomatix\Plant Simulation 10.1 (64-bit)\License Types\Plant Simulation Viewer.lnk -> F:\Tecnomatic Plant Simulation\PlantSimulation10_1.exe (Siemens Product Lifecycle Management Software Inc.) -> /L Viewer
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Utilities\Generate a static OpenVPN key.lnk -> F:\OpenVPN\bin\openvpn.exe (The OpenVPN Project) -> --pause-exit --verb 3 --genkey --secret "F:\OpenVPN\config\key.txt"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe () ->  /design 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> F:\Java\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> F:\Java\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Product Registration.lnk -> C:\Program Files (x86)\Creative\Product Registration\English\InetReg.exe (Creative Technology Ltd) -> /PreProcess=RegFlash.exe /PortableDevice
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Coat K9 Web Protection\Blue Coat K9 Web Protection Admin.lnk -> C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.) -> admin
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /systemstartup
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.3\GameMaker-Studio 1.3 License.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) -> C:\Users\GerrytDouwe\AppData\Roaming\GameMaker-Studio\License.txt
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Plant Simulation Education.lnk -> F:\Tecnomatic Plant Simulation\PlantSimulation10_1.exe (Siemens Product Lifecycle Management Software Inc.) -> /L Educational
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\GerrytDouwe\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN HOWTO.url -> hxxp://openvpn.net/howto.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Support.url -> https://community.op...iki/GettingHelp
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Web Site.url -> hxxp://openvpn.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Wiki.url -> https://community.op...t/openvpn/wiki/
InternetURL: C:\Users\GerrytDouwe\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\GerrytDouwe\Desktop\Games\Batman Arkham Origins.url -> steam://rungameid/209000
InternetURL: C:\Users\GerrytDouwe\Desktop\Games\Brothers - A Tale of Two Sons.url -> steam://rungameid/225080
InternetURL: C:\Users\GerrytDouwe\Desktop\Games\Gone Home.url -> steam://rungameid/232430
InternetURL: C:\Users\GerrytDouwe\Desktop\Games\Tales from the Borderlands.url -> steam://rungameid/330830
InternetURL: C:\Users\GerrytDouwe\Desktop\Games\The Stanley Parable Demo.url -> steam://rungameid/247750
InternetURL: C:\Users\GerrytDouwe\Desktop\Games\The Walking Dead Season Two.url -> steam://rungameid/261030
InternetURL: C:\Users\GerrytDouwe\Desktop\Games\The Walking Dead.url -> steam://rungameid/207610
InternetURL: C:\Users\GerrytDouwe\Desktop\Games\The Wolf Among Us.url -> steam://rungameid/250320
InternetURL: C:\Users\GerrytDouwe\Desktop\Games\Watch_Dogs.url -> uplay://launch/274
InternetURL: C:\Users\GerrytDouwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com
 
==================== End of log =============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by GD at 2015-01-16 19:43:26
Running from C:\Users\GerrytDouwe\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
BitTorrent (HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
Blender (HKLM\...\Blender) (Version: 2.72b - Blender Foundation)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.276 - Blue Coat Systems, Inc.)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version:  - Starbreeze Studios AB)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.38.0.458 - Innovative Solutions)
Dropbox (HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
GameMaker-Studio 1.3 (HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\GameMaker-Studio13) (Version:  - YoYo Games Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Livestreamer 1.10.2 (HKLM-x32\...\Livestreamer) (Version:  - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version:  - MixMeister Technology LLC)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenVPN 2.3.4-I603  (HKLM\...\OpenVPN) (Version: 2.3.4-I603 - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Razer Mamba (HKLM-x32\...\{060B61F0-50BD-4043-AB77-B3EF5769569A}) (Version: 2.04.00 - Razer USA Ltd.)
SABnzbd 0.7.18 (HKLM-x32\...\SABnzbd) (Version: 0.7.18 - The SABnzbd Team)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spotify (HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tales from the Borderlands (HKLM-x32\...\Steam App 330830) (Version:  - Telltale Games)
TAP-Windows 9.21.0 (HKLM\...\TAP-Windows) (Version: 9.21.0 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tecnomatix Plant Simulation 10.1 (64-bit) (HKLM\...\{8B9A53A0-867E-4ED3-8A11-57C254AD8D64}) (Version: 10.1.7 - Siemens PLM Software Inc.)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims 4 Update 6 - RELOADED Multi17 (HKLM-x32\...\The Sims 4 Update 6 - RELOADED Multi17) (Version:  - )
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - Telltale Games)
Uplay (HKLM-x32\...\Uplay) (Version: 4.6 - Ubisoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.10w2 - Wacom Technology Corp.)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00b of 2011-Jan-12 (Build 132) (Setup) - WIBU-SYSTEMS AG)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2567469324-3570782199-4075575107-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2567469324-3570782199-4075575107-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> F:\Blender\BlendThumb64.dll ()
CustomCLSID: HKU\S-1-5-21-2567469324-3570782199-4075575107-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2567469324-3570782199-4075575107-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2567469324-3570782199-4075575107-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2567469324-3570782199-4075575107-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2567469324-3570782199-4075575107-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2567469324-3570782199-4075575107-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2567469324-3570782199-4075575107-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2567469324-3570782199-4075575107-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
30-12-2014 19:00:23 Installed Evernote v. 5.8.1
08-01-2015 10:16:41 Scheduled Checkpoint
14-01-2015 13:27:28 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2014-09-11 14:31 - 00005715 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.ipp
 
There are 106 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1564C8E7-205A-4DB0-AB41-D963BECD7A7F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {297E934B-52E7-48AE-B923-E2DA51C09145} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-22] (Google Inc.)
Task: {927C42DB-839D-4EC1-A57A-0D14997E640A} - System32\Tasks\Application Starter - e59f1e4b45dd829c4c6703b808149960 => F:\DriverMax\innostp.exe [2014-08-19] (Innovative Solutions)
Task: {A8D6787D-EB7A-44C5-A413-EF38EAA62123} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-22] (Google Inc.)
Task: {AEB39F96-336B-433D-84A0-0C4DF7B1535C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {C12F780E-7DB5-42EB-9E05-264BD53EDADD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {DCA0F7F6-4F7A-407B-A595-74B067ECFC57} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DFBEE9F1-3A84-4C56-A738-BA6AA8C3D205} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Application Starter - e59f1e4b45dd829c4c6703b808149960.job => F:\DriverMax\innostp.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-31 23:46 - 2014-10-31 23:46 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-31 23:49 - 2008-06-20 00:41 - 00062464 _____ () F:\WinRAR\rarext64.dll
2015-01-07 16:19 - 2014-11-04 19:49 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-01-09 11:21 - 2015-01-16 11:45 - 01605120 _____ () C:\Windows\Temp\svchost.exe
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-16 11:45 - 2015-01-16 11:45 - 00043008 _____ () c:\Users\GerrytDouwe\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphbblda.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\GerrytDouwe\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () F:\Office Pro 2010 EN\Office14\1033\GrooveIntlResource.dll
2014-12-11 22:20 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 22:20 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 22:20 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 22:20 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 21121032 _____ () F:\Evernote\libcef.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00098312 _____ () F:\Evernote\websockets.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00439304 _____ () F:\Evernote\libxml2.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00321032 _____ () F:\Evernote\libtidy.dll
2014-12-17 15:10 - 2014-12-17 15:10 - 00988696 _____ () F:\Evernote\avcodec-54.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00138776 _____ () F:\Evernote\avutil-51.dll
2014-12-17 15:11 - 2014-12-17 15:11 - 00195096 _____ () F:\Evernote\avformat-54.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\GerrytDouwe\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Network Server.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\StartupApproved\Run: => "DriverMax"
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\StartupApproved\Run: => "NetBalancer"
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\StartupApproved\Run: => "Octoshape Streaming Services"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2567469324-3570782199-4075575107-500 - Administrator - Disabled)
GD (S-1-5-21-2567469324-3570782199-4075575107-1001 - Administrator - Enabled) => C:\Users\GerrytDouwe
Guest (S-1-5-21-2567469324-3570782199-4075575107-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2567469324-3570782199-4075575107-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/16/2015 07:28:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x1528
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (01/16/2015 07:23:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x18ec
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (01/16/2015 06:42:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x1208
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (01/16/2015 06:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x9c8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (01/16/2015 06:25:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x894
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (01/16/2015 06:20:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x61c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (01/16/2015 06:18:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x18c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (01/16/2015 06:17:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x16e8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (01/16/2015 06:16:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0x15e8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
Error: (01/16/2015 06:15:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Faulting module name: svchost.exe, version: 0.0.0.0, time stamp: 0x543cdb10
Exception code: 0xc0000094
Fault offset: 0x000000000002814d
Faulting process id: 0xa1c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5
 
 
System errors:
=============
Error: (01/16/2015 11:38:52 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Time service hung on starting.
 
Error: (01/16/2015 11:37:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error: 
%%3
 
Error: (01/15/2015 11:51:42 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Time service hung on starting.
 
Error: (01/15/2015 11:50:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error: 
%%3
 
Error: (01/14/2015 00:55:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Time service hung on starting.
 
Error: (01/14/2015 00:54:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error: 
%%3
 
Error: (01/13/2015 11:48:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Time service hung on starting.
 
Error: (01/13/2015 11:47:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error: 
%%3
 
Error: (01/12/2015 00:36:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Time service hung on starting.
 
Error: (01/12/2015 00:35:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (01/16/2015 07:28:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d152801d031b6c687461dC:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe6edf97e9-9dad-11e4-bf73-002618783dfc
 
Error: (01/16/2015 07:23:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d18ec01d031b0f81bed17C:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exec19b4358-9dac-11e4-bf73-002618783dfc
 
Error: (01/16/2015 06:42:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d120801d031af02c687f7C:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe010e6191-9da7-11e4-bf73-002618783dfc
 
Error: (01/16/2015 06:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d9c801d031ae967b14a9C:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exedbd2ee6d-9da4-11e4-bf73-002618783dfc
 
Error: (01/16/2015 06:25:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d89401d031adf97af5b1C:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exea1123e97-9da4-11e4-bf73-002618783dfc
 
Error: (01/16/2015 06:20:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d61c01d031adabe2d89bC:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exef9da01cd-9da3-11e4-bf73-002618783dfc
 
Error: (01/16/2015 06:18:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d18c01d031ad8ffe8b6aC:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe9f626aa0-9da3-11e4-bf73-002618783dfc
 
Error: (01/16/2015 06:17:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d16e801d031ad7533c8a8C:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe884a5d88-9da3-11e4-bf73-002618783dfc
 
Error: (01/16/2015 06:16:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814d15e801d031ad3f6cd23aC:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe6b645400-9da3-11e4-bf73-002618783dfc
 
Error: (01/16/2015 06:15:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe0.0.0.0543cdb10svchost.exe0.0.0.0543cdb10c0000094000000000002814da1c01d031aced98d054C:\Windows\Temp\svchost.exeC:\Windows\Temp\svchost.exe34779def-9da3-11e4-bf73-002618783dfc
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-16 12:31:28.257
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-15 13:07:48.885
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-15 13:07:33.452
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-15 12:05:23.994
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 12:19:14.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-11 12:37:04.452
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-10 12:17:49.501
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-09 11:38:29.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-08 10:04:55.744
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-07 12:40:57.590
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 965 Processor
Percentage of memory in use: 31%
Total physical RAM: 8190.18 MB
Available physical RAM: 5579.36 MB
Total Pagefile: 16382.18 MB
Available Pagefile: 12999.06 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
 
==================== Drives ================================
 
Drive c: (Windows 7) (Fixed) (Total:71.37 GB) (Free:24.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (KEEPING_IT_SIMPLE) (CDROM) (Total:3.95 GB) (Free:0 GB) UDF
Drive e: (Games) (Fixed) (Total:139.73 GB) (Free:41.84 GB) NTFS
Drive f: (Software) (Fixed) (Total:68.36 GB) (Free:61.24 GB) NTFS
Drive g: (Data) (Fixed) (Total:931.51 GB) (Free:163.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 139.7 GB) (Disk ID: 390E390E)
Partition 1: (Active) - (Size=71.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 139.7 GB) (Disk ID: 9132A086)
Partition 1: (Not Active) - (Size=139.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6EF062E4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 

  • 0

#5
ruggie_uk
Posted 16 January 2015 - 01:00 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, before we go any further, we need to address the following first.

 

 

! Piracy Warning !


It appears that you have pirated material on your computer.

Here at Geeks to Go we DO NOT support pirated material at all and maintain a zero tolerance policy.

If you wish our help to continue, please uninstall the following programs:

Adobe CS5

 

 

noentry32.png P2P WARNING!

It appears that there is at least one Peer to Peer(P2P) program on your computer:

Bittorrent

Whilst some P2P programs themselves may be harmless, we at GeeksToGo do not recommend their use due to the extremely high likelyhood of obtaining an infection from files that have been downloaded. This may range from annoying adware to malicious trojans stealing your passwords and other personal information.

There is also the risk of inadvertently sharing information that wasn't intended due to incorrectly configured software.

It is highly likely that this is the source of the issue that brought you here today. And if not, probably what will bring you back at a later date.

Here are some useful links regarding the dangers of P2P software.


  • 0

#6
DeZiekeNon
Posted 16 January 2015 - 01:06 PM

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Done and noted. Would buy it if it was reasonably priced  :upset: What's next?


  • 0

#7
ruggie_uk
Posted 16 January 2015 - 02:01 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Would buy it if it was reasonably priced

Understood but do we have rules here :D
 
Step 1
 
FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   1.36KB   194 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Step 2

 

 jrt.png Junkware Removal Tool
Please download Junkware Removal Tool to your desktop. << Important
Ensure that any security software is temporarily disabled for the duration of the scan. Don't forget to re-enable it afterwards.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking jrt.png and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Step 3

 

adwcleaner.png AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.png AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
 

Items I need to see in your next post:

  • FRST Fixlog
  • JRT Log
  • ADWcleaner scan log
  • How is your computer behaving now?

 


  • 0

#8
DeZiekeNon
Posted 16 January 2015 - 02:38 PM

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Double post. I didn't see this one somehow.


Edited by DeZiekeNon, 16 January 2015 - 03:00 PM.

  • 0

#9
DeZiekeNon
Posted 16 January 2015 - 02:49 PM

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
The C:\temp folder is empty and there are no new Claymore CryptoNote CPU Miner logs. The fake svchost processes are gone and the CPU usage is normal.
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by GD at 2015-01-16 21:27:36 Run:1
Running from C:\Users\GerrytDouwe\Desktop
Loaded Profiles: GD (Available profiles: GD)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
createrestorepoint:
hosts:
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Run: [DriverMax] => F:\DriverMax\drivermax.exe [8790904 2014-08-19] (Innovative Solutions)
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\...\Run: [DriverMax_RESTART] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
2015-01-02 00:42 - 2015-01-15 22:23 - 00000000 ____D () C:\Users\GerrytDouwe\AppData\Roaming\Octoshape
[2015-01-15 22:23:33 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\Octoshape
 
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
emptytemp:
end
*****************
 
Restore point was successfully created.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager => Value not found.
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DriverMax => value deleted successfully.
HKU\S-1-5-21-2567469324-3570782199-4075575107-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DriverMax_RESTART => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
SwitchBoard => Service not found.
C:\Users\GerrytDouwe\AppData\Roaming\Octoshape => Moved successfully.
[2015-01-15 22:23:33 | 000,000,000 | ---D | M] -- C:\Users\GerrytDouwe\AppData\Roaming\Octoshape => Error: No automatic fix found for this entry.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
EmptyTemp: => Removed 1.9 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:28:29 ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Pro x64
Ran by GD on vr 16-01-2015 at 21:41:29,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\GerrytDouwe\appdata\local\google\chrome\user data\default\local storage\http_www.azlyrics.com_0.localstorage"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 16-01-2015 at 21:43:05,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v4.107 - Report created 16/01/2015 at 21:56:25
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : GD - PC-VAN-GD
# Running from : C:\Users\GerrytDouwe\Desktop\adwcleaner_4.107.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://nl.softonic.com/s/{searchTerms}
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.zalando.nl/catalogus/?q={searchTerms}&_sourcePage=ZXPfcI4rlEJcmX_qFEt5x6tz4xC4pd7h-OqSg-LlTpZH9rLHaZQ2wZFzk8lRmPY_&_xtk=gSl8hUAAszI3jVdWCZ2MDtqiPhAtyn2TlTjNb92f5qnTVtSvU5jC1H8NuC80ZTpJ&__fp=bjMKc-gbGf4%3D
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://vigilantcitizen.com/search-results/?cx=partner-pub-1668566888676657%3A7092101051&cof=FORID%3A10&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=vigilantcitizen.com%2F&ref=&ss=3032j974912j15
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2047 octets] - [16/01/2015 21:56:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2107 octets] ##########
 
 

Edited by DeZiekeNon, 16 January 2015 - 03:04 PM.

  • 0

#10
ruggie_uk
Posted 16 January 2015 - 03:13 PM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Excellent.

 

Let's finish adwcleaner and do some final scans to make sure you are all clear.

 

Step 1

 

adwcleaner.png Re-run AdwCleaner

Close all open windows and browsers.

  • Right click the adwcleaner.png AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

 

Step 2

 

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here (or re-run it if you already have it installed)

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
  • Now select the Settings tab, and check the box next to Scan for rootkits and ensure the PUP and PUM options are selected to treat as malware:
    mbam-select.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    mbam-scan.png
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


Then...

Please run a free online scan with the ESET Online Scanner

<< Please disable any existing anti virus product before performing the following. >>

  • Click Run Eset Online Scanner


Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start[
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:

eset-selections.png

  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology


eset-selections.png

  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Items I need to see in your next post:

  • ADWcleaner Clean log
  • Malwarebytes log
  • ESET Log

 


  • 1

Advertisements

#11
DeZiekeNon
Posted 16 January 2015 - 04:06 PM

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
ESET scanner found a bunch of infections  :o
 
# AdwCleaner v4.107 - Report created 16/01/2015 at 23:01:48
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : GD - PC-VAN-GD
# Running from : C:\Users\GerrytDouwe\Desktop\adwcleaner_4.107.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nl.softonic.com/s/{searchTerms}
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.zalando.nl/catalogus/?q={searchTerms}&_sourcePage=ZXPfcI4rlEJcmX_qFEt5x6tz4xC4pd7h-OqSg-LlTpZH9rLHaZQ2wZFzk8lRmPY_&_xtk=gSl8hUAAszI3jVdWCZ2MDtqiPhAtyn2TlTjNb92f5qnTVtSvU5jC1H8NuC80ZTpJ&__fp=bjMKc-gbGf4%3D
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vigilantcitizen.com/search-results/?cx=partner-pub-1668566888676657%3A7092101051&cof=FORID%3A10&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=vigilantcitizen.com%2F&ref=&ss=3032j974912j15
[C:\Users\GerrytDouwe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2187 octets] - [16/01/2015 21:56:25]
AdwCleaner[R1].txt - [785 octets] - [16/01/2015 22:59:05]
AdwCleaner[R2].txt - [2306 octets] - [16/01/2015 23:00:34]
AdwCleaner[S0].txt - [2241 octets] - [16/01/2015 23:01:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2301 octets] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 16-1-2015 23:09:02, SYSTEM, PC-VAN-GD, Protection, Malware Protection, Starting, 
Protection, 16-1-2015 23:09:02, SYSTEM, PC-VAN-GD, Protection, Malware Protection, Started, 
Protection, 16-1-2015 23:09:02, SYSTEM, PC-VAN-GD, Protection, Malicious Website Protection, Starting, 
Protection, 16-1-2015 23:09:02, SYSTEM, PC-VAN-GD, Protection, Malicious Website Protection, Started, 
Update, 16-1-2015 23:09:11, SYSTEM, PC-VAN-GD, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 16-1-2015 23:09:12, SYSTEM, PC-VAN-GD, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1, 
Update, 16-1-2015 23:09:25, SYSTEM, PC-VAN-GD, Manual, Malware Database, 2014.11.20.6, 2015.1.16.13, 
Protection, 16-1-2015 23:09:25, SYSTEM, PC-VAN-GD, Protection, Refresh, Starting, 
Protection, 16-1-2015 23:09:25, SYSTEM, PC-VAN-GD, Protection, Malicious Website Protection, Stopping, 
Protection, 16-1-2015 23:09:25, SYSTEM, PC-VAN-GD, Protection, Malicious Website Protection, Stopped, 
Protection, 16-1-2015 23:09:29, SYSTEM, PC-VAN-GD, Protection, Refresh, Success, 
Protection, 16-1-2015 23:09:29, SYSTEM, PC-VAN-GD, Protection, Malicious Website Protection, Starting, 
Protection, 16-1-2015 23:09:29, SYSTEM, PC-VAN-GD, Protection, Malicious Website Protection, Started, 
Update, 16-1-2015 23:27:07, SYSTEM, PC-VAN-GD, Scheduler, Malware Database, 2015.1.16.13, 2015.1.16.14, 
Protection, 16-1-2015 23:27:07, SYSTEM, PC-VAN-GD, Protection, Refresh, Starting, 
Protection, 16-1-2015 23:27:07, SYSTEM, PC-VAN-GD, Protection, Malicious Website Protection, Stopping, 
Protection, 16-1-2015 23:27:07, SYSTEM, PC-VAN-GD, Protection, Malicious Website Protection, Stopped, 
Protection, 16-1-2015 23:27:12, SYSTEM, PC-VAN-GD, Protection, Refresh, Success, 
Protection, 16-1-2015 23:27:12, SYSTEM, PC-VAN-GD, Protection, Malicious Website Protection, Starting, 
Protection, 16-1-2015 23:27:12, SYSTEM, PC-VAN-GD, Protection, Malicious Website Protection, Started, 
Scan, 16-1-2015 23:43:56, SYSTEM, PC-VAN-GD, Manual, Start:16-1-2015 23:09:56, Duration:8 min 46 sec, Threat Scan, Completed, 4 Malware Detections, 0 Non-Malware Detections, 
Protection, 16-1-2015 23:45:12, SYSTEM, PC-VAN-GD, Protection, Malware Protection, Starting, 
Protection, 16-1-2015 23:45:12, SYSTEM, PC-VAN-GD, Protection, Malware Protection, Started, 
Protection, 16-1-2015 23:45:12, SYSTEM, PC-VAN-GD, Protection, Malicious Website Protection, Starting, 
Protection, 16-1-2015 23:45:17, SYSTEM, PC-VAN-GD, Protection, Malicious Website Protection, Started, 
 
(end)
 
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4ac0cab1a6c1fe42832c8c86a0ea1248
# engine=22010
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-17 01:56:34
# local_time=2015-01-17 02:56:34 (+0100, W. Europe Standard Time)
# country="Netherlands"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 18825 11764113 0 0
# scanned=267405
# found=32
# cleaned=0
# scan_time=10773
sh=D3B9671FAE9C37C1E8E2AC0552B18643727E0104 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DC trojan" ac=I fn="C:\ProgramData\Origin\update.vbe"
sh=D3B9671FAE9C37C1E8E2AC0552B18643727E0104 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DC trojan" ac=I fn="C:\Users\All Users\Origin\update.vbe"
sh=D3B9671FAE9C37C1E8E2AC0552B18643727E0104 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DC trojan" ac=I fn="C:\Windows\temp023423.vbe"
sh=1FD02786850A1A501D474825C41C73EFB85B23C9 ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\2dfe45.msi"
sh=555489AD648EB1D3CB037838450BE0B6A4E83C31 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DC trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe"
sh=555489AD648EB1D3CB037838450BE0B6A4E83C31 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DC trojan" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="F:\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="F:\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="F:\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="F:\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="F:\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="F:\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=DC1FE696A24E0072BA7221FCB0DAFEDB9B3560B4 ft=1 fh=5aa7e24d05d642d5 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="G:\Downloads\ccsetup315.exe"
sh=6513706B2A1465E22686FEA3946A5F40886CB5EB ft=1 fh=aa82b79c0bcb185a vn="Win32/OpenCandy potentially unsafe application" ac=I fn="G:\Downloads\cdbxp_setup_4.3.7.2356.exe"
sh=0B3F20580A316EFA6162D0FDF24089D366041B8B ft=1 fh=ffa1e1c4b307e49f vn="Win32/DownWare.W potentially unwanted application" ac=I fn="G:\Downloads\dream-mkv-to-avi-converter.exe"
sh=58496839D8F818CD5AB25AD46DA9A9270FFF2801 ft=1 fh=86edd4699aefbcdd vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="G:\Downloads\drivermax.exe"
sh=452F313E668C8F91E7D5D82C3544C978CAEE602C ft=1 fh=dd48e162052e2a79 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="G:\Downloads\drivermax_7_35_cnet.exe"
sh=6CCB5A2761E80AA1C689E6D362CA9E905E8CA90C ft=1 fh=af5ed64c2ba46efc vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="G:\Downloads\drivermax_7_38_cnet.exe"
sh=E750C443A83F9B135B499E7917C5A93120384BB3 ft=1 fh=4eedbac881d1fc72 vn="Win32/DownWare.L potentially unwanted application" ac=I fn="G:\Downloads\DTLite4491-0356.exe"
sh=17BEED11035F8ECFC62C9E6DDE013F6E29CA8C7D ft=1 fh=c7dc9d3ef5fcb405 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="G:\Downloads\hwmonitor_1.19-setup.exe"
sh=14B6A9415F1A2EAD0AF3C90756DEAF4BB39988CC ft=1 fh=414d8d15abe69707 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="G:\Downloads\hwmonitor_1.21-setup.exe"
sh=25E6C68A240968F4FF16C065526217C2FD54ABC9 ft=0 fh=0000000000000000 vn="Win32/KeyLogger.Sondle.A application" ac=I fn="G:\Downloads\maxkeylogger_setup.zip"
sh=13DDFA1862B74BDBBC06FC8766B36B9B73B25760 ft=1 fh=891ef6f01345cc13 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="G:\Downloads\SetupImgBurn_2.5.7.0.exe"
sh=98A1A72E943D98E09319FC3F5C8175351D6683CC ft=1 fh=ed624265e0daf20c vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="G:\Downloads\Setup_FLVConverter.exe"
sh=2F3FAFAC28D2A0191B524704ED6B8B0E533B3630 ft=1 fh=17a186c0e2f206d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\Downloads\Speccy.exe"
sh=F1DAA8FD7A64B1E36EB25DAF1FCE5AE1E49AE867 ft=1 fh=f01866555881a4dd vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="G:\Downloads\TVersitySetup_1_9_3.exe"
sh=8778980217C7AC6789DF95B38955BE39A8FE0551 ft=1 fh=f7c7dd2b51b0a3da vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="G:\Downloads\undeleteplus_setup_ask.exe"
sh=7D78710142C7624F7305D1910BFFA4F79287D0DB ft=0 fh=0000000000000000 vn="Win32/HackTool.WinActivator.I potentially unsafe application" ac=I fn="G:\Downloads\Windows Loader v2.1.7.zip"
sh=B542CECFE1F20C4144B2D3E2266C6F32AE44838F ft=0 fh=0000000000000000 vn="a variant of MSIL/Injector.CFK trojan" ac=I fn="G:\Downloads\Windows.7.Loader.v2.2.1.rar"
sh=E5228D05E85607FC03EF624A580EB531F818AE7A ft=1 fh=638222fb04b3e572 vn="a variant of Win32/Keygen.BH potentially unsafe application" ac=I fn="G:\Downloads\Adobe Photoshop CS5.1 Extended\keygen.exe"
sh=1A240D2A9C029897A4DB314B6CC8812E231DA109 ft=1 fh=a5ca5e58950a4723 vn="a variant of Win32/HackTool.Patcher.P potentially unsafe application" ac=I fn="G:\Downloads\Adobe.After.Effects.CS5.v10.0.x64.Incl.Keymaker-EMBRACE.nfo\keygen.exe"
sh=DD29224F0843D9A40886036340291F7D6305A1C6 ft=1 fh=62ecbb06bd5bd9d6 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="G:\Downloads\Producer Pack\Producer Pack\Fruity Loops 9\flstudio_9.0.exe"
 

Edited by DeZiekeNon, 17 January 2015 - 05:15 AM.

  • 0

#12
DeZiekeNon
Posted 20 January 2015 - 05:09 AM

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Ruggie can you please help me finish this?


  • 0

#13
ruggie_uk
Posted 20 January 2015 - 05:13 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, sorry - I didn't get am email saying you had responded so have been waiting for you.

 

I will create the final stages now for you :D


  • 0

#14
DeZiekeNon
Posted 20 January 2015 - 05:16 AM

DeZiekeNon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

No problem. Thanks :)


  • 0

#15
ruggie_uk
Posted 20 January 2015 - 05:26 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

HI.
 
Ok. This will remove most of what ESET has found - there are a few I have left as they are only bundled toolbars but the rest I have removed.

 

Then we will do a final scan just to confirm that you are good to go :D
 
The Malwarebytes log posted is the activity log, not the scan log so it would be helpful if you could locate that and post it please.
 

 

Step 1

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   875bytes   201 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine, at this point in time. Running this on another machine may cause damage to your operating system.

Step 2

 

Supplemental FRST Scan
Please run FRST/FRST64 again from your Desktop. If you do not currently have it on your system, download it from here and save it to your desktop.
 

  • Right click frst.png to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

 

 

Step 3

 

Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click securitycheck.png SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Items I need to see in your next post:
 

  • FRST Fixlog
  • Fresh FRST Scan
  • Security Check log

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP