TechSpot

Surfvox on Win7-64bit system

By Pjotr31
Jun 4, 2015
  1. Apparently I got infected with the Surfvox virus/malware.
    Help will be greatly appreciated!
    Here is part I of FRST.txt. In next posts: rest and Addition.txt.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015

    Ran by PETER (administrator) on PETER-PC on 04-06-2015 16:54:15

    Running from C:\Users\PETER\Downloads

    Loaded Profiles: PETER (Available Profiles: PETER)

    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Nederlands (Nederland)

    Internet Explorer Version 11 (Default browser: Chrome)

    Boot Mode: Normal

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    (Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\AvastSvc.exe

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

    (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

    () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe

    () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

    () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

    () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe

    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

    (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe

    (CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

    (CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

    () C:\Windows\SysWOW64\PnkBstrA.exe

    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

    (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

    (TomTom) F:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

    () F:\Program Files (x86)\Synology\Assistant\UsbClientService.exe

    () C:\Windows\System32\atwtusb.exe

    (Microsoft Corporation) C:\Windows\System32\vds.exe

    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

    (Microsoft Corporation) C:\Windows\System32\wisptis.exe

    () C:\Windows\System32\atwtusb.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

    (Microsoft Corporation) C:\Windows\System32\wisptis.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

    () C:\Program Files\Core Temp\Core Temp.exe

    (ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

    (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    () C:\Windows\System32\WTMKM.exe

    (Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe

    () C:\Windows\system\GfsMgr64.exe

    (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

    () C:\Program Files\Corsair Raptor HS40\CPL\CAHS40.exe

    () C:\Windows\SysWOW64\GfsMgr.exe

    (Intel Corporation) C:\Windows\System32\igfxpers.exe

    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

    (NewSoft Technology Corporation) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Pmsb.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

    (SlySoft, Inc.) F:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

    (Akamai Technologies, Inc.) C:\Users\PETER\AppData\Local\Akamai\netsession_win.exe

    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

    (Akamai Technologies, Inc.) C:\Users\PETER\AppData\Local\Akamai\netsession_win.exe

    (6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe

    (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe

    (Electronic Arts) F:\Program Files (x86)\Origin\Origin.exe

    () C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe

    (Dropbox, Inc.) C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe

    (NewSoft Technology Corporation) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.exe

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

    () C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

    (Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\avastui.exe

    (ScanSoft, Inc.) H:\Program Files (x86)\ScanSoft\OmniPagePro12.0\opware12.exe

    (CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe

    (Microsoft Corporation) C:\Windows\splwow64.exe

    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

    (CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe

    () H:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe

    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

    (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

    (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

    () F:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (WinZip Computing, S.L.) F:\Program Files (x86)\WinZip\WINZIP32.EXE

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Sysinternals - www.sysinternals.com) C:\Users\PETER\AppData\Local\Temp\wz425d\procexp.exe

    (Sysinternals - www.sysinternals.com) C:\Users\PETER\AppData\Local\Temp\procexp64.exe

    () C:\ProgramData\nvxasync\cvxasync.exe



    ==================== Registry (Whitelisted) ==================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [] => [X]

    HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)

    HKLM\...\Run: [MacroKeyManager] => C:\Windows\system32\WTMKM.exe [6105832 2010-01-15] ()

    HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

    HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)

    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

    HKLM\...\Run: [SUNSTREAKERSound] => C:\Program Files\Corsair Raptor HS40\CPL\CAHS40.exe [1611264 2014-01-10] ()

    HKLM\...\Run: [SUNSTREAKERHS64] => C:\Windows\system\GfsMgr64.exe [286720 2013-04-25] ()

    HKLM\...\Run: [SUNSTREAKERHS] => C:\Windows\syswow64\GfsMgr.exe [204800 2013-04-25] ()

    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)

    HKLM\...\Run: [iTunesHelper] => F:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)

    HKLM-x32\...\Run: [PMSpeed] => f:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE [112464 2009-12-04] (NewSoft Technology Corporation)

    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)

    HKLM-x32\...\Run: [AutoEJCD_0ACE20FF] => C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE [40960 2013-02-13] ()

    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)

    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

    HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)

    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

    HKLM-x32\...\Run: [BCSSync] => H:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

    HKLM-x32\...\Run: [AvastUI.exe] => f:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)

    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

    HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)

    HKLM-x32\...\Run: [Opware12] => H:\Program Files (x86)\ScanSoft\OmniPagePro12.0\Opware12.exe [49152 2002-08-01] (ScanSoft, Inc.)

    HKLM-x32\...\Run: [EaseUs Watch] => h:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)

    HKLM-x32\...\Run: [EaseUs Tray] => h:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)

    HKLM-x32\...\Run: [EaseUs TB Tray Agent] => h:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253512 2013-09-04] ()

    HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"

    HKLM-x32\...\Run: [] => [X]

    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)

    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

    HKLM-x32\...\Run: [QuickTime Task] => F:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7780696 2013-08-22] (Acronis)

    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)

    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)

    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Scan Buttons] => f:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSB.EXE [202576 2009-12-09] (NewSoft Technology Corporation)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [AnyDVD] => F:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6287008 2012-08-16] (SlySoft, Inc.)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Akamai NetSession Interface] => C:\Users\PETER\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-02] (Valve Corporation)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Google+ Auto Backup] => "C:\Users\PETER\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Wunderlist] => C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [MKLOL] => "C:\Program Files (x86)\MKJogo\MKLOL\MK.exe" -auto

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1867056 2014-03-20] (Sanford, L.P.)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [EADM] => F:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-03] (Electronic Arts)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [AdobeBridge] => [X]

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [GoogleChromeAutoLaunch_5A72722A97D2BA40C91A2D5C9EAE26D7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [nvxasync] => C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe [153822720 2015-05-16] ()

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: D - D:\dvdcheck.exe

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: E - E:\dvdcheck.exe

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: G - G:\Autorun.exe

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: L - L:\setup.exe

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: {2f5fbf1d-8787-11e3-9f97-5404a660daae} - E:\HTC_Sync_Manager_PC.exe

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: {2f5fbfab-8787-11e3-9f97-5404a660daae} - E:\AutoRun.exe

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: {2f5fbfc3-8787-11e3-9f97-5404a660daae} - E:\AutoRun.exe

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: {7c6c3889-d21e-11e4-85e8-5404a660daae} - O:\iLinker.exe

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: {8eaf10f7-7538-11e2-81d3-5404a660daae} - L:\Setup.exe

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: {edd6d61c-80cd-11e1-a6db-806e6f6e6963} - D:\.\Bin\ASSETUP.exe

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [153822720 2015-05-16] () <==== ATTENTION

    Startup: C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-04-15]

    ShortcutTarget: Dropbox.lnk -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => f:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-23] (Avast Software s.r.o.)

    ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)

    ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)

    ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)

    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)

    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

    ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk)

    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)

    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

    BootExecute:

    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    CHR HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/

    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

    SearchScopes: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partne...ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1

    SearchScopes: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partne...ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1

    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)

    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> f:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-23] (Avast Software s.r.o.)

    BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)

    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)

    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)

    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> f:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)

    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)

    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)

    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

    Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

    Toolbar: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File [ ]

    Hosts: Hosts file not detected in the default directory

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1


    FireFox:

    ========

    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()

    FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-09] (Oracle Corporation)

    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

    FF Plugin: @videolan.org/vlc,version=2.0.5 -> f:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)

    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)

    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()

    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)

    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)

    FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)

    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> f:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)

    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)

    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)

    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> H:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File

    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-01] (Microsoft Corporation)

    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)

    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)

    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)

    FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll [2014-08-04] (Synology)

    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-17]

    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - f:\Program Files\AVAST Software\Avast\WebRep\FF

    FF Extension: Avast Online Security - f:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-08]


    Chrome:

    =======

    CHR Profile: C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default

    CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-07]

    CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-07]

    CHR Extension: (Google Drive) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-07]

    CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-05-08]

    CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-07]

    CHR Extension: (Bookmark Manager) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]

    CHR Extension: (Google Wallet) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-12]

    CHR HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\PETER\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-22]

    CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value

    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

    CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - No Path Or update_url value

    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - f:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]


    ==================== Services (Whitelisted) =================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()

    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()

    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()

    S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2013-02-25] (Autodesk)

    R2 avast! Antivirus; f:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)

    R2 BankingTools_Import_Service; F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe [33280 2014-04-03] () [File not signed]

    R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]

    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)

    R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)

    R2 EaseUS Agent; h:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)

    R2 Guard Agent; h:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    R2 HPSLPSVC; C:\Users\PETER\AppData\Local\Temp\7zS0A4B\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]

    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

    S3 Microsoft SharePoint Workspace Audit Service; H:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)

    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)

    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)

    S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-03] (Electronic Arts)

    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()

    R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)

    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

    R2 TomTomHOMEService; F:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-12-19] (TomTom)

    R2 UsbClientService; f:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-01-04] () [File not signed]

    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    R2 WTService; C:\Windows\System32\atwtusb.exe [665320 2010-01-27] () [File not signed]

    S3 AvastVBoxSvc; f:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

    S2 NPEService; "\\192.168.1.65\software\NPE.exe" /service [X]
     
  2. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    Part II of FRST.txt


    ==================== Drivers (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)

    R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)

    S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()

    S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()

    R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-05-02] (SlySoft, Inc.)

    R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138360 2012-05-02] (SlySoft, Inc.)

    S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)

    R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)

    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()

    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()

    S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-23] ()

    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-23] (Avast Software s.r.o.)

    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-23] (Avast Software s.r.o.)

    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-23] ()

    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-23] (Avast Software s.r.o.)

    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-23] (Avast Software s.r.o.)

    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-23] (Avast Software s.r.o.)

    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-23] ()

    S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1061888 2007-08-17] (Atheros Communications, Inc.)

    R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)

    R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]

    R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)

    S3 jakndis; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)

    R3 jakndisMP; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)

    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2015-05-07] (Malwarebytes Corporation)

    R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)

    S0 MtxDma0; C:\Windows\SysWOW64\drivers\MtxDma0.sys [182248 2002-07-10] (Matrox Electronic Systems Ltd.) [File not signed]

    R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [179752 2010-10-06] (Marvell Semiconductor, Inc.)

    S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]

    R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)

    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)

    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)

    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

    S3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [171144 2007-05-01] (Saitek)

    S3 SUNSTREAKER; C:\Windows\System32\DRIVERS\Sunstreaker.sys [388096 2013-08-07] (C-Media Inc.)

    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-03-07] (Acronis International GmbH)

    R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-03-07] (Acronis)

    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]

    R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)

    R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-03-07] (Acronis International GmbH)

    R3 ALSysIO; \??\C:\Users\PETER\AppData\Local\Temp\ALSysIO64.sys [X]

    S1 EIO64; system32\DRIVERS\EIO64.sys [X]

    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]

    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

    S2 VBoxAswDrv; \??\f:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

    S3 VGPU; System32\drivers\rdvgkmd.sys [X]


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2015-06-04 16:54 - 2015-06-04 16:54 - 00049866 _____ C:\Users\PETER\Downloads\FRST.txt

    2015-06-04 16:52 - 2015-06-04 16:54 - 00000000 ____D C:\FRST

    2015-06-04 16:52 - 2015-06-04 16:52 - 02108928 _____ (Farbar) C:\Users\PETER\Downloads\FRST64.exe

    2015-06-04 16:40 - 2015-06-04 16:40 - 01121785 _____ C:\Users\PETER\Downloads\ProcessExplorer.zip

    2015-06-04 16:33 - 2015-06-04 16:33 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

    2015-06-04 16:33 - 2015-06-04 16:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk

    2015-06-04 16:33 - 2015-06-04 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

    2015-06-04 16:33 - 2015-06-04 16:33 - 00000000 ____D C:\Program Files\CCleaner

    2015-06-04 16:28 - 2015-06-04 16:28 - 06549184 _____ (Piriform Ltd) C:\Users\PETER\Downloads\ccsetup506.exe

    2015-06-04 16:04 - 2015-06-04 16:27 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe

    2015-06-04 16:03 - 2015-06-04 16:04 - 00000000 ____D C:\Program Files\Adware-Removal-Tool

    2015-06-04 16:00 - 2015-06-04 16:00 - 00753184 _____ C:\Users\PETER\Downloads\Adware-Removal-Tool-v3.9.1.exe

    2015-06-04 15:47 - 2015-06-04 15:47 - 00000446 _____ C:\Users\PETER\Downloads\teetimeics.ics

    2015-06-02 22:28 - 2015-06-02 22:28 - 00000000 _____ C:\autoexec.bat

    2015-06-02 22:27 - 2015-06-02 22:27 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\PETER\Downloads\SpyHunter-Installer.exe

    2015-06-02 08:14 - 2015-06-02 08:14 - 00002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk

    2015-05-25 23:23 - 2015-05-25 23:23 - 00000000 ____D C:\Program Files\avast software

    2015-05-24 20:48 - 2015-05-24 20:48 - 00000000 ____D C:\ProgramData\Muzzy Lane Software

    2015-05-23 00:59 - 2015-05-23 00:59 - 06289130 _____ C:\Users\PETER\Downloads\mbam-chameleon-3.1.16.0 (1).zip

    2015-05-23 00:59 - 2015-05-23 00:59 - 00000000 ____D C:\Users\PETER\Downloads\Chameleon

    2015-05-23 00:58 - 2015-05-23 00:59 - 06289130 _____ C:\Users\PETER\Downloads\mbam-chameleon-3.1.16.0.zip

    2015-05-16 09:07 - 2015-05-16 09:07 - 00000000 _RSHD C:\ProgramData\nvxasync

    2015-05-16 09:06 - 2015-06-04 16:48 - 00000000 _RSHD C:\Users\PETER\AppData\Roaming\nvxasync

    2015-05-10 18:37 - 2015-05-10 18:37 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Greenshot

    2015-05-10 18:37 - 2015-05-10 18:37 - 00000000 ____D C:\Users\PETER\AppData\Local\Greenshot

    2015-05-10 18:37 - 2015-05-10 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot

    2015-05-07 23:41 - 2015-05-07 23:41 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\PETER\Downloads\mbam-setup-2.1.6.1022.exe

    2015-05-07 23:34 - 2015-05-07 23:34 - 00002287 _____ C:\Users\PETER\Desktop\App-opstartprogramma van Chrome.lnk

    2015-05-07 23:34 - 2015-05-07 23:34 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

    2015-05-07 21:07 - 2015-05-07 21:07 - 00003278 _____ C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3467867667-3157156364-2699428233-1000

    2015-05-07 16:38 - 2015-05-07 16:38 - 00000000 ____D C:\Users\PETER\Tracing

    2015-05-07 16:04 - 2015-05-16 09:06 - 00000000 ____D C:\Users\PETER\AppData\Roaming\chportu

    2015-05-07 16:03 - 2015-05-28 20:34 - 243361280 _____ C:\Users\PETER\AppData\Roaming\Launcher.rb4

    2015-05-05 22:43 - 2015-06-03 14:38 - 00000001 _____ C:\Users\PETER\AppData\Roaming\update.dat

    2015-05-05 22:42 - 2015-05-05 22:42 - 00000868 _____ C:\Users\Public\Desktop\Sims 4 (eerst Origin afsluiten!).lnk

    2015-05-05 22:42 - 2015-05-05 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sims 4


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2015-06-04 16:45 - 2015-03-01 13:35 - 00005050 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PETER-PC-PETER PETER-PC

    2015-06-04 16:42 - 2012-06-10 23:45 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2015-06-04 16:41 - 2015-01-06 19:01 - 00000000 ____D C:\Users\PETER\AppData\Local\CrashDumps

    2015-06-04 16:35 - 2013-08-23 21:33 - 00000000 ____D C:\ProgramData\Origin

    2015-06-04 16:35 - 2013-05-31 19:32 - 00000000 ____D C:\Program Files (x86)\Steam

    2015-06-04 16:35 - 2012-07-18 22:54 - 00000000 ____D C:\Users\PETER\AppData\Roaming\.oit

    2015-06-04 16:35 - 2012-05-10 21:47 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Dropbox

    2015-06-04 16:35 - 2012-04-07 18:27 - 02067155 _____ C:\Windows\WindowsUpdate.log

    2015-06-04 16:35 - 2010-08-15 21:05 - 00000040 ___SH C:\ProgramData\.zreglib

    2015-06-04 16:34 - 2012-06-10 23:45 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2015-06-04 16:34 - 2012-05-08 23:10 - 00000472 _____ C:\Windows\Tasks\SDMsgUpdate (TE).job

    2015-06-04 16:34 - 2009-07-14 04:34 - 00000593 _____ C:\Windows\win.ini

    2015-06-04 16:22 - 2009-07-14 11:16 - 00745764 _____ C:\Windows\system32\perfh013.dat

    2015-06-04 16:22 - 2009-07-14 11:16 - 00153716 _____ C:\Windows\system32\perfc013.dat

    2015-06-04 16:22 - 2009-07-14 07:13 - 01670960 _____ C:\Windows\system32\PerfStringBackup.INI

    2015-06-04 16:22 - 2009-07-14 06:45 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2015-06-04 16:22 - 2009-07-14 06:45 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2015-06-04 16:14 - 2012-05-04 17:05 - 00151552 _____ C:\Windows\KMSEmulator.exe

    2015-06-04 16:14 - 2012-05-04 17:05 - 00002982 _____ C:\Windows\System32\Tasks\AutoKMS

    2015-06-04 16:14 - 2012-05-04 17:05 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job

    2015-06-04 16:14 - 2009-07-14 07:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT

    2015-06-04 16:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

    2015-06-04 16:14 - 2009-07-14 06:51 - 00234246 _____ C:\Windows\setupact.log

    2015-06-04 16:13 - 2012-04-07 18:34 - 00000000 ____D C:\ProgramData\NVIDIA

    2015-06-04 16:07 - 2012-04-08 09:21 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

    2015-06-04 09:16 - 2014-06-14 08:57 - 00000000 ____D C:\Users\PETER\AppData\Local\Adobe

    2015-06-03 21:32 - 2014-08-26 20:37 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Skype

    2015-06-03 14:37 - 2012-07-15 23:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

    2015-06-02 22:27 - 2012-04-07 18:26 - 00000000 ____D C:\Users\PETER

    2015-06-02 08:14 - 2012-05-08 18:54 - 00000000 ____D C:\Program Files (x86)\Google

    2015-05-31 19:45 - 2012-04-26 21:35 - 00000000 ____D C:\Users\PETER\AppData\Local\Apple Computer

    2015-05-28 20:59 - 2014-08-26 20:37 - 00000000 ____D C:\ProgramData\Skype

    2015-05-28 15:33 - 2009-07-14 06:45 - 05379248 _____ C:\Windows\system32\FNTCACHE.DAT

    2015-05-26 00:23 - 2012-04-07 18:41 - 00203344 _____ C:\Users\PETER\AppData\Local\GDIPFONTCACHEV1.DAT

    2015-05-24 17:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

    2015-05-22 22:17 - 2013-04-21 21:46 - 00000000 ____D C:\Users\PETER\Desktop\Spellen

    2015-05-20 17:12 - 2012-04-07 20:50 - 01376242 _____ C:\Windows\PFRO.log

    2015-05-19 15:46 - 2015-03-01 13:15 - 00000000 ____D C:\Program Files\Microsoft Office 15

    2015-05-18 21:37 - 2012-06-10 23:45 - 00004052 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

    2015-05-18 21:37 - 2012-06-10 23:45 - 00003800 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    2015-05-15 14:29 - 2013-02-24 22:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

    2015-05-12 16:31 - 2012-05-10 21:48 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

    2015-05-10 17:09 - 2013-05-29 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

    2015-05-07 23:54 - 2014-06-01 00:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

    2015-05-07 23:48 - 2014-06-01 00:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

    2015-05-07 23:47 - 2014-06-01 00:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

    2015-05-07 23:02 - 2014-05-31 23:41 - 00000000 ____D C:\AdwCleaner

    2015-05-07 16:38 - 2014-09-20 16:21 - 00000000 ___RD C:\Program Files (x86)\Skype

    2015-05-05 22:42 - 2012-05-18 22:34 - 00679753 _____ C:\Windows\DirectX.log


    ==================== Files in the root of some directories =======


    2014-04-27 21:53 - 2014-04-27 21:55 - 0052828 __RSH () C:\Program Files (x86)\DLS8Uninstall.log

    2014-06-23 15:47 - 2014-06-23 15:47 - 0000272 _____ () C:\Users\PETER\AppData\Roaming\.backup.dm

    2012-11-21 08:50 - 2013-07-09 12:08 - 0000624 _____ () C:\Users\PETER\AppData\Roaming\All CPU MeterV3_Settings.ini

    2012-06-08 01:00 - 2012-06-08 02:14 - 0000412 _____ () C:\Users\PETER\AppData\Roaming\All CPU Meter_Settings.ini

    2013-04-17 21:04 - 2013-11-30 00:54 - 0000093 _____ () C:\Users\PETER\AppData\Roaming\ARCompanion.log

    2013-06-30 20:29 - 2015-01-23 19:51 - 0000839 _____ () C:\Users\PETER\AppData\Roaming\Drives Meter_Settings.ini

    2015-05-07 16:03 - 2015-05-28 20:34 - 243361280 _____ () C:\Users\PETER\AppData\Roaming\Launcher.rb4

    2013-10-02 00:46 - 2015-03-27 15:27 - 0002310 _____ () C:\Users\PETER\AppData\Roaming\Rim.Desktop.Exception.log

    2013-10-02 00:41 - 2013-10-02 00:41 - 0001153 _____ () C:\Users\PETER\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

    2013-10-02 00:46 - 2015-03-27 15:27 - 0002310 _____ () C:\Users\PETER\AppData\Roaming\Rim.DesktopHelper.Exception.log

    2013-10-02 00:50 - 2015-03-27 15:27 - 0002310 _____ () C:\Users\PETER\AppData\Roaming\Rim.Transcoder.Exception.log

    2015-05-05 22:43 - 2015-06-03 14:38 - 0000001 _____ () C:\Users\PETER\AppData\Roaming\update.dat

    2013-06-11 00:08 - 2013-06-11 00:08 - 0001456 _____ () C:\Users\PETER\AppData\Local\Adobe Save for Web 12.0 Prefs

    2012-10-16 18:44 - 2014-10-01 21:45 - 0023040 _____ () C:\Users\PETER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    2015-05-03 21:38 - 2015-05-03 21:38 - 0000000 ___SH () C:\Users\PETER\AppData\Local\LumaEmu

    2013-11-21 17:50 - 2014-11-07 22:15 - 0007623 _____ () C:\Users\PETER\AppData\Local\resmon.resmoncfg

    2010-08-15 21:05 - 2015-06-04 16:35 - 0000040 ___SH () C:\ProgramData\.zreglib


    Files to move or delete:

    ====================

    C:\Users\PETER\ViceVersa.exe



    Some files in TEMP:

    ====================

    C:\Users\PETER\AppData\Local\Temp\BlackBerryDeviceManager.exe

    C:\Users\PETER\AppData\Local\Temp\DataCard_Setup64.exe

    C:\Users\PETER\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzapybx.dll

    C:\Users\PETER\AppData\Local\Temp\procexp64.exe



    ==================== Bamital & volsnap Check =================


    (There is no automatic fix for files that do not pass verification.)


    C:\Windows\System32\winlogon.exe => File is digitally signed

    C:\Windows\System32\wininit.exe => File is digitally signed

    C:\Windows\SysWOW64\wininit.exe => File is digitally signed

    C:\Windows\explorer.exe => File is digitally signed

    C:\Windows\SysWOW64\explorer.exe => File is digitally signed

    C:\Windows\System32\svchost.exe => File is digitally signed

    C:\Windows\SysWOW64\svchost.exe => File is digitally signed

    C:\Windows\System32\services.exe => File is digitally signed

    C:\Windows\System32\User32.dll => File is digitally signed

    C:\Windows\SysWOW64\User32.dll => File is digitally signed

    C:\Windows\System32\userinit.exe => File is digitally signed

    C:\Windows\SysWOW64\userinit.exe => File is digitally signed

    C:\Windows\System32\rpcss.dll => File is digitally signed

    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



    LastRegBack: 2015-06-03 00:20


    ==================== End of log ============================
     
  3. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    Part I (of III) of ADDITION.txt


    Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015

    Ran by PETER at 2015-06-04 16:55:05

    Running from C:\Users\PETER\Downloads

    Boot Mode: Normal

    ==========================================================



    ==================== Accounts: =============================


    Administrator (S-1-5-21-3467867667-3157156364-2699428233-500 - Administrator - Disabled)

    Gast (S-1-5-21-3467867667-3157156364-2699428233-501 - Limited - Disabled)

    HomeGroupUser$ (S-1-5-21-3467867667-3157156364-2699428233-1003 - Limited - Enabled)

    PETER (S-1-5-21-3467867667-3157156364-2699428233-1000 - Administrator - Enabled) => C:\Users\PETER


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}


    ==================== Installed Programs ======================


    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    Aangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version: - Belastingdienst)

    Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version: - Belastingdienst)

    Acronis True Image 2014 (HKLM-x32\...\{1F91344A-B963-4431-89E8-4F80DEE282BE}Visible) (Version: 17.0.5560 - Acronis)

    Acronis True Image 2014 (x32 Version: 17.0.5560 - Acronis) Hidden

    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)

    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

    Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )

    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)

    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

    Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)

    Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)

    Adobe Reader XI (11.0.11) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)

    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

    Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)

    Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)

    Advanced Archive Password Recovery (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Advanced Archive Password Recovery) (Version: 4.53 - ElcomSoft Co. Ltd.)

    AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games)

    AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.14 - ASUSTeK)

    Akamai NetSession Interface (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Akamai) (Version: - Akamai Technologies, Inc)

    Alcatel PC Suite V7.0.40 (HKLM-x32\...\{93DB-0E9758B0D131_PCS_Alcatel_Union}_is1) (Version: - Singularity Software Co., Ltd.)

    Among Ripples (HKLM-x32\...\Steam App 341720) (Version: - Eat Create Sleep)

    Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)

    AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.0.7.0 - SlySoft)

    AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)

    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)

    Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)

    Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)

    Assassin's Creed Unity (HKLM-x32\...\Assassin's Creed Unity_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)

    ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden

    Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)

    AutoCAD 2007 - English (HKLM-x32\...\{5783F2D7-5001-0409-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)

    Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)

    Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)

    Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)

    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

    Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)

    Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)

    BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)

    BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden

    BlackBerry Device Manager 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research In Motion Ltd.)

    BlackBerry Device Manager 7.0 (x32 Version: 7.0.0.40 - Research In Motion Ltd.) Hidden

    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

    calibre 64bit (HKLM\...\{EB3D23E3-91A7-46A0-9D7F-698151973A41}) (Version: 2.12.0 - Kovid Goyal)

    Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )

    Capsized (HKLM-x32\...\Steam App 95300) (Version: - Alientrap Games Inc)

    Cashflow 4.3 (HKLM-x32\...\{387962FD-1BDE-41CB-9DBC-16BBDCD56CA2}) (Version: 4.3.20.20 - BankingTools)

    Cashflow 5 (HKLM-x32\...\{19bf98d8-43fd-4ed1-a269-96ea37fba88f}) (Version: 5.0.4.0 - BankingTools)

    Cashflow 5 (x32 Version: 5.0.4.0 - BankingTools) Hidden

    CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)

    CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden

    Cities - Skylines (HKLM-x32\...\Cities - Skylines_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)

    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)

    ClickAid (HKLM-x32\...\ClickAid) (Version: - )

    Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version: - EA Los Angeles)

    Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)

    Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)

    Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden

    Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden

    Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation)

    CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden

    CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)

    CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)

    Corsair Raptor HS40 (HKLM-x32\...\{B77575BE-73DB-43C6-A555-82BB713BCB79}) (Version: - Corsair Components, Inc.)

    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)

    DDPB (HKLM-x32\...\{748590DB-44CD-48D2-8585-2496BBFE919F}) (Version: 1.0.9 - DauDen.vn)

    De Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)

    De Sims™ 3 Creëer een Wereld-tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)

    De Sims™ 3 Jaargetijden (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)

    De Sims™ 3 Levensweg (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)

    De Sims™ 3 Wereldavonturen (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)

    De Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.625.10 - Electronic Arts Inc.)

    De Sims™ 4 Creëer-een-Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)

    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)

    Dropbox (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)

    DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)

    EaseUS Todo Backup Free 6.5 (HKLM-x32\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)

    Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.8 - Poikosoft)

    EPSON BX620FWD Series Handboek (HKLM-x32\...\EPSON BX620FWD Series Manual) (Version: - )

    EPSON BX620FWD Series Printer Uninstall (HKLM\...\EPSON BX620FWD Series) (Version: - SEIKO EPSON Corporation)

    Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)

    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)

    Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)

    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)

    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )

    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

    EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)

    FFmpeg (Windows) for Audacity versie 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )

    File Property Edit Free (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\File Property Edit Free) (Version: 3.70 - foryoursoft)

    Folder Size 2.0.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1) (Version: 2.0.0.0 - MindGems, Inc.)

    Game Dev Tycoon v1.4.13 (HKLM-x32\...\Game Dev Tycoon v1.4.131.4.13) (Version: 1.4.13 - Friends in War)

    Ghost Master (HKLM-x32\...\Steam App 6200) (Version: - Sick Puppies)

    Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)

    Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - )

    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)

    Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)

    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

    Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)

    HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )

    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)

    HP Color LaserJet CP1210 Series (HKLM\...\HP Color LaserJet CP1210 Series) (Version: - )

    HP Color LaserJet CP1210 Series Toolbox (HKLM\...\{F323676A-B911-4B57-827F-32D02DCD4971}) (Version: 1.0.21 - Hewlett-Packard)

    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

    HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )

    HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Uw bedrijfsnaam)

    iBomber Attack Demo (HKLM-x32\...\Steam App 224800) (Version: - )

    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

    iExplorer 3.2.2.4 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)

    iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - )

    Insider Tales - Vanished in Rome (HKLM-x32\...\Denda Games Insider Tales - Vanished in Rome) (Version: 1.0.0.0 - Denda Games)

    Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)

    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

    Intrusion 2 (HKLM-x32\...\Steam App 214970) (Version: - Aleksey Abramenko)

    IPCMonitor_en version 1.0.1.2 (HKLM-x32\...\{8EC13308-5065-43FA-A5E8-E225F18DAB89}_is1) (Version: 1.0.1.2 - IPCMonitor, Inc.)

    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)

    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)

    Jaksta Streaming Media Recorder (4.4.5) (HKLM-x32\...\Jaksta Streaming Media Recorder) (Version: 4.4.5 - Jaksta Technologies)

    Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)

    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

    Little Inferno (HKLM-x32\...\Steam App 221260) (Version: - Tomorrow Corporation)

    MacroKey Manager (HKLM-x32\...\InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}) (Version: - )

    MacroKey Manager (Version: 1.00.0000 - Uw bedrijfsnaam) Hidden

    MagicBerry for Blackberry version 3.5 (HKLM-x32\...\{404CBB42-3EF1-4ECF-BFBD-A557807CBF3B}_is1) (Version: 3.5 - Mena Step Innovative Solutions (Ashraf Awwad))

    Making History: The Calm & The Storm Demo (HKLM-x32\...\Steam App 6260) (Version: - Muzzy Lane)

    Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

    marvell 61xx (HKLM-x32\...\mv61xxDriver) (Version: 1.2.0.7600 - Marvell)

    Matrox Imaging Products (HKLM-x32\...\Matrox Imaging Products) (Version: - )

    MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)

    MediaMonkey Gold (HKLM-x32\...\MediaMonkey Gold4) (Version: 4 - MediaMonkey Gold)

    MediaMonkey Gold Cracked (HKLM-x32\...\MediaMonkey Gold Cracked2012) (Version: 2012 - MediaMonkey Gold Cracked)

    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

    Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)

    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

    Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)

    Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)

    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

    Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)

    Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)

    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

    Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 15.0.4719.1002 - Microsoft Corporation)

    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

    Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)

    Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)

    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

    MKLOL (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MKLOL) (Version: - )

    Mp3tag v2.54 (HKLM-x32\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)

    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

    MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.1 - MusicBrainz)

    Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)

    NavDesk 7.50 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50) (Version: 7.50.0109.128 - Navman Technology NZ Limited)

    NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)

    Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)

    Netwerkhandleiding EPSON BX620FWD Series (HKLM-x32\...\EPSON BX620FWD Series Network Guide) (Version: - )

    NL2000V4_installer (HKLM-x32\...\{0372FD44-1579-45C9-96E9-4B2CAEE8BF84}) (Version: 4.0.20 - NL2000)

    NVIDIA 3D Vision controllerstuurprogramma 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)

    NVIDIA 3D Vision stuurprogramma 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)

    NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)

    NVIDIA Grafisch stuurprogramma 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)

    NVIDIA HD Audio-stuurprogramma 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

    NVIDIA PhysX systeemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden

    Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden

    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden

    Offline Rekening Overzicht (HKLM-x32\...\{80D2DAFC-A65D-4317-8A75-15286181EC23}) (Version: 1.0.2.0 - J.J.F. Verhaag)

    Oil Rush (HKLM-x32\...\Steam App 200390) (Version: - Unigine Corp.)

    OmniPage Pro 12.0 (HKLM-x32\...\{0DDFF679-AEDE-4BD3-8B56-0180A96BD1A7}) (Version: 12.00.0000 - ScanSoft, Inc.)

    ONE TOUCH Upgrade (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Communication Technology Holdings Limited)

    Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

    Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden

    OpenAL (HKLM-x32\...\OpenAL) (Version: - )

    Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)

    Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden

    Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

    Palringo (HKLM-x32\...\Palringo) (Version: - Palringo Limited)

    Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)

    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

    Philips Wireless Music Receiver Utility (HKLM-x32\...\ST6UNST #1) (Version: - )

    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

    plist Editor for Windows 1.0.2 (HKLM-x32\...\plist Editor for Windows) (Version: 1.0.2 - VOWSoft,Ltd.)

    plist Editor Pro 2.0.0 (HKLM-x32\...\plist Editor Pro) (Version: 2.0.0 - VOWSoft, Ltd.)

    Popcorn Time (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Popcorn Time) (Version: - Popcorn Official)

    PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)

    Presto! PageManager 9.00.11 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.00.11 - Newsoft Technology Corporation)

    Primal Carnage (HKLM-x32\...\Steam App 215470) (Version: - )

    Print To Go 2.0 (HKLM-x32\...\Print_To_Go) (Version: 2.0.110.0 - Uw bedrijfsnaam)

    Print To Go 2.0 (x32 Version: 2.0.110.0 - Uw bedrijfsnaam) Hidden

    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)

    PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden

    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)

    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)

    Replay Media Catcher 4 (4.3.2) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.2 - Applian Technologies)

    ScanSoft RealSpeak (HKLM-x32\...\{031C88EF-4EA5-4A9D-A77D-857A914CAFA5}) (Version: 12.00.0000 - ScanSoft Inc.)

    Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden

    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

    Shelter 2 (HKLM-x32\...\Steam App 275100) (Version: - Might and Delight)

    SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden

    SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden

    Should I Remove It (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)

    Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden

    SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)

    SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )

    Sims 4 by BuZeR version final (HKLM-x32\...\{ED118F10-E516-4245-160F-6213F508F71F}_is1) (Version: final - )

    SKTimeStamp (HKLM\...\{EED7256E-46F0-4C1D-89E4-BD2A0595FEBF}) (Version: 1.3.3 - Stefans Tools)

    Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)

    SmartDraw 2012 (HKLM-x32\...\SmartDraw 2012) (Version: - SmartDraw.com)

    SmartDraw 2013 (HKLM-x32\...\SmartDraw 2013) (Version: - SmartDraw.com)

    SPORE™ Anthology RePack by SxSxL (HKLM-x32\...\SPORE™ Anthology_is1) (Version: 1.05.0001 - )

    Spy EasyUpdate (HKLM-x32\...\InstallShield_{38FF3704-9DAD-44E2-A15D-9C6BD1901D65}) (Version: 1.33.0407 - SPY)

    Spy EasyUpdate (x32 Version: 1.33.0407 - SPY) Hidden

    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

    Steinberg WaveLab (HKLM-x32\...\Steinberg WaveLab6) (Version: 6 - Steinberg WaveLab)

    Subnautica (HKLM-x32\...\Steam App 264710) (Version: - Unknown Worlds Entertainment)

    Subtitle Edit 3.2.8 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.2.8.1220 - Nikse)

    SurveillancePlugin (HKLM-x32\...\{B4637DBD-7E8E-46D4-BC9C-EC1C9F1DC561}) (Version: 1.0.0.423 - Synology)

    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

    Syncios versie 2.0.6 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 2.0.6 - Anvsoft, Inc.)

    Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )

    System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)

    System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)

    Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)

    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)

    The Plan (HKLM-x32\...\Steam App 250600) (Version: - Krillbite Studio)

    Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)

    Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.03 - Ubisoft)

    TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Uw bedrijfsnaam)

    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

    Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)

    Utility (x32 Version: 1.00.0002 - Uw bedrijfsnaam) Hidden

    ViceVersa Pro 2.5 64-bit (Build 2502) (HKLM\...\ViceVersa Pro 2.5_is1) (Version: 2 - TGRMN Software)

    Visual Similarity Duplicate Image Finder Corporate 4.2.0.1 (HKLM-x32\...\{72D6BE71-2A6F-4D01-809E-A3174D1738A0}_is1) (Version: 4.2.0.1 - MindGems, Inc.)

    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

    VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)

    WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)

    Windows Driver Package - Prolific (Ser2pl) Ports (03/12/2010 3.3.11.152) (HKLM\...\1368C87DCBC1A47DB78AD625B2C7E102AF9F447F) (Version: 03/12/2010 3.3.11.152 - Prolific)

    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

    WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )

    Wunderlist (HKLM-x32\...\{05005782-A2CD-4EF9-B838-C3B00FED2412}) (Version: 3.2.1.1 - 6 Wunderkinder GmbH)

    Wunderlist (HKLM-x32\...\{1ca68332-4ba1-4943-9010-eaa1aa45b492}) (Version: 2.3.0.31 - 6 Wunderkinder GmbH)

    Wunderlist (x32 Version: 2.3.0.31 - 6 Wunderkinder GmbH) Hidden

    Xilisoft iPod Rip (HKLM-x32\...\Xilisoft iPod Rip) (Version: 5.4.10.20130320 - Xilisoft)

    XviD MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version: - XviD Development Team)

    Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden

    Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)


    ==================== Restore Points =========================



    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {00062427-1F11-4946-ACAF-971366C6390E} - \GPUpdateCheck No Task File <==== ATTENTION

    Task: {054C3F8F-3C8D-4997-BE9E-DE87E0EB4356} - System32\Tasks\avast! Emergency Update => f:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.)

    Task: {09261BDD-5A90-4CB5-9CB0-92976F64F954} - System32\Tasks\{987AA731-C4F4-4880-9E40-A27D08442C09} => C:\Users\PETER\Desktop\mcedit.exe

    Task: {14752F39-3F12-4CFF-AB97-632D9ED31655} - System32\Tasks\SDMsgUpdate (TE) => F:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe

    Task: {1A222DF8-C9D1-4032-8668-5CE98020625A} - System32\Tasks\avastBCLRestartS-1-5-21-3467867667-3157156364-2699428233-1000 => Chrome.exe

    Task: {2169A842-E2A7-4BDA-9298-7ABA8CCE5BD2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)

    Task: {237ACA19-AFC7-4E33-AA4D-25D3C86C1E9E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)

    Task: {43507FE9-5007-4D09-AAF5-A402B18035CC} - System32\Tasks\{EFB4BAC0-49EE-4629-ACB4-784E5B7C047A} => pcalua.exe -a G:\Sims3Setup.exe -d G:\

    Task: {48E67570-42FB-4569-A63B-0DE9DCC81E08} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)

    Task: {55676619-6742-41E5-B2A0-DA9AEE8ADC46} - System32\Tasks\{84199BFE-F4BE-47AC-A700-6EF83A1D9340} => F:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [2007-05-11] (Microsoft Corp.)

    Task: {5C07C886-689E-4FE9-B399-20988EA1828D} - System32\Tasks\{2EB0EDA3-300B-4D00-8365-7121B7238563} => pcalua.exe -a C:\Users\PETER\Downloads\DLS8Setup.8.5.1.exe -d C:\Users\PETER\Downloads

    Task: {6CF87493-211D-4915-9C0D-E0813F011329} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)

    Task: {6D23F2FB-5D87-405E-93AA-2E6E3F0FD676} - System32\Tasks\AdobeAAMUpdater-1.0-PETER-PC-PETER => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)

    Task: {71D275FF-1E23-48C5-8D02-92E5763BF4EF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe

    Task: {76BA195A-1A61-4087-8D2C-A862B8361ABE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)

    Task: {7A2EB2DA-A2C7-4208-A5AA-CAEB34243122} - System32\Tasks\{4F6292D1-D0B7-4130-A106-A7B64B814B73} => pcalua.exe -a D:\setup.exe -d D:\

    Task: {7D8C42F7-71B1-43D6-B046-B1D9D5ED4BDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)

    Task: {86C7192E-2179-4A46-BE28-C9024AD07030} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PETER-PC-PETER PETER-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)

    Task: {88E6B132-B394-4031-AAED-0387C056E446} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

    Task: {8C7CE49C-84C9-4BAB-9FD2-6C09FCDF45D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

    Task: {8E236520-8A6E-49AD-89F1-C0D193F198BC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

    Task: {8F546D21-542A-4ED9-8177-178F4ACF1170} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)

    Task: {A3671559-5715-41B6-94BC-45D213D07C81} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)

    Task: {AB7730AC-C901-4369-8FB0-FE1C0C5BEE1D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)

    Task: {B2E8F254-BC04-45F0-B8F5-92DF5E4B061C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-05-04] ()

    Task: {BB861009-ACA9-4EAA-8349-F2823E57A8E8} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe

    Task: {BE9D1902-EA3D-4F06-AF30-B5DE28EF2964} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)

    Task: {C711643B-3D60-413C-8E1D-F5F9EE3BFF22} - System32\Tasks\Core Temp Autostart PETER => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()

    Task: {C7C3D25D-0B67-4B4D-B12E-C850EB533167} - System32\Tasks\{715E8390-AA93-4D41-91A4-A65996FA9886} => pcalua.exe -a "F:\Program Files (x86)\Middle Earth Shadow of Mordor\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "F:\Program Files (x86)\Middle Earth Shadow of Mordor\_CommonRedist\vcredist\2010"

    Task: {CB5646F3-5ECF-411D-A901-FC94FA254193} - System32\Tasks\ASUS\ASUS AiChargerPlus Execute => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [2010-11-08] (ASUSTek Computer Inc.)

    Task: {D0A53063-BB3B-43B9-B9D1-0454F5A50943} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

    Task: {D799CB6B-1CE2-4945-B79C-09D6A0BF3592} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

    Task: {DB152F2D-6810-46B1-8DED-78BAF59633C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)

    Task: {F1A98632-2A4C-406A-8CD6-CA6DF5A00BE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)

    Task: {F48FB331-A186-4D70-9970-14F53238A981} - System32\Tasks\{D0E9A8DE-5013-4D63-820D-245884D5BFB1} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe"

    Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => F:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe\-PTE -V20000101 -SSDU.ini -A -Mhttp:/www.smartdraw.com/msgs/messagecheck.asp
     
  4. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    Part II (of III) of ADDITION.txt


    ==================== Loaded Modules (Whitelisted) ==============


    2010-11-03 11:30 - 2010-11-03 11:30 - 00918144 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

    2010-12-02 04:15 - 2010-12-02 04:15 - 00915584 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

    2012-04-07 17:27 - 2010-10-21 11:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

    2013-07-25 16:21 - 2014-04-03 10:44 - 00033280 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe

    2013-07-25 16:09 - 2014-01-30 19:52 - 00238080 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\Topshelf.dll

    2013-07-25 16:12 - 2014-03-28 13:27 - 00015360 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\Invers.Cwm.Import.SNSBank.dll

    2013-07-25 16:10 - 2014-03-28 13:27 - 00005632 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\Invers.Cwm.Import.AXABank.dll

    2015-03-01 13:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

    2013-12-21 18:03 - 2013-12-21 23:51 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

    2013-01-04 08:25 - 2013-01-04 08:25 - 00248704 _____ () f:\Program Files (x86)\Synology\Assistant\UsbClientService.exe

    2010-01-27 10:27 - 2010-01-27 10:27 - 00665320 _____ () C:\Windows\System32\atwtusb.exe

    2014-03-11 11:05 - 2014-11-12 23:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

    2010-01-27 10:27 - 2010-01-27 10:27 - 00665320 _____ () C:\Windows\system32\atwtusb.exe

    2012-06-08 01:40 - 2012-01-25 14:59 - 00848336 _____ () C:\Program Files\Core Temp\Core Temp.exe

    2010-01-15 08:05 - 2010-01-15 08:05 - 06105832 _____ () C:\Windows\System32\WTMKM.exe

    2015-01-25 11:16 - 2013-04-25 06:16 - 00286720 ____N () C:\Windows\system\GfsMgr64.exe

    2015-01-25 11:16 - 2014-01-10 08:13 - 01611264 ____N () C:\Program Files\Corsair Raptor HS40\CPL\CAHS40.exe

    2015-01-25 11:16 - 2013-04-25 06:16 - 00204800 ____N () C:\Windows\SysWOW64\GfsMgr.exe

    2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

    2013-06-30 20:27 - 2013-06-30 20:27 - 00012520 _____ () C:\Users\PETER\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll

    2013-06-30 20:27 - 2013-06-30 20:27 - 00015080 _____ () C:\Users\PETER\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll

    2013-06-30 20:27 - 2013-06-30 20:27 - 00014056 _____ () C:\Users\PETER\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll

    2014-11-09 13:31 - 2014-11-09 13:31 - 01672704 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveUI\666d557e394b3b85bce3ae699946817e\ReactiveUI.ni.dll

    2014-04-27 20:58 - 2014-04-27 20:58 - 00035328 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Wunderkinde6f42a4a9#\a03d5c47c984346008ba13e9c563a958\Wunderkinder.Wunderlist.Data.Realtime.ni.dll

    2014-11-09 13:31 - 2014-11-09 13:31 - 00529408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Akavache.Portable\98c66719d8e468f7da71a684a3b5b75f\Akavache.Portable.ni.dll

    2014-11-09 13:31 - 2014-11-09 13:31 - 00050176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Wunderkinded9c6edae#\6fe7a413a861fd42508636309dbedad7\Wunderkinder.Wunderlist.Presentation.ni.dll

    2015-05-16 09:06 - 2015-05-16 09:06 - 153822720 __RSH () C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe

    2013-02-13 01:37 - 2013-02-13 01:37 - 00040960 _____ () C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE

    2014-12-03 12:06 - 2013-09-04 11:59 - 00253512 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe

    2010-02-03 15:36 - 2010-02-03 15:36 - 00087488 _____ () F:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

    2015-05-16 09:07 - 2015-05-16 09:06 - 153822720 __RSH () C:\ProgramData\nvxasync\cvxasync.exe

    2015-04-23 22:04 - 2015-04-23 22:04 - 00104400 _____ () f:\Program Files\AVAST Software\Avast\log.dll

    2015-04-23 22:04 - 2015-04-23 22:04 - 00081728 _____ () f:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

    2015-06-04 13:07 - 2015-06-04 13:07 - 02952192 _____ () f:\Program Files\AVAST Software\Avast\defs\15060400\algo.dll

    2012-04-07 17:26 - 2015-06-04 16:14 - 00020992 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll

    2012-04-07 17:26 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00098888 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll

    2014-12-03 12:06 - 2013-11-14 14:59 - 00031304 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll

    2014-12-03 12:06 - 2008-11-25 17:18 - 01291264 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll

    2014-12-03 12:06 - 2004-10-05 03:08 - 00055808 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00029768 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00050248 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll

    2014-12-03 12:06 - 2014-01-13 18:06 - 00105544 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00030280 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00293960 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00578632 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00468040 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00192072 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll

    2014-12-03 12:06 - 2013-12-23 11:01 - 00281672 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00068680 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00069192 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00022600 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00115784 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00192584 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00135752 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll

    2014-12-03 12:06 - 2013-10-22 17:31 - 00037960 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00135240 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll

    2014-12-03 12:06 - 2013-12-24 17:42 - 00017992 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00096840 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll

    2013-08-22 12:38 - 2013-08-22 12:38 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll

    2013-08-22 12:41 - 2013-08-22 12:41 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll

    2012-04-07 17:28 - 2009-05-21 04:14 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll

    2012-04-07 17:28 - 2009-05-21 10:14 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll

    2012-04-07 17:27 - 2010-12-02 17:28 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll

    2012-04-07 17:27 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll

    2012-04-07 17:27 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll

    2012-04-07 17:27 - 2010-11-08 19:10 - 00872960 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll

    2012-04-07 17:27 - 2010-10-15 17:40 - 01031680 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll

    2012-04-07 17:27 - 2010-11-19 10:53 - 00963584 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll

    2012-04-07 17:28 - 2010-12-01 12:33 - 01244672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll

    2012-04-07 17:28 - 2011-01-06 10:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll

    2012-04-07 17:27 - 2010-09-27 20:51 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll

    2012-04-07 17:27 - 2010-09-27 20:51 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll

    2012-04-07 17:27 - 2010-11-19 10:55 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll

    2012-04-07 17:27 - 2010-08-06 18:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll

    2012-04-07 17:27 - 2010-08-06 18:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll

    2012-04-07 17:26 - 2010-08-23 04:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll

    2012-04-07 17:27 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll

    2012-07-18 22:51 - 2009-07-08 14:23 - 00057344 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PerformOcr.dll

    2012-07-18 22:51 - 2009-12-04 17:21 - 00057344 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMISM.dll

    2012-07-18 22:51 - 2009-11-20 13:20 - 00147456 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMCommon.dll

    2012-07-18 22:51 - 2008-08-25 17:19 - 00069632 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PHooKDlg.dll

    2012-07-18 22:52 - 2007-03-30 10:24 - 00104528 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Qem.dll

    2012-07-18 22:51 - 2009-12-08 10:51 - 00151552 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ScanModule.dll

    2012-07-18 22:51 - 2009-09-02 09:25 - 00098304 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\CategoryManager.dll

    2012-07-18 22:51 - 2009-11-27 17:50 - 00135168 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSet.dll

    2012-07-18 22:51 - 2009-12-18 19:10 - 00086016 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSave.dll

    2012-07-18 22:51 - 2009-10-16 15:04 - 00614400 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDB_N.dll

    2012-07-18 22:51 - 2009-08-06 10:22 - 00421888 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\FT.dll

    2012-07-18 22:51 - 2009-12-18 16:12 - 00061440 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMINSO.dll

    2012-07-18 22:51 - 2009-09-09 14:44 - 00151552 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMANO.dll

    2012-07-18 22:51 - 2007-03-30 09:49 - 00104528 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ComClass.dll

    2012-07-18 22:51 - 2007-12-20 14:37 - 00176128 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\DocCate.dll

    2012-07-18 22:51 - 2009-12-07 13:55 - 00253952 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMScnSet.dll

    2012-07-18 22:51 - 2009-11-26 17:49 - 00081920 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NetFun2k.dll

    2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    2013-04-23 18:30 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll

    2015-01-25 16:26 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll

    2015-01-25 16:26 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll

    2015-01-25 16:26 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll

    2014-05-22 07:38 - 2015-06-02 05:29 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll

    2014-09-06 21:07 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

    2014-09-06 21:07 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

    2014-09-06 21:07 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

    2014-09-06 21:07 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

    2014-09-06 21:07 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

    2013-05-03 15:35 - 2015-06-02 05:28 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

    2014-03-20 22:50 - 2014-03-20 22:50 - 00093696 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll

    2014-02-08 08:53 - 2015-06-03 00:02 - 01007104 _____ () F:\Program Files (x86)\Origin\platforms\qwindows.dll

    2014-02-08 08:53 - 2015-06-03 00:02 - 00023552 _____ () F:\Program Files (x86)\Origin\imageformats\qgif.dll

    2014-02-08 08:53 - 2015-06-03 00:02 - 00024576 _____ () F:\Program Files (x86)\Origin\imageformats\qico.dll

    2014-02-08 08:53 - 2015-06-03 00:02 - 00216576 _____ () F:\Program Files (x86)\Origin\imageformats\qjpeg.dll

    2014-02-08 08:53 - 2015-06-03 00:02 - 00261120 _____ () F:\Program Files (x86)\Origin\imageformats\qmng.dll

    2014-02-08 08:53 - 2015-06-03 00:02 - 00019456 _____ () F:\Program Files (x86)\Origin\imageformats\qtga.dll

    2014-02-08 08:53 - 2015-06-03 00:02 - 00337408 _____ () F:\Program Files (x86)\Origin\imageformats\qtiff.dll

    2014-02-08 08:53 - 2015-06-03 00:02 - 00018944 _____ () F:\Program Files (x86)\Origin\imageformats\qwbmp.dll

    2015-06-04 16:35 - 2015-06-04 16:35 - 00043008 _____ () c:\users\peter\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzapybx.dll

    2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\libGLESv2.dll

    2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\libEGL.dll

    2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

    2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

    2012-07-18 22:51 - 2008-11-17 14:56 - 00102400 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\nsSign.dll

    2012-07-18 22:51 - 2009-12-07 11:07 - 00352256 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMTree.dll

    2012-07-18 22:51 - 2008-12-12 16:52 - 00106496 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMProp.dll

    2012-07-18 22:51 - 2007-08-31 17:51 - 00040960 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMVoice.dll

    2012-07-18 22:51 - 2008-12-12 17:00 - 00073728 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\OutlookVBA.dll

    2012-07-18 22:51 - 2009-11-27 17:38 - 00331776 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAppBar.dll

    2012-07-18 22:51 - 2009-12-04 17:21 - 04567040 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMView.dll

    2012-07-18 22:51 - 2007-03-30 10:01 - 00038992 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NsOEMKey.dll

    2012-07-18 22:51 - 2009-11-11 17:21 - 00450560 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPageVW.dll

    2012-07-18 22:51 - 2009-11-11 17:20 - 00098304 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDocVW.dll

    2012-07-18 22:51 - 2009-06-26 09:03 - 00086016 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMApSet.dll

    2012-07-18 22:51 - 2009-11-20 11:30 - 01032192 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\SlideBarDLL.dll

    2012-07-18 22:51 - 2009-12-04 17:20 - 00323584 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAnoSet.dll

    2012-07-18 22:51 - 2009-11-09 18:35 - 00184320 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImgVW.dll

    2012-07-18 22:51 - 2008-08-25 16:16 - 00040960 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMIEVW.dll

    2012-07-18 22:51 - 2009-07-14 13:25 - 00040960 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPDFView.dll

    2012-07-18 22:51 - 2009-10-22 17:50 - 00065536 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMStatus.dll

    2012-07-18 22:51 - 2007-03-30 09:57 - 00034896 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Import.dll

    2012-07-18 22:51 - 2008-04-24 10:46 - 00086016 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImageSplitter.dll

    2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

    2015-04-23 22:04 - 2015-04-23 22:05 - 40540672 _____ () F:\Program Files\AVAST Software\Avast\libcef.dll

    2015-04-23 22:04 - 2015-04-23 22:04 - 00104400 _____ () F:\Program Files\AVAST Software\Avast\log.dll

    2015-04-23 22:04 - 2015-04-23 22:04 - 00081728 _____ () F:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

    2014-12-03 12:06 - 2013-09-04 11:19 - 00098888 _____ () H:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll

    2014-12-03 12:06 - 2013-09-04 11:57 - 00222792 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll

    2014-12-03 12:06 - 2013-09-04 11:57 - 00275528 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll

    2014-12-03 12:06 - 2013-08-15 09:18 - 00113166 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll

    2014-12-03 12:06 - 2013-08-22 17:13 - 00249928 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll

    2012-09-23 20:44 - 2012-09-23 20:44 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\nl_nl\acrotray.nld

    2013-03-26 16:16 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

    2013-08-22 12:38 - 2013-08-22 12:38 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll

    2015-05-26 08:59 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll

    2015-05-26 08:59 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll

    2010-10-29 15:00 - 2010-10-29 15:00 - 00169288 _____ () F:\PROGRAM FILES (X86)\WINZIP\UNRAR.DLL

    2010-10-29 15:00 - 2010-10-29 15:00 - 00142664 _____ () F:\PROGRAM FILES (X86)\WINZIP\lha.dll

    2015-05-26 08:59 - 2015-05-22 22:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)


    AlternateDataStreams: C:\Users\PETER\AppData\Local\Temp:LmAjdtQQ1dSkIKvgkIP09sgjs

    AlternateDataStreams: C:\Users\PETER\AppData\Local\Temporary Internet Files:fOBqou0JeYgRSHjpJLl8PRUU

    AlternateDataStreams: C:\Users\PETER\AppData\Local\Wqh8DMoH:h8nv3BQO5rAsx7BcRHtSb


    ==================== Safe Mode (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)



    ==================== EXE Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)



    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)



    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    DNS Servers: 192.168.0.1


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    (Currently there is no automatic fix for this section.)


    MSCONFIG\Services: avast! Antivirus => 2

    MSCONFIG\startupreg: avast => "f:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [TCP Query User{27A73A8E-8DBF-4795-8135-A15E4CB455BE}C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe] => (Allow) C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe

    FirewallRules: [UDP Query User{F7AEC6C1-64C4-4E0D-8677-CEB875EC3D81}C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe] => (Allow) C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe

    FirewallRules: [TCP Query User{0B17D3D1-89E1-42A3-B5EB-CFE7B015E26D}F:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) F:\program files (x86)\synology\assistant\dsassistant.exe

    FirewallRules: [UDP Query User{8DAA733C-0E93-4A59-85AF-9EEEE22F81D2}F:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) F:\program files (x86)\synology\assistant\dsassistant.exe

    FirewallRules: [{C6FD8151-B4D1-4A22-AB76-9EF1D25B4379}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe

    FirewallRules: [{23A954D6-8A72-4C7D-948C-46F377E3671E}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe

    FirewallRules: [{92B84CD9-395D-421E-B744-0949177EB45C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

    FirewallRules: [{07B36B45-A3C0-4671-B44C-8F954ECBD5EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

    FirewallRules: [{D5AE1E9E-EA62-4544-9A96-6FE5C4A067FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    FirewallRules: [{E3A0D677-CA90-40D7-8C36-ECF5FB8B915E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    FirewallRules: [TCP Query User{6A49E4B2-C60E-4BDA-A575-8CAD9FC5FBD5}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe

    FirewallRules: [UDP Query User{0F23E57C-29D9-4458-9FB7-74E88CE46578}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe

    FirewallRules: [{D291499E-8C23-49AD-9CD7-7691FDB72F17}] => (Allow) C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe

    FirewallRules: [{78CEEE0C-E87B-422B-9F2B-1BECD1ADEC3E}] => (Allow) C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe

    FirewallRules: [TCP Query User{0B162A81-5777-466B-9962-E32CE42C85A3}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Block) F:\Program Files (x86)\mediamonkey\mediamonkey.exe

    FirewallRules: [UDP Query User{A28E22B2-29CF-4056-A085-8C8BDB4F4691}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Block) F:\Program Files (x86)\mediamonkey\mediamonkey.exe

    FirewallRules: [{58B73435-A7AD-4B79-B6FB-EE81DED5A260}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe

    FirewallRules: [{473DD8DC-DF30-4BDA-AB31-38F5284AAFCB}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe

    FirewallRules: [{342AAFEE-3FB2-47A7-B16E-77AF4401CA75}] => (Allow) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\LicenseCheck.exe

    FirewallRules: [{1E643EA1-FF15-4D15-AD4E-38FC0A6AD334}] => (Allow) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\LicenseCheck.exe

    FirewallRules: [TCP Query User{8603AC8B-9EA2-4457-A106-BA029E012E3A}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peter\appdata\local\akamai\netsession_win.exe

    FirewallRules: [UDP Query User{7C2E3E67-2D25-4B67-BD2C-88E7D181C38F}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peter\appdata\local\akamai\netsession_win.exe

    FirewallRules: [{45FF855D-8BF5-48C3-BA74-AD420F944E8E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    FirewallRules: [{45DF2001-4E8D-46D4-8653-B4572AD353C3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    FirewallRules: [TCP Query User{CA767D67-084C-42BA-90BA-D22B2575FBF2}F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe] => (Allow) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe

    FirewallRules: [UDP Query User{950F6719-ECA2-4804-AD54-0DBA770C8768}F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe] => (Allow) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe

    FirewallRules: [{680449C8-AFC6-4A93-B4F1-39CC4E5083D5}] => (Block) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe

    FirewallRules: [{9D7038A5-AD5E-4053-A85D-63C1933D06F3}] => (Block) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe

    FirewallRules: [TCP Query User{9BBA7FAE-5818-4132-B2F7-9CDA527D3E99}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe

    FirewallRules: [UDP Query User{FA83606C-EE3B-4764-9BF2-35B823126AC5}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe

    FirewallRules: [TCP Query User{67C70BB8-F163-4A98-89E4-039CAC26D9FA}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe

    FirewallRules: [UDP Query User{61C3A176-4DAA-48AC-85E7-BCBEAADF3F8F}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe

    FirewallRules: [TCP Query User{70938B3D-8056-4BAF-87B7-3910B5B1C9D7}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\peter\appdata\local\akamai\netsession_win.exe

    FirewallRules: [UDP Query User{18DD193C-0963-420C-8260-0268A850405B}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\peter\appdata\local\akamai\netsession_win.exe

    FirewallRules: [TCP Query User{FEB4C52E-72EC-42E0-BD82-ECD3E9D80AED}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe

    FirewallRules: [UDP Query User{270E5A61-677C-46BD-B71C-2C6174872EA2}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe

    FirewallRules: [TCP Query User{D0AAEFCC-D7A9-4D57-B320-E4FB560E2077}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe

    FirewallRules: [UDP Query User{192D84B2-DDE3-4BBB-B58A-91CEFBB5F800}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe

    FirewallRules: [TCP Query User{95D11C2E-4A1A-4E3F-A25C-6B8E95C539A4}F:\Program Files (x86)\orbitdownloader\orbitnet.exe] => (Allow) F:\Program Files (x86)\orbitdownloader\orbitnet.exe

    FirewallRules: [UDP Query User{F8F2D8D9-7ADC-4889-BA07-97266F881A73}F:\Program Files (x86)\orbitdownloader\orbitnet.exe] => (Allow) F:\Program Files (x86)\orbitdownloader\orbitnet.exe

    FirewallRules: [TCP Query User{846A7AF8-041F-4362-BBB9-5B7421549EC1}F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe] => (Block) F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe

    FirewallRules: [UDP Query User{133F23DB-EE4F-487D-BF4F-3F638A49D7B7}F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe] => (Block) F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe

    FirewallRules: [TCP Query User{3DC95A7C-2E54-4A50-B13C-000010E7C341}F:\Program Files (x86)\parallel password recovery\run_server.exe] => (Block) F:\Program Files (x86)\parallel password recovery\run_server.exe

    FirewallRules: [UDP Query User{9606A9FD-7B80-449D-9D3F-B3471E995FF5}F:\Program Files (x86)\parallel password recovery\run_server.exe] => (Block) F:\Program Files (x86)\parallel password recovery\run_server.exe

    FirewallRules: [TCP Query User{9D341BDA-B1AB-4669-BDAB-F85017AA60FD}F:\Program Files (x86)\musicbrainz picard\picard.exe] => (Allow) F:\Program Files (x86)\musicbrainz picard\picard.exe

    FirewallRules: [UDP Query User{2653BCD1-6DC7-41F6-8917-1F715955089D}F:\Program Files (x86)\musicbrainz picard\picard.exe] => (Allow) F:\Program Files (x86)\musicbrainz picard\picard.exe

    FirewallRules: [TCP Query User{EBA8804C-D4D9-48F5-BED8-AD723334006A}C:\windows\syswow64\java.exe] => (Block) C:\windows\syswow64\java.exe

    FirewallRules: [UDP Query User{556DF46A-05AD-42E5-8090-F860EBBF30FC}C:\windows\syswow64\java.exe] => (Block) C:\windows\syswow64\java.exe

    FirewallRules: [TCP Query User{1D466C6B-F644-44E7-8884-C5D92581FACD}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Allow) F:\Program Files (x86)\mediamonkey\mediamonkey.exe

    FirewallRules: [UDP Query User{432C5F99-06E8-47AA-B7E9-2A628D7A6A4C}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Allow) F:\Program Files (x86)\mediamonkey\mediamonkey.exe

    FirewallRules: [TCP Query User{9F5FDE20-3E33-4DDF-A702-198FFC783E32}F:\program files\java\jre6\bin\javaw.exe] => (Block) F:\program files\java\jre6\bin\javaw.exe

    FirewallRules: [UDP Query User{991F9134-FF1A-48D6-8217-790CBD162AA8}F:\program files\java\jre6\bin\javaw.exe] => (Block) F:\program files\java\jre6\bin\javaw.exe

    FirewallRules: [TCP Query User{7AF46388-E99A-4BDE-8D89-CB853C34B262}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe

    FirewallRules: [UDP Query User{B2F6E93F-BD5A-4E70-A57A-EC48BC74D0F8}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe

    FirewallRules: [{E86B5A3F-D959-4652-BD85-A59D0DFC595F}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe

    FirewallRules: [{D3E5B9EA-F47B-4645-A796-C18D4000FB04}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe

    FirewallRules: [{FBC46965-880F-4464-A02D-58F9E09134F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

    FirewallRules: [{3E673A76-EBB6-41AC-ADAA-EC07A830C9CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

    FirewallRules: [{EA2C6A9D-7EE2-411B-B416-57C80E05858E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe

    FirewallRules: [{16AE6B8C-FFDD-4D40-A146-1AD46EECB08C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe

    FirewallRules: [TCP Query User{A4274554-A386-46B1-AAED-86B368975B5D}F:\steam library folder\steamapps\common\team fortress 2\hl2.exe] => (Allow) F:\steam library folder\steamapps\common\team fortress 2\hl2.exe

    FirewallRules: [UDP Query User{50D24CD5-9EA0-4092-8ACE-A5F8CA38FF58}F:\steam library folder\steamapps\common\team fortress 2\hl2.exe] => (Allow) F:\steam library folder\steamapps\common\team fortress 2\hl2.exe

    FirewallRules: [{16BBB312-9033-4820-869F-3F2CC3D2A428}] => (Block) F:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe

    FirewallRules: [{43430466-8C72-4962-8039-25B59D3ED988}] => (Block) %ProgramFiles% (x86)\SmartDraw 2013\SmartDraw.exe

    FirewallRules: [{FF510CB7-8BBD-4319-9972-13E03703E32E}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe

    FirewallRules: [{C0F419B2-B110-4FD9-8B22-9456B590C58A}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe

    FirewallRules: [TCP Query User{E5AFDC18-C741-423C-AB90-0799CE5DA075}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

    FirewallRules: [UDP Query User{3EC10302-257C-4016-A0D7-F85944A7D297}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

    FirewallRules: [{310E119F-1EFC-44A6-8E33-7E3A56E869DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

    FirewallRules: [{5C8C216F-84B1-4E67-B6C3-9617CB15E4C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

    FirewallRules: [{DDDC73B9-D769-45C4-8EE1-1E381FE8EC94}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{5C7DBD6E-2A12-49F3-9BFC-0D93BA1BA1CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{8A6F432F-0BC5-4C20-B14B-8EBCD62B06EC}] => (Allow) F:\Program Files (x86)\Origin Games\Need for Speed World\GameLauncher.exe

    FirewallRules: [{0B620597-8CBD-4B8F-B8C9-915DC1156398}] => (Allow) F:\Program Files (x86)\Origin Games\Need for Speed World\GameLauncher.exe

    FirewallRules: [TCP Query User{4BC4AFC2-6468-4170-9975-605F1C22897C}F:\programdata\electronic arts\data\nfsw.exe] => (Allow) F:\programdata\electronic arts\data\nfsw.exe

    FirewallRules: [UDP Query User{FC5E1BD7-0972-434F-B82B-CE4F9D9EE771}F:\programdata\electronic arts\data\nfsw.exe] => (Allow) F:\programdata\electronic arts\data\nfsw.exe

    FirewallRules: [{3A489C46-31DD-4FDC-A24A-B4EF12CB838F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\iBomber Attack Demo\iBomberAttackDemo.exe

    FirewallRules: [{B86254E1-F2B3-4495-B221-A790E7FF5BE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\iBomber Attack Demo\iBomberAttackDemo.exe

    FirewallRules: [{576B8718-6276-4B50-9094-2B125A54AC07}] => (Allow) H:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

    FirewallRules: [{0334F8F1-ECC7-47D4-849A-D01CB087326E}] => (Allow) H:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

    FirewallRules: [{018BF4CC-17E1-4C29-B276-36867CCBE75F}] => (Allow) LPort=4481

    FirewallRules: [{8A42A4E5-FB7D-435D-8287-CCDAE04E5115}] => (Allow) LPort=4481

    FirewallRules: [{60A253E4-538E-4210-A1E1-F9880F759431}] => (Allow) LPort=4482

    FirewallRules: [{649FC64B-E70A-4B72-B65B-29205BD2E040}] => (Allow) LPort=4482

    FirewallRules: [TCP Query User{85764ABF-76D8-42CC-85F2-B6854B5A047F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe

    FirewallRules: [UDP Query User{421481C5-BD43-439A-98AF-88B4E470D418}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe

    FirewallRules: [{15DCD1F1-0B06-4184-9FA9-8D5CE531B044}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

    FirewallRules: [{963C2386-7C8E-41F5-B8EF-D888173AFB7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

    FirewallRules: [{BBD38712-CBEA-4573-9F39-AABBB38DFC82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{9DD622B4-88E1-4809-8FC7-025DF2E2A553}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [TCP Query User{3FD0A622-4157-4072-85F3-7C3D20E06BCE}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe

    FirewallRules: [UDP Query User{76090457-16A7-4ED9-80A7-414F45AFF7B9}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe

    FirewallRules: [{77F72CCF-3486-42C2-A2B8-A787A03123DF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

    FirewallRules: [{5C49F74A-5520-4093-B3CC-4CD138062598}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

    FirewallRules: [{851ACB82-334B-4B37-8B31-805178C9CD5A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

    FirewallRules: [{19062B4F-F524-4351-8D9F-6A5AC1C9BE65}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

    FirewallRules: [{FB007FC0-052A-4366-8509-0953A20EBC19}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe

    FirewallRules: [{076BCE0F-5B1B-4D18-8AEE-D87A6A5E235E}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe

    FirewallRules: [{EFB7688A-14CD-473A-9CF9-4219A84F571F}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe

    FirewallRules: [{33BA2308-4790-43A2-AD6A-A2E3505A7E73}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe

    FirewallRules: [{CF6FC813-C14F-4723-913E-D47DDB556FE0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    FirewallRules: [{84EF5FE2-7C13-42EC-B54C-E6DE798E8C1F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    FirewallRules: [{84649655-4E50-41DB-8429-8F53F4826FF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

    FirewallRules: [{42271F38-6BBB-46C0-B7D6-A473DC1C4EE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

    FirewallRules: [{63A2593E-37A2-4248-9886-FBB4DF85C720}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{E3F75D13-7967-4BA9-A09E-66705A63E672}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{71077BE5-DBA2-4DE8-8A81-2BB94D19BFD4}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe

    FirewallRules: [{4B8C1F86-162D-41CA-AED3-8941D85C1500}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe

    FirewallRules: [{4591F867-BCE9-4232-BBF1-32341FE60A0F}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe

    FirewallRules: [{B74579CE-FF49-41F2-9072-33D02CE7D951}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe

    FirewallRules: [{78A79EA0-77B2-4735-81D9-E3BD85D3DC85}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe

    FirewallRules: [{AC61B826-F949-4B03-AB1E-E2E76B4C1F6F}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe

    FirewallRules: [{6C0877C0-CC83-4E60-9BAB-279FC291C3E5}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe

    FirewallRules: [{3F242F30-B190-4690-A8CC-54DC951AE268}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe

    FirewallRules: [TCP Query User{DD239C72-D7B8-4C27-B586-158585286D9A}H:\games\battlefield 4\bf4_x86.exe] => (Allow) H:\games\battlefield 4\bf4_x86.exe

    FirewallRules: [UDP Query User{365B97CE-CFA1-4F44-9D01-46723F3D18B9}H:\games\battlefield 4\bf4_x86.exe] => (Allow) H:\games\battlefield 4\bf4_x86.exe

    FirewallRules: [{02AE2090-1D55-403D-863F-FF7C970D2D37}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    FirewallRules: [{A438C9B7-A184-4945-A04B-DEA5F389F9D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

    FirewallRules: [{FAA91DA7-00C8-4B56-86D1-10FE6B6B59BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

    FirewallRules: [{C96AE375-0A3C-4DB7-954D-59C61E623DCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

    FirewallRules: [{81D121AE-586B-4955-BFD7-0716B34A8D57}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{FF095264-834A-41BC-BAA8-1D5D8BBD91D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    FirewallRules: [{D17791ED-592F-42E2-B069-6B1CC31EAA4A}] => (Allow) H:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe

    FirewallRules: [{AF574895-63E4-4A46-871A-D9E619E5966C}] => (Allow) H:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe

    FirewallRules: [{E2801422-3D22-41B8-B83F-58E1A0B7A210}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe

    FirewallRules: [{E972BA8E-8951-44AE-84A8-514919EF150E}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe

    FirewallRules: [{D9AE9D59-7F50-4496-A9EA-55F2B052D126}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe

    FirewallRules: [{52B7BA08-CE46-4CA2-B1EE-A6BFDCB2025F}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe

    FirewallRules: [{EBECC55C-1D7B-46A0-8163-357D744AA8E4}] => (Allow) h:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

    FirewallRules: [{DAB03E88-0021-4248-B79B-7E1FD0635D9D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe

    FirewallRules: [{DEEBDA1D-1EFE-4BE0-AB88-BEE4A5E211E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe

    FirewallRules: [{CF0E2D4E-CBBB-4961-9586-3EB4048A6553}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Little Inferno Beta\Little Inferno.exe

    FirewallRules: [{60C265C8-C649-4857-898F-70877F019F1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Little Inferno Beta\Little Inferno.exe

    FirewallRules: [{B636CFEA-76AC-4114-BFD5-B4D2118AEA2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Capsized\Capsized.exe

    FirewallRules: [{0789103C-A70A-493C-B611-5F62F223AB16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Capsized\Capsized.exe

    FirewallRules: [{72FA1FA6-6F5E-4155-90CE-E8E0D261F4D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe

    FirewallRules: [{8BB8E852-9A0E-4EB7-88C5-5EB5D55346E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe

    FirewallRules: [{633321D3-F0D4-44A9-AD40-65D7A0D90176}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Intrusion 2\intrusion2.exe

    FirewallRules: [{3DF5F331-F675-4E23-BEDD-9E4B94E27BB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Intrusion 2\intrusion2.exe

    FirewallRules: [{C2A69856-6BE6-427F-9DC9-32E29DD97544}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe

    FirewallRules: [{149BB1C6-0A30-4891-A11F-7634FB9E553F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe

    FirewallRules: [{D8F14BAF-7E04-48EA-8C16-A8EC1574B78E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe

    FirewallRules: [{C3443A49-8355-4C3D-BE7D-11FFB872A653}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe

    FirewallRules: [{F9BD63E6-5169-4C2B-AFEC-0DDC8EB72289}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe

    FirewallRules: [{551FB3C0-4645-41CB-AB00-9F43CCE46493}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe

    FirewallRules: [{06B9A16A-DDFD-4148-BE6E-A3993B89763D}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe

    FirewallRules: [{084C05C5-D121-44F8-9DC2-17C34CEF9E70}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe

    FirewallRules: [TCP Query User{A320347E-3FA3-4680-9126-2847785FE7DA}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe

    FirewallRules: [UDP Query User{7C9DB469-8EA9-45E9-A658-8F663792212E}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe

    FirewallRules: [{1EDF5DD5-B89C-4763-BB46-0C2FDE76CBF8}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe

    FirewallRules: [{6DA3F26F-26F0-471D-904E-0CE5544B5989}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe

    FirewallRules: [{258F0458-EA44-41E3-8D2D-E7B472D90DE8}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe

    FirewallRules: [{7EAF7120-A808-42F0-A1AD-823682797941}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe

    FirewallRules: [{37899513-D87A-4672-B457-BE0597B097F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe

    FirewallRules: [{9C0FBBE6-B157-467E-A8CB-81B611BDB45C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe

    FirewallRules: [{F61D0966-19B4-4876-853A-D9CC2C4B5E06}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe

    FirewallRules: [{4A0D555E-1B26-4F42-8D04-70904BC2B645}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe

    FirewallRules: [{4E82FF9E-1B30-4337-8BBB-8D4941149862}] => (Allow) F:\Battle.net\Battle.net.exe

    FirewallRules: [{6EEA3D04-B5DD-49C8-AB80-D3C8EA2C3AA1}] => (Allow) F:\Battle.net\Battle.net.exe

    FirewallRules: [{A09646E5-0904-4146-BD89-498F842891CD}] => (Allow) F:\Hearthstone\Hearthstone.exe

    FirewallRules: [{193EAC09-7FE7-4F2E-9C38-F62ACE11D341}] => (Allow) F:\Hearthstone\Hearthstone.exe

    FirewallRules: [{40D55099-AEF6-4F68-92B0-CED770C66723}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
     
  5. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    Part III (of III) of ADDITION.txt (sorry for the tons of log info)

    FirewallRules: [TCP Query User{68EC577C-593F-43D2-AB46-BE816E6F92F8}C:\program files (x86)\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files (x86)\mkjogo\mklol\bin\mkim.exe

    FirewallRules: [UDP Query User{64D917BB-F870-40FB-A7A9-004F3C68E4B6}C:\program files (x86)\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files (x86)\mkjogo\mklol\bin\mkim.exe

    FirewallRules: [{19902B20-026B-44CA-95C4-D0070D2E5BEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe

    FirewallRules: [{48F747B9-5B80-44D1-AEC8-AD6F8D85E9B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe

    FirewallRules: [{CE7FD005-D9E2-44C5-A8FD-E140543B155B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

    FirewallRules: [{0D7C0248-A5F3-4657-B029-9410676F13FF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

    FirewallRules: [{BC7F1360-AE9E-4539-A60D-4D75D2198A50}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe

    FirewallRules: [{AF6C5CEB-3FD9-46F6-8B77-C3AC4D517133}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe

    FirewallRules: [{5137591F-531C-44DE-87F9-C975F47B7073}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

    FirewallRules: [TCP Query User{5276F6D8-50D3-4669-A308-11B8201F2D3F}\\192.168.1.65\software\ip camera\bsearch_en.exe] => (Allow) \\192.168.1.65\software\ip camera\bsearch_en.exe

    FirewallRules: [UDP Query User{D1C000F0-BCB3-4B94-91B4-72FE1C6145BB}\\192.168.1.65\software\ip camera\bsearch_en.exe] => (Allow) \\192.168.1.65\software\ip camera\bsearch_en.exe

    FirewallRules: [{2D7BEC0E-3E4B-4820-B719-36F0C4A766DC}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe

    FirewallRules: [{4611DF3B-8FE3-4DE5-BFC1-1AAF772EF1AC}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe

    FirewallRules: [{E8D4D07D-02C2-40BF-8731-30F375434CAB}] => (Allow) F:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe

    FirewallRules: [{E141A120-842F-4823-ABA9-E73239B654B1}] => (Allow) F:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe

    FirewallRules: [{F4C786A9-CD6D-4125-BA0E-2EEDE0C5F345}] => (Allow) F:\Sims 4\The SIMS 4-Deluxe Edition-SKIDROWCRACK\Game\Bin\TS4.exe

    FirewallRules: [{024D86F8-1879-4561-9350-792DEF60BBDF}] => (Allow) F:\Sims 4\The SIMS 4-Deluxe Edition-SKIDROWCRACK\Game\Bin\TS4.exe

    FirewallRules: [{2055DF16-9A4E-428D-A024-9C46F3A596F7}] => (Allow) F:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe

    FirewallRules: [{0AC28A61-C3F2-46B7-B621-DE1DB834A69E}] => (Allow) F:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe

    FirewallRules: [{BF593F61-7723-4A82-8549-63B634DA96A6}] => (Allow) F:\steam library folder\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe

    FirewallRules: [{CDE6C2BA-1873-4695-BA61-182C8A50DBD8}] => (Allow) F:\steam library folder\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe

    FirewallRules: [{620F44A6-70E9-4C16-A114-D86C3A0194FB}] => (Allow) F:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

    FirewallRules: [{A569FC0D-BA47-443C-9340-742FB75D25BA}] => (Allow) F:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

    FirewallRules: [{EC201D03-44EF-403A-A921-21C43F119B8F}] => (Block) F:\Program Files (x86)\Middle Earth Shadow of Mordor\x64\ShadowOfMordor.exe

    FirewallRules: [{40BDA590-D721-405A-B3F5-3F4B5EF595F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

    FirewallRules: [{C8DC17BD-5717-4DE0-A27B-6407B4B25010}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

    FirewallRules: [{7C118354-3226-4360-9FD1-65DC71389647}] => (Block) F:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe

    FirewallRules: [TCP Query User{8BCB95E3-7A95-45FD-8E6F-B253FAFC207F}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

    FirewallRules: [UDP Query User{D5729ED5-36F5-40B3-A63C-C18DAC8A2E36}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

    FirewallRules: [TCP Query User{FDA90FF7-1159-45B9-9D0D-831E450A55BF}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

    FirewallRules: [UDP Query User{8EB5D2A2-1CCA-4C33-923F-4D7E2B69F6BF}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

    FirewallRules: [{FE978480-D164-4FD9-A835-879C7D9801A6}] => (Allow) F:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe

    FirewallRules: [{A2F44525-A511-457C-9B1C-F17B3C6EEF24}] => (Allow) F:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe

    FirewallRules: [{2D26ABDB-A8DD-4825-8504-1F761B66993E}] => (Allow) F:\steam library folder\SteamApps\common\AmongRipples\AmongRipples.exe

    FirewallRules: [{9429715E-8373-4C0D-A795-8956BA81F12A}] => (Allow) F:\steam library folder\SteamApps\common\AmongRipples\AmongRipples.exe

    FirewallRules: [{545E2D5F-3588-48A2-8DE3-09EF2D1C0BBD}] => (Allow) F:\steam library folder\SteamApps\common\Ghost Master\ghost.exe

    FirewallRules: [{D9583C59-40A7-4B1B-B077-62E363F0F4C1}] => (Allow) F:\steam library folder\SteamApps\common\Ghost Master\ghost.exe

    FirewallRules: [{2C78F406-76FF-4F25-A7E5-0D411857C7DB}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0A4B\hppiw.exe

    FirewallRules: [{0C26C0A9-B6FA-4B81-9A83-909F27312618}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0A4B\hppiw.exe

    FirewallRules: [{1F83F92F-3833-421F-A244-C0E3FB694569}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0B7B\hppiw.exe

    FirewallRules: [{0EB9F89D-2FDC-49AD-AAFA-577ABD30B928}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0B7B\hppiw.exe

    FirewallRules: [{A58AA986-58ED-4F18-9DDD-C50BF2940A8B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

    FirewallRules: [{87FA797F-6129-465C-8603-70B35453452A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

    FirewallRules: [{E054CB61-66C9-42AE-B92F-6C05F6A2923C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

    FirewallRules: [{FB9A5A6E-ECF4-4A26-8C2D-2AE7D429034E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

    FirewallRules: [{1E4BE5AA-B482-475F-93AD-CBD990B06701}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

    FirewallRules: [{B22B92E9-5FB1-4EC2-93FF-4B38D1BB8F1B}] => (Allow) F:\steam library folder\SteamApps\common\Besiege\Besiege.exe

    FirewallRules: [{201F1F9F-1CD7-4F6D-B569-481023F6A437}] => (Allow) F:\steam library folder\SteamApps\common\Besiege\Besiege.exe

    FirewallRules: [{090FDD4B-E896-43DE-87CF-3893E8383E8E}] => (Allow) F:\steam library folder\SteamApps\common\Shelter2\Shelter2.exe

    FirewallRules: [{D7F3A4EE-1ABD-412B-8E85-9F424BD0B1AE}] => (Allow) F:\steam library folder\SteamApps\common\Shelter2\Shelter2.exe

    FirewallRules: [{2FB00F36-4544-4E26-955C-439372EC888B}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe

    FirewallRules: [{0A176B48-A3F5-438B-A247-43EFD650232F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

    FirewallRules: [{E53E7E62-76B9-49CF-87A0-9EB2753AC14F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

    FirewallRules: [{0C0E2572-34EC-486C-9919-77E842139269}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    FirewallRules: [{49B73444-5D64-4F25-8412-0285B66AB032}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    FirewallRules: [{E20D0868-1E0C-4F3E-99DF-68E89A91EF4D}] => (Allow) F:\Program Files\iTunes\iTunes.exe

    FirewallRules: [{E64CE403-77F0-4F2F-8F52-B083DA0AC171}] => (Allow) F:\steam library folder\SteamApps\common\Napoleon Total War\Napoleon.exe

    FirewallRules: [{93BB2153-5431-48C4-B9A2-1D98A4E8112C}] => (Allow) F:\steam library folder\SteamApps\common\Napoleon Total War\Napoleon.exe

    FirewallRules: [TCP Query User{DE52C308-F913-49AA-9AED-446CA547CD87}F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe

    FirewallRules: [UDP Query User{7D64ED70-3060-4ED4-AC21-5C843510BA7D}F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe

    FirewallRules: [{5A4F6B44-6B7C-4642-B704-F37C2289B06C}] => (Allow) F:\steam library folder\SteamApps\common\Counter-Strike Global Offensive\csgo.exe

    FirewallRules: [{2501C92A-CFF4-4007-A072-D712A7F8A6CE}] => (Allow) F:\steam library folder\SteamApps\common\Counter-Strike Global Offensive\csgo.exe

    FirewallRules: [TCP Query User{F2C88D33-4F8B-4AF5-86FE-84EAEA525979}F:\steam library folder\dota 2 beta\dota.exe] => (Allow) F:\steam library folder\dota 2 beta\dota.exe

    FirewallRules: [UDP Query User{945C1935-0881-4C64-B612-025DEBE74F86}F:\steam library folder\dota 2 beta\dota.exe] => (Allow) F:\steam library folder\dota 2 beta\dota.exe

    FirewallRules: [{C514BCB0-0981-4C42-BDA3-CA7A7012710E}] => (Allow) F:\steam library folder\SteamApps\common\Subnautica\Subnautica.exe

    FirewallRules: [{50AC0A48-284E-4FD1-A8AC-5918C6207E75}] => (Allow) F:\steam library folder\SteamApps\common\Subnautica\Subnautica.exe

    FirewallRules: [TCP Query User{8460AE0B-4376-4BB0-81E5-6CE3B421B243}C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe

    FirewallRules: [UDP Query User{F6557E35-67F5-4E20-B191-B18F274A13AC}C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe

    FirewallRules: [{66EFA9DC-A369-4C74-881D-13F9CB007118}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

    FirewallRules: [{07D4652B-BFA7-41DA-8C85-33FD00EC6750}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

    FirewallRules: [{FA0FDA31-3C1E-4B0F-8F0B-ADA829CF08C3}] => (Allow) F:\steam library folder\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe

    FirewallRules: [{2DBD8A65-6F03-44B2-99D6-33EB46B3E7A3}] => (Allow) F:\steam library folder\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe

    FirewallRules: [{CF58AB2A-ABB0-4110-858D-3A9829623E8D}] => (Allow) F:\steam library folder\SteamApps\common\The Plan\The Plan.exe

    FirewallRules: [{3F6F67DC-539E-4DEB-9386-DC23614FE541}] => (Allow) F:\steam library folder\SteamApps\common\The Plan\The Plan.exe

    FirewallRules: [{62829CAD-2988-43EF-B31A-3904917A680E}] => (Allow) F:\steam library folder\SteamApps\common\Making History The Calm and The Storm Demo\bin\makehist.exe

    FirewallRules: [{0F0D9699-855E-4069-B909-9FC00A237973}] => (Allow) F:\steam library folder\SteamApps\common\Making History The Calm and The Storm Demo\bin\makehist.exe

    FirewallRules: [{3D83D1DF-D0C5-4BB6-8864-833BB379638A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Faulty Device Manager Devices =============


    Name: VBoxAsw Support Driver

    Description: VBoxAsw Support Driver

    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

    Manufacturer:

    Service: VBoxAswDrv

    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

    Devices stay in this state if they have been prepared for removal.

    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    Name: Unknown Device

    Description: Unknown Device

    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

    Manufacturer: (Standaard USB Host Controller)

    Service:

    Problem: : Windows has stopped this device because it has reported problems. (Code 43)

    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.



    ==================== Event log errors: =========================


    Application errors:

    ==================

    Error: (06/04/2015 04:41:26 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Naam van toepassing met fout: procexp64.exe, versie: 16.5.0.0, tijdstempel: 0x55503597

    Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000

    Uitzonderingscode: 0xc0000005

    Foutoffset: 0x00000000770b000a

    Id van proces met fout: 0x4cc

    Starttijd van toepassing met fout: 0xprocexp64.exe0

    Pad naar toepassing met fout: procexp64.exe1

    Pad naar module met fout: procexp64.exe2

    Rapport-id: procexp64.exe3


    Error: (06/04/2015 04:15:03 PM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Naam van toepassing met fout: ipoint.exe, versie: 2.3.188.0, tijdstempel: 0x53227c52

    Naam van module met fout: dpghnt.dll_unloaded, versie: 0.0.0.0, tijdstempel: 0x53227c38

    Uitzonderingscode: 0xc0000005

    Foutoffset: 0x000007fef3cabce3

    Id van proces met fout: 0xaa4

    Starttijd van toepassing met fout: 0xipoint.exe0

    Pad naar toepassing met fout: ipoint.exe1

    Pad naar module met fout: ipoint.exe2

    Rapport-id: ipoint.exe3


    Error: (06/04/2015 01:32:33 PM) (Source: SideBySide) (EventID: 35) (User: )

    Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.

    Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.

    Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".

    Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".

    Gebruik sxstrace.exe voor gedetailleerde diagnose.


    Error: (06/03/2015 11:13:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: Local Hostname PETER-PC.local already in use; will try PETER-PC-2.local instead


    Error: (06/03/2015 11:13:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 PETER-PC.local. Addr 127.0.0.1


    Error: (06/03/2015 11:13:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353 16 PETER-PC.local. AAAA 0000:0000:0000:0000:0000:0000:0000:0001


    Error: (06/03/2015 00:20:20 AM) (Source: SideBySide) (EventID: 35) (User: )

    Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.

    Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.

    Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".

    Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".

    Gebruik sxstrace.exe voor gedetailleerde diagnose.


    Error: (06/02/2015 10:28:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: 492: ERROR: read_msg errno 0 (De bewerking is voltooid.)


    Error: (06/02/2015 10:28:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: ERROR: mDNSPlatformReadTCP - recv: 10053


    Error: (06/02/2015 10:28:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )

    Description: 492: ERROR: read_msg errno 0 (De bewerking is voltooid.)



    System errors:

    =============

    Error: (06/04/2015 04:33:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

    Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de Windows Search-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt:

    %%1056


    Error: (06/04/2015 04:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

    Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.


    Error: (06/04/2015 04:14:41 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )

    Description: Onverwachte fout. Foutcode: D@01010004


    Error: (06/04/2015 04:14:40 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )

    Description: Onverwachte fout. Foutcode: D@01010004


    Error: (06/04/2015 04:14:40 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )

    Description: Onverwachte fout. Foutcode: D@01010004


    Error: (06/04/2015 04:14:40 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )

    Description: Onverwachte fout. Foutcode: D@01010004


    Error: (06/04/2015 04:14:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

    Description: De volgende opstartstuurprogramma's zijn niet geladen:

    MtxDma0


    Error: (06/04/2015 04:14:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

    Description: De VBoxAsw Support Driver-service kan vanwege de volgende fout niet worden gestart:

    %%2


    Error: (06/04/2015 04:14:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

    Description: De NPEService-service kan vanwege de volgende fout niet worden gestart:

    %%2


    Error: (06/04/2015 04:14:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

    Description: Er is een fout opgetreden bij een poging het local hosts-bestand te lezen.



    Microsoft Office:

    =========================


    CodeIntegrity Errors:

    ===================================

    Date: 2015-03-22 20:29:02.603

    Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.


    Date: 2015-03-22 20:29:02.550

    Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.


    Date: 2013-11-21 17:34:52.563

    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.


    Date: 2013-11-21 17:34:52.503

    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.


    Date: 2013-11-21 17:34:52.453

    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.


    Date: 2013-11-21 17:34:52.393

    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.


    Date: 2013-11-21 17:33:45.255

    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.


    Date: 2013-11-21 17:33:45.195

    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.


    Date: 2013-11-21 17:33:45.135

    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.


    Date: 2013-11-21 17:33:45.075

    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.



    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz

    Percentage of memory in use: 44%

    Total physical RAM: 8099.93 MB

    Available physical RAM: 4455.82 MB

    Total Pagefile: 18198.04 MB

    Available Pagefile: 13676.88 MB

    Total Virtual: 8192 MB

    Available Virtual: 8191.82 MB


    ==================== Drives ================================


    Drive c: () (Fixed) (Total:223.47 GB) (Free:83.14 GB) NTFS

    Drive e: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Drive f: (TeraDisk) (Fixed) (Total:931.51 GB) (Free:378.75 GB) NTFS

    Drive h: (SSD 120GB) (Fixed) (Total:119.15 GB) (Free:17.92 GB) NTFS

    Drive m: () (Network) (Total:1830.83 GB) (Free:198.37 GB)

    Drive p: () (Network) (Total:913.94 GB) (Free:37.16 GB)

    Drive s: () (Network) (Total:1830.83 GB) (Free:198.37 GB)

    Drive v: () (Network) (Total:913.94 GB) (Free:37.16 GB)

    Drive w: () (Network) (Total:1830.83 GB) (Free:198.37 GB)

    Drive z: () (Network) (Total:0.24 GB) (Free:0.16 GB)


    ==================== MBR & Partition Table ==================


    ========================================================

    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 5352E724)

    Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)

    Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)


    ========================================================

    Disk: 1 (Size: 931.5 GB) (Disk ID: 2F0AD043)

    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)


    ========================================================

    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 3373616B)

    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

    Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)


    ==================== End of log ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================

    [​IMG] Please use Notepad instead of Wordpad to open logs.
    Wordpad creates an extra space between lines and logs are double in length.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  7. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    RogueKiller seemed to have worked OK. Cannot start MBAM however... So I can only execute step 1 for now. Here are the results:

    RogueKiller V10.8.1.0 [Jun 3 2015] door Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestart in : Normale mode
    Gebruiker : PETER [Administrator]
    Started from : C:\Users\PETER\Desktop\RogueKiller.exe
    Mode : Verwijder -- Datum : 06/06/2015 13:44:22

    ¤¤¤ Processen : 4 ¤¤¤
    [Suspicious.Path|VT.Unknown] cvxasync.exe(4052) -- C:\ProgramData\nvxasync\cvxasync.exe[-] -> Gestopt [TermProc]
    [Suspicious.Path|VT.Unknown] nvxasync.exe(3680) -- C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe[-] -> Gestopt [TermProc]
    [Suspicious.Path|VT.Unknown] nvxasync.exe(5552) -- C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe[-] -> Gestopt [TermProc]
    [Suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\PETER\AppData\Local\Temp\ALSysIO64.sys[x] -> Gestopt

    ¤¤¤ Register : 15 ¤¤¤
    [Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | CitrixReceiver : "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [x] -> Niet geselecteerd
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\PETER\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart [x][x] -> Niet geselecteerd
    [Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Windows\CurrentVersion\Run | nvxasync : C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe [-] -> Niet geselecteerd
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\PETER\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart [x][x] -> Niet geselecteerd
    [Suspicious.Path|VT.Unknown] (X86) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Windows\CurrentVersion\Run | nvxasync : C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe [-] -> Niet geselecteerd
    [Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : C:\ProgramData\nvxasync\cvxasync.exe [-] -> Niet geselecteerd
    [Suspicious.Path|VT.Unknown] (X86) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : C:\ProgramData\nvxasync\cvxasync.exe [-] -> Niet geselecteerd
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\PETER\AppData\Local\Temp\ALSysIO64.sys) -> Niet geselecteerd
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\PETER\AppData\Local\Temp\ALSysIO64.sys) -> Niet geselecteerd
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\PETER\AppData\Local\Temp\ALSysIO64.sys) -> Niet geselecteerd
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.surfvox.com/ -> Niet geselecteerd
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.surfvox.com/ -> Niet geselecteerd
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32213330-467A-4857-A860-1F0BDF01D5E2} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Niet geselecteerd
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{32213330-467A-4857-A860-1F0BDF01D5E2} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Niet geselecteerd
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{32213330-467A-4857-A860-1F0BDF01D5E2} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Niet geselecteerd

    ¤¤¤ Taken : 0 ¤¤¤

    ¤¤¤ Bestanden : 0 ¤¤¤

    ¤¤¤ Host-bestand : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Niet geladen [0xc000036b]) ¤¤¤

    ¤¤¤ Web Browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ADATA SP900 ATA Device +++++
    --- User ---
    [MBR] a2828862074b9c9297605e870311a6a9
    [BSP] ffb02511d2e61af1139478bfc17975f0 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 8 | Size: 99 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 203776 | Size: 122004 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD10EFRX-68PJCN0 ATA Device +++++
    --- User ---
    [MBR] 51f52269fc3742d5079a91f0d0d49965
    [BSP] 1438215ec9fb6cdf281b544e48a4513b : Unknown|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2 | Size: 953869 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: OCZ-VERTEX2 ATA Device +++++
    --- User ---
    [MBR] 96b1dcd4199e7943029eb6a38a1395d9
    [BSP] b2e0bd24fd3ef58de7fb5323395d687d : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228835 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive3: DurPower CF USB20Reader USB Device +++++
    Error reading User MBR! ([15] Het apparaat is niet klaar. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. )

    +++++ PhysicalDrive4: DurPower SM USB20Reader USB Device +++++
    Error reading User MBR! ([15] Het apparaat is niet klaar. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. )

    +++++ PhysicalDrive5: DurPower SD USB20Reader USB Device +++++
    Error reading User MBR! ([15] Het apparaat is niet klaar. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. )

    +++++ PhysicalDrive6: DurPower MS USB20Reader USB Device +++++
    Error reading User MBR! ([15] Het apparaat is niet klaar. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. )


    ============================================
    RKreport_SCN_06062015_134045.log
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    What exactly happens when you try to run MBAM?
     
  9. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    When double-clicking on the setup executable, the computer asks permission to execute this file.
    After that, I see no active program. I (still) cannot open Task Manager to check if something is running.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Skip MBAM for now.
     
  11. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    No luck on AdwCleaner either.
    Double-click on the exe file: computer asks permission to run this program.
    Permission granted. AdwCleaner briefly shows message about download, and shows its start screen.
    After clicking on Scan, it only reports Loading Database (in Dutch, so hopefully translated correctly), then reports something like Started Generic search.
    Then the program halts and Windows reports: AdwCleaner stopped functioning.
     
  12. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    (Maybe) sorry for trying, but gave MBAM another go after this.
    Installed, updated & ran fine this time.

    Report:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scandatum: 7-6-2015
    Scantijd: 14:05:08
    Logbestand: MBAM scan log.txt
    Beheerder: Ja

    Versie: 2.01.6.1022
    Malware Gegevensbestand: v2015.06.07.03
    Rootkit Gegevensbestand: v2015.06.02.01
    Licentie: Proef
    Malwarebescherming: Ingeschakeld
    Kwaadaardige Website Bescherming: Ingeschakeld
    Zelfbescherming: Uitgeschakeld

    Besturingssysteem: Windows 7 Service Pack 1
    Processor: x64
    Bestandssysteem: NTFS
    Gebruiker: PETER

    Scantype: Bedreigingsscan
    Resultaat: Voltooid
    Objecten Gescand: 450249
    Verstreken Tijd: 11 m, 41 s

    Geheugen: Ingeschakeld
    Opstarten: Ingeschakeld
    Bestandssysteem: Ingeschakeld
    Archieven: Ingeschakeld
    Rootkits: Uitgeschakeld
    Heuristiek: Ingeschakeld
    POP: Ingeschakeld
    POA: Ingeschakeld

    Processen: 0
    (Geen kwaadaardige items gedetecteerd)

    Modules: 0
    (Geen kwaadaardige items gedetecteerd)

    Registersleutels: 2
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantaine, [4f902b8c6a20e84e82e45e2675907b85],
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantaine, [f1ee23948bff4de9f96dfc88f3126799],

    Registerwaardes: 3
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantaine, [4f902b8c6a20e84e82e45e2675907b85]
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantaine, [f1ee23948bff4de9f96dfc88f3126799]
    PUP.Optional.SurfVox.A, HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nvxasync, C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe, In Quarantaine, [e0ff9b1c79119d999d5c3cd8ca3a22de]

    Registerdata: 0
    (Geen kwaadaardige items gedetecteerd)

    Mappen: 3
    PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\searchplugins, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],

    Bestanden: 21
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe, In Quarantaine, [e0ff9b1c79119d999d5c3cd8ca3a22de],
    PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\com.apple.Safari.plist, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
    PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\cvxasync.exe, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
    PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\klite.exe, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
    PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\oldfilenotused, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
    PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\Prefaddon, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
    PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\setting.dat, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
    PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\starter.xml, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
    PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\user.js, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
    PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\Web Data, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\com.apple.Safari.plist, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\klite.exe, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\oldfilenotused, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\Prefaddon, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\Preferences, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\Secure Preferences, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\setting.dat, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\starter.xml, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\user.js, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
    PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\Web Data, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
    PUP.Optional.SurfVox, C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Goed: ("session":{"restore_on_startup":5}}), Slecht: ("session":{"restore_on_startup":4,"startup_urls":["http://www.surfvox.com/"]}}), Vervangen,[647b4e6933572a0c4f73fa80b353916f]

    Fysieke Sectoren: 0
    (Geen kwaadaardige items gedetecteerd)


    (end)
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Retry AdwCleaner now.
     
  14. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    Same problem as before: starts to run, but soon gives the message Adwcleaner stopped functioning.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Go ahead with JRT
     
  16. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    JRT ran fine:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.9.0 (06.07.2015:1)
    OS: Windows 7 Ultimate x64
    Ran by PETER on ma 08-06-2015 at 7:26:31,87
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_5A72722A97D2BA40C91A2D5C9EAE26D7
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{828B376B-F2F6-4778-928C-E29EC877535E}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
    Successfully deleted: [Folder] C:\ProgramData\ShoPDaropa [BHO.Multiplug]



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh

    [C:\Users\PETER\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\PETER\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\PETER\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\PETER\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on ma 08-06-2015 at 7:42:19,03
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  18. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    Combofix did run at once.
    At the end, it gave me a number of fairly identical messages about not being able to reset or restore registry values.
    After that, the system attempted to reboot but got stuck. Since Combofix screen was already gone, I rebooted manually.
    Combofix then produced this log:

    ComboFix 15-05-31.01 - PETER 08-06-2015 22:38:42.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8100.5604 [GMT 2:00]
    Gestart vanuit: c:\users\PETER\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\menu.lst
    c:\users\PETER\AppData\Local\assembly\tmp
    c:\users\PETER\AppData\Local\Temp\7zS0A4B\HPSLPSVC64.DLL
    c:\users\PETER\AppData\Roaming\Launcher.rb4
    c:\users\PETER\ViceVersa.exe
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\wpcap.dll
    c:\windows\SysWow64\zip32.dll
    c:\windows\UnSb0009.exe
    F:\install.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_npf
    -------\Service_HPSLPSVC
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2015-05-08 to 2015-06-08 ))))))))))))))))))))))))))))))
    .
    .
    2015-06-07 11:05 . 2015-06-07 11:05 -------- d-----w- C:\RegBackup
    2015-06-06 11:30 . 2015-06-07 10:54 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-06-06 11:30 . 2015-06-06 11:53 -------- d-----w- c:\programdata\RogueKiller
    2015-06-04 14:52 . 2015-06-04 14:55 -------- d-----w- C:\FRST
    2015-06-04 14:33 . 2015-06-04 14:33 -------- d-----w- c:\program files\CCleaner
    2015-06-04 14:04 . 2015-06-04 14:27 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
    2015-06-04 14:03 . 2015-06-04 14:04 -------- d-----w- c:\program files\Adware-Removal-Tool
    2015-06-04 14:03 . 2015-06-04 14:03 -------- d-----w- c:\program files\Common Files\Microsoft
    2015-05-25 21:23 . 2015-05-25 21:23 -------- d-----w- c:\program files\avast software
    2015-05-24 18:48 . 2015-05-24 18:48 -------- d-----w- c:\programdata\Muzzy Lane Software
    2015-05-10 16:37 . 2015-05-10 16:37 -------- d-----w- c:\users\PETER\AppData\Roaming\Greenshot
    2015-05-10 16:37 . 2015-05-10 16:37 -------- d-----w- c:\users\PETER\AppData\Local\Greenshot
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-06-08 20:55 . 2014-05-31 22:21 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-06-08 20:55 . 2012-05-04 15:05 151552 ----a-w- c:\windows\KMSEmulator.exe
    2015-05-03 03:55 . 2014-08-22 09:03 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-04-23 20:10 . 2012-04-07 16:21 128913832 ----a-w- c:\windows\system32\MRT.exe
    2015-04-23 20:05 . 2015-04-23 20:05 364472 ----a-w- c:\windows\system32\aswBoot.exe
    2015-04-23 20:05 . 2014-05-29 17:03 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-04-23 20:05 . 2014-01-11 21:23 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2015-04-23 20:05 . 2013-03-19 20:24 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-04-23 20:05 . 2013-03-19 20:24 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-04-23 20:05 . 2012-04-08 07:04 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2015-04-23 20:05 . 2012-04-08 07:04 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2015-04-23 20:05 . 2012-04-08 07:04 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2015-04-23 20:04 . 2015-04-23 20:04 43112 ----a-w- c:\windows\avastSS.scr
    2015-04-23 20:04 . 2012-04-08 07:04 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2015-04-19 22:58 . 2015-04-23 20:10 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69DB9EB0-FC5E-4AF3-A5F8-7378AA86DCEE}\mpengine.dll
    2015-04-15 20:08 . 2012-04-08 07:21 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-04-15 20:08 . 2012-04-08 07:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-04-14 07:37 . 2014-05-31 22:21 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-04-14 07:37 . 2014-05-31 22:21 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-04-14 07:37 . 2014-05-31 22:21 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-04-02 00:17 . 2015-04-23 20:09 389808 ----a-w- c:\windows\system32\iedkcs32.dll
    2015-03-25 03:24 . 2015-04-23 20:08 3298816 ----a-w- c:\windows\system32\wucltux.dll
    2015-03-25 03:24 . 2015-04-23 20:08 98304 ----a-w- c:\windows\system32\wudriver.dll
    2015-03-25 03:24 . 2015-04-23 20:08 37376 ----a-w- c:\windows\system32\wups2.dll
    2015-03-25 03:24 . 2015-04-23 20:08 35328 ----a-w- c:\windows\system32\wups.dll
    2015-03-25 03:24 . 2015-04-23 20:08 2553856 ----a-w- c:\windows\system32\wuaueng.dll
    2015-03-25 03:24 . 2015-04-23 20:08 191488 ----a-w- c:\windows\system32\wuwebv.dll
    2015-03-25 03:24 . 2015-04-23 20:08 696320 ----a-w- c:\windows\system32\wuapi.dll
    2015-03-25 03:24 . 2015-04-23 20:08 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
    2015-03-25 03:23 . 2015-04-23 20:08 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
    2015-03-25 03:23 . 2015-04-23 20:08 36864 ----a-w- c:\windows\system32\wuapp.exe
    2015-03-25 03:23 . 2015-04-23 20:08 135168 ----a-w- c:\windows\system32\wuauclt.exe
    2015-03-25 03:00 . 2015-04-23 20:08 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
    2015-03-25 03:00 . 2015-04-23 20:08 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
    2015-03-25 03:00 . 2015-04-23 20:08 29696 ----a-w- c:\windows\SysWow64\wups.dll
    2015-03-25 03:00 . 2015-04-23 20:08 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2015-03-25 03:00 . 2015-04-23 20:08 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    2015-03-23 03:25 . 2015-04-23 20:08 726528 ----a-w- c:\windows\system32\generaltel.dll
    2015-03-23 03:25 . 2015-04-23 20:08 769536 ----a-w- c:\windows\system32\invagent.dll
    2015-03-23 03:24 . 2015-04-23 20:08 419840 ----a-w- c:\windows\system32\devinv.dll
    2015-03-23 03:24 . 2015-04-23 20:08 957952 ----a-w- c:\windows\system32\appraiser.dll
    2015-03-23 03:24 . 2015-04-23 20:08 30720 ----a-w- c:\windows\system32\acmigration.dll
    2015-03-23 03:24 . 2015-04-23 20:08 192000 ----a-w- c:\windows\system32\aepic.dll
    2015-03-23 03:24 . 2015-04-23 20:08 227328 ----a-w- c:\windows\system32\aepdu.dll
    2015-03-23 03:17 . 2015-04-23 20:08 1111552 ----a-w- c:\windows\system32\aeinv.dll
    2015-03-17 05:22 . 2015-04-23 20:08 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe
    2015-03-17 05:22 . 2015-04-23 20:08 95672 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-03-17 05:22 . 2015-04-23 20:08 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2015-03-17 05:19 . 2015-04-23 20:08 1727904 ----a-w- c:\windows\system32\ntdll.dll
    2015-03-17 05:17 . 2015-04-23 20:08 362496 ----a-w- c:\windows\system32\wow64win.dll
    2015-03-17 05:17 . 2015-04-23 20:08 243712 ----a-w- c:\windows\system32\wow64.dll
    2015-03-17 05:17 . 2015-04-23 20:08 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2015-03-17 05:16 . 2015-04-23 20:08 215040 ----a-w- c:\windows\system32\winsrv.dll
    2015-03-17 05:16 . 2015-04-23 20:08 210944 ----a-w- c:\windows\system32\wdigest.dll
    2015-03-17 05:16 . 2015-04-23 20:08 86528 ----a-w- c:\windows\system32\TSpkg.dll
    2015-03-17 05:16 . 2015-04-23 20:08 29184 ----a-w- c:\windows\system32\sspisrv.dll
    2015-03-17 05:16 . 2015-04-23 20:08 136192 ----a-w- c:\windows\system32\sspicli.dll
    2015-03-17 05:16 . 2015-04-23 20:08 503808 ----a-w- c:\windows\system32\srcore.dll
    2015-03-17 05:16 . 2015-04-23 20:08 50176 ----a-w- c:\windows\system32\srclient.dll
    2015-03-17 05:16 . 2015-04-23 20:08 28160 ----a-w- c:\windows\system32\secur32.dll
    2015-03-17 05:16 . 2015-04-23 20:08 341504 ----a-w- c:\windows\system32\schannel.dll
    2015-03-17 05:16 . 2015-04-23 20:08 309760 ----a-w- c:\windows\system32\ncrypt.dll
    2015-03-17 05:16 . 2015-04-23 20:08 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2015-03-17 05:16 . 2015-04-23 20:08 314880 ----a-w- c:\windows\system32\msv1_0.dll
    2015-03-17 05:16 . 2015-04-23 20:08 1461760 ----a-w- c:\windows\system32\lsasrv.dll
    2015-03-17 05:16 . 2015-04-23 20:08 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2015-03-17 05:16 . 2015-04-23 20:08 1163264 ----a-w- c:\windows\system32\kernel32.dll
    2015-03-17 05:16 . 2015-04-23 20:08 728064 ----a-w- c:\windows\system32\kerberos.dll
    2015-03-17 05:16 . 2015-04-23 20:08 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2015-03-17 05:16 . 2015-04-23 20:08 22016 ----a-w- c:\windows\system32\credssp.dll
    2015-03-17 05:16 . 2015-04-23 20:08 112640 ----a-w- c:\windows\system32\smss.exe
    2015-03-17 05:16 . 2015-04-23 20:08 296960 ----a-w- c:\windows\system32\rstrui.exe
    2015-03-17 05:15 . 2015-04-23 20:08 31232 ----a-w- c:\windows\system32\lsass.exe
    2015-03-17 05:15 . 2015-04-23 20:08 338432 ----a-w- c:\windows\system32\conhost.exe
    2015-03-17 05:15 . 2015-04-23 20:08 64000 ----a-w- c:\windows\system32\auditpol.exe
    2015-03-17 05:13 . 2015-04-23 20:08 60416 ----a-w- c:\windows\system32\msobjs.dll
    2015-03-17 05:13 . 2015-04-23 20:08 146432 ----a-w- c:\windows\system32\msaudite.dll
    2015-03-17 05:11 . 2015-04-23 20:08 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 6656 ----a-w- c:\windows\system32\apisetschema.dll
    2015-03-17 05:11 . 2015-04-23 20:08 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-04-14 12:42 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-04-14 12:42 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-04-14 12:42 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2012-04-09 14:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Scan Buttons"="f:\program files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSB.EXE" [2009-12-09 202576]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
    "AnyDVD"="f:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-08-16 6287008]
    "Akamai NetSession Interface"="c:\users\PETER\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-05-19 21969480]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2015-06-04 2892992]
    "AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2014-08-04 1080104]
    "Wunderlist"="c:\program files (x86)\Wunderlist2\Wunderlist.exe" [2013-12-02 13021792]
    "DymoQuickPrint"="c:\program files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2014-03-20 1867056]
    "EADM"="f:\program files (x86)\Origin\Origin.exe" [2015-06-02 3632472]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-05-08 8322328]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PMSpeed"="f:\program files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE" [2009-12-04 112464]
    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
    "AutoEJCD_0ACE20FF"="c:\program files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2013-02-12 40960]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
    "BCSSync"="h:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
    "Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
    "AvastUI.exe"="f:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-11 5515496]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Opware12"="h:\program files (x86)\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 49152]
    "EaseUs Watch"="h:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2013-09-04 70728]
    "EaseUs Tray"="h:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2013-09-04 1372232]
    "EaseUs TB Tray Agent"="h:\program files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe" [2013-09-04 253512]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-12-03 3498728]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
    "QuickTime Task"="f:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-08-22 7780696]
    "AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1103424]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
    .
    c:\users\PETER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0
    .
    R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 NPEService;NPEService;\192.168.1.65\software\NPE.exe;\192.168.1.65\software\NPE.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 UsbClientService;UsbClientService;f:\program files (x86)\Synology\Assistant\UsbClientService.exe;f:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
    R2 VBoxAswDrv;VBoxAsw Support Driver;f:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;f:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    R3 ampa;ampa;c:\windows\system32\ampa.sys;c:\windows\SYSNATIVE\ampa.sys [x]
    R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
    R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
    R3 AvastVBoxSvc;AvastVBox COM Service;f:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;f:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
    R3 jakndis;Jaksta Service;c:\windows\system32\DRIVERS\jakndis.sys;c:\windows\SYSNATIVE\DRIVERS\jakndis.sys [x]
    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 Origin Client Service;Origin Client Service;f:\program files (x86)\Origin\OriginClientService.exe;f:\program files (x86)\Origin\OriginClientService.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH075C.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 SUNSTREAKER;Corsair USB HS40 Headphone Driver;c:\windows\system32\DRIVERS\Sunstreaker.sys;c:\windows\SYSNATIVE\DRIVERS\Sunstreaker.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
    S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
    S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
    S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv61xx.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
    S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
    S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
    S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
    S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
    S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
    S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S2 BankingTools_Import_Service;Import Service (Cashflow);f:\program files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe -displayname Import Service (Cashflow) -servicename BankingTools_Import_Service;f:\program files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe -displayname Import Service (Cashflow) -servicename BankingTools_Import_Service [x]
    S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
    S2 EaseUS Agent;EaseUS Agent Service;h:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;h:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
    S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
    S2 Guard Agent;Guard Agent Service;h:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe;h:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
    S2 TomTomHOMEService;TomTomHOMEService;f:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;f:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 WTService;WTService;c:\windows\System32\atwtusb.exe;c:\windows\SYSNATIVE\atwtusb.exe [x]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
    S3 ALSysIO;ALSysIO;c:\users\PETER\AppData\Local\Temp\ALSysIO64.sys;c:\users\PETER\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
    S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 jakndisMP;jakndisMP;c:\windows\system32\DRIVERS\jakndis.sys;c:\windows\SYSNATIVE\DRIVERS\jakndis.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Andere Services/Drivers In Geheugen ---
    .
    *NewlyCreated* - ALSYSIO
    *NewlyCreated* - MBAMSWISSARMY
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-05-26 06:58 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2015-01-03 c:\windows\Tasks\Adobe Acrobat Update Task.job
    - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 07:48]
    .
    2015-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 20:08]
    .
    2015-06-08 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS\AutoKMS.exe [2012-05-04 15:05]
    .
    2015-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10 21:45]
    .
    2015-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10 21:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-04-14 14:30 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-04-14 14:30 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-04-14 14:30 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-04-23 20:05 722400 ----a-w- f:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
    @="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
    [HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
    2013-08-07 15:58 2820056 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
    @="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
    [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
    2013-08-07 15:58 2820056 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
    @="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
    [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
    2013-08-07 15:58 2820056 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2012-04-09 14:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
    "MacroKeyManager"="WTMKM.exe" [2010-01-15 6105832]
    "PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2012-07-04 1240064]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
    "SUNSTREAKERSound"="c:\program files\Corsair Raptor HS40\CPL\CAHS40.exe" [2014-01-10 1611264]
    "SUNSTREAKERHS64"="c:\windows\system\GfsMgr64.exe" [2013-04-25 286720]
    "SUNSTREAKERHS"="c:\windows\syswow64\GfsMgr.exe" [2013-04-25 204800]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-07-18 518424]
    "iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    Wow6432Node-HKCU-Run-Google+ Auto Backup - c:\users\PETER\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
    Wow6432Node-HKCU-Run-MKLOL - c:\program files (x86)\MKJogo\MKLOL\MK.exe
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
    Wow6432Node-HKLM-Run-DLSService - c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    AddRemove-SmartDraw 2012 - f:\progra~2\SMARTD~1\UNWISE.EXE
    AddRemove-File Property Edit Free - h:\users\PETER\AppData\Local\File Property Edit Free\uninstall.exe
    AddRemove-MKLOL - c:\program files (x86)\MKJogo\MKLOL\MKuInst.exe
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\SecuROM\License information*]
    "datasecu"=hex:01,c2,71,05,77,8d,6a,b1,f1,67,76,6b,90,f2,1a,d3,30,cc,6c,11,8c,
    43,7c,5f,fa,06,60,31,cb,7c,00,75,6a,89,36,df,6b,4e,01,96,af,19,bb,5a,4f,21,\
    "rkeysecu"=hex:79,bc,0e,33,22,2e,b0,ab,e6,a1,5b,df,eb,f2,87,3a
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    f:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    c:\program files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
    c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
    c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
    c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    h:\program files (x86)\EaseUS\Todo Backup\bin\adb.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2015-06-08 23:13:46 - machine werd herstart
    ComboFix-quarantined-files.txt 2015-06-08 21:13
    .
    Pre-Run: 87.843.672.064 bytes beschikbaar
    Post-Run: 89.119.678.464 bytes beschikbaar
    .
    - - End Of File - - EF2476099A8DA442456F19C2A67939A8
    A36C5E4F47E84449FF07ED3517B43A31
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  20. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    Here we go (multiple parts)
    FRST part 1

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
    Ran by PETER (administrator) on PETER-PC on 09-06-2015 00:27:50
    Running from C:\Users\PETER\Downloads
    Loaded Profiles: PETER (Available Profiles: PETER)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Nederlands (Nederland)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    () C:\Program Files\Core Temp\Core Temp.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
    () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
    () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
    () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
    (CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
    () C:\Windows\System32\WTMKM.exe
    (Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    () C:\Windows\system\GfsMgr64.exe
    () C:\Windows\SysWOW64\GfsMgr.exe
    () C:\Program Files\Corsair Raptor HS40\CPL\CAHS40.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (NewSoft Technology Corporation) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Pmsb.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (SlySoft, Inc.) F:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    (Akamai Technologies, Inc.) C:\Users\PETER\AppData\Local\Akamai\netsession_win.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Akamai Technologies, Inc.) C:\Users\PETER\AppData\Local\Akamai\netsession_win.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
    (6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe
    (Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
    (Electronic Arts) F:\Program Files (x86)\Origin\Origin.exe
    (Dropbox, Inc.) C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (NewSoft Technology Corporation) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    () C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\avastui.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    (ScanSoft, Inc.) H:\Program Files (x86)\ScanSoft\OmniPagePro12.0\opware12.exe
    (CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
    (CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
    () H:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    () F:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    (TomTom) F:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    () F:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Windows\System32\atwtusb.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    () C:\Windows\System32\atwtusb.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
    HKLM\...\Run: [MacroKeyManager] => C:\Windows\system32\WTMKM.exe [6105832 2010-01-15] ()
    HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [SUNSTREAKERSound] => C:\Program Files\Corsair Raptor HS40\CPL\CAHS40.exe [1611264 2014-01-10] ()
    HKLM\...\Run: [SUNSTREAKERHS64] => C:\Windows\system\GfsMgr64.exe [286720 2013-04-25] ()
    HKLM\...\Run: [SUNSTREAKERHS] => C:\Windows\syswow64\GfsMgr.exe [204800 2013-04-25] ()
    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
    HKLM\...\Run: [iTunesHelper] => F:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [PMSpeed] => f:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE [112464 2009-12-04] (NewSoft Technology Corporation)
    HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [AutoEJCD_0ACE20FF] => C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE [40960 2013-02-13] ()
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
    HKLM-x32\...\Run: [BCSSync] => H:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => f:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Opware12] => H:\Program Files (x86)\ScanSoft\OmniPagePro12.0\Opware12.exe [49152 2002-08-01] (ScanSoft, Inc.)
    HKLM-x32\...\Run: [EaseUs Watch] => h:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
    HKLM-x32\...\Run: [EaseUs Tray] => h:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
    HKLM-x32\...\Run: [EaseUs TB Tray Agent] => h:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253512 2013-09-04] ()
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [QuickTime Task] => F:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7780696 2013-08-22] (Acronis)
    HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Scan Buttons] => f:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSB.EXE [202576 2009-12-09] (NewSoft Technology Corporation)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [AnyDVD] => F:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6287008 2012-08-16] (SlySoft, Inc.)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Akamai NetSession Interface] => C:\Users\PETER\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Wunderlist] => C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1867056 2014-03-20] (Sanford, L.P.)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [EADM] => F:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-03] (Electronic Arts)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
    Startup: C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-04-15]
    ShortcutTarget: Dropbox.lnk -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => f:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-23] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
    ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
    ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
    BootExecute:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
  21. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    FRST part 2

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> f:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-23] (Avast Software s.r.o.)
    BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> f:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File [ ]
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
    FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-09] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.0.5 -> f:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
    FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> f:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> H:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-01] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
    FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll [2014-08-04] (Synology)
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-17]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - f:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - f:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-08]

    Chrome:
    =======
    CHR Profile: C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-07]
    CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-07]
    CHR Extension: (Google Drive) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-07]
    CHR Extension: (Adblock Plus) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-07]
    CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-07]
    CHR Extension: (Bookmark Manager) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]
    CHR Extension: (Google Wallet) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-12]
    CHR HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\PETER\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-22]
    CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - f:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
    S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2013-02-25] (Autodesk)
    R2 avast! Antivirus; f:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
    R2 BankingTools_Import_Service; F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe [33280 2014-04-03] () [File not signed]
    R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
    R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
    R2 EaseUS Agent; h:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
    R2 Guard Agent; h:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    S3 Microsoft SharePoint Workspace Audit Service; H:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
    S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-03] (Electronic Arts)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()
    R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 TomTomHOMEService; F:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-12-19] (TomTom)
    R2 UsbClientService; f:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-01-04] () [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WTService; C:\Windows\System32\atwtusb.exe [665320 2010-01-27] () [File not signed]
    S3 AvastVBoxSvc; f:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
    S2 NPEService; "\\192.168.1.65\software\NPE.exe" /service [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
    R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
    S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
    S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
    R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-05-02] (SlySoft, Inc.)
    R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138360 2012-05-02] (SlySoft, Inc.)
    S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
    R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
    S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-23] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-23] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-23] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-23] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-23] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-23] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-23] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-23] ()
    S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1061888 2007-08-17] (Atheros Communications, Inc.)
    R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
    R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
    R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)
    S3 jakndis; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)
    R3 jakndisMP; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)
    S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-09] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
    R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
    S0 MtxDma0; C:\Windows\SysWOW64\drivers\MtxDma0.sys [182248 2002-07-10] (Matrox Electronic Systems Ltd.) [File not signed]
    R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [179752 2010-10-06] (Marvell Semiconductor, Inc.)
    S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
    R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    S3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [171144 2007-05-01] (Saitek)
    S3 SUNSTREAKER; C:\Windows\System32\DRIVERS\Sunstreaker.sys [388096 2013-08-07] (C-Media Inc.)
    R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-03-07] (Acronis International GmbH)
    R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-03-07] (Acronis)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-07] ()
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
    R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
    R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-03-07] (Acronis International GmbH)
    R3 ALSysIO; \??\C:\Users\PETER\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S1 EIO64; system32\DRIVERS\EIO64.sys [X]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S2 VBoxAswDrv; \??\f:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  22. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    FRST part 3



    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-09 00:27 - 2015-06-09 00:28 - 00047451 _____ C:\Users\PETER\Downloads\FRST.txt
    2015-06-08 23:14 - 2015-06-08 23:14 - 00044623 _____ C:\ComboFix.txt
    2015-06-08 22:45 - 2015-06-08 22:45 - 00000000 ____D C:\Users\PETER\AppData\Local\TempTaskUpdateDetection086A95E3-5088-41B7-9D7C-F5C7738E03DC
    2015-06-08 22:37 - 2015-06-08 23:14 - 00000000 ____D C:\Qoobox
    2015-06-08 22:37 - 2015-06-08 23:06 - 00000000 ____D C:\Windows\erdnt
    2015-06-08 22:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-06-08 22:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-06-08 22:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-06-08 22:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-06-08 22:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-06-08 22:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
    2015-06-08 22:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
    2015-06-08 22:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
    2015-06-08 22:24 - 2015-06-08 22:25 - 05628238 ____R (Swearware) C:\Users\PETER\Desktop\ComboFix.exe
    2015-06-08 21:19 - 2015-06-08 21:19 - 00000222 _____ C:\Users\PETER\Desktop\Crest.url
    2015-06-08 07:42 - 2015-06-08 08:10 - 00002482 _____ C:\Users\PETER\Desktop\JRT.txt
    2015-06-08 07:42 - 2015-06-08 07:42 - 00001182 _____ C:\Users\PETER\Desktop\JRT 2.txt
    2015-06-08 07:26 - 2015-06-08 02:23 - 02943232 _____ (Thisisu) C:\Users\PETER\Desktop\JRT.exe
    2015-06-08 00:27 - 2015-06-08 00:27 - 00000000 ____D C:\Users\PETER\Desktop\Systeem schonen
    2015-06-07 13:06 - 2015-06-07 13:06 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PETER-PC-Windows-7-Ultimate-(64-bit).dat
    2015-06-07 13:05 - 2015-06-07 13:05 - 00000000 ____D C:\RegBackup
    2015-06-06 13:30 - 2015-06-07 12:54 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-06-06 13:30 - 2015-06-06 13:53 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-06-05 14:10 - 2015-06-05 14:16 - 00015520 _____ C:\Users\PETER\Desktop\Feest T&P.xlsx
    2015-06-04 16:55 - 2015-06-04 16:55 - 00114856 _____ C:\Users\PETER\Downloads\Addition 1.txt
    2015-06-04 16:54 - 2015-06-04 16:55 - 00061869 _____ C:\Users\PETER\Downloads\FRST 1.txt
    2015-06-04 16:52 - 2015-06-09 00:27 - 00000000 ____D C:\FRST
    2015-06-04 16:52 - 2015-06-04 16:52 - 02108928 _____ (Farbar) C:\Users\PETER\Downloads\FRST64.exe
    2015-06-04 16:40 - 2015-06-04 16:40 - 01121785 _____ C:\Users\PETER\Downloads\ProcessExplorer.zip
    2015-06-04 16:33 - 2015-06-04 16:33 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-06-04 16:33 - 2015-06-04 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-06-04 16:33 - 2015-06-04 16:33 - 00000000 ____D C:\Program Files\CCleaner
    2015-06-04 16:28 - 2015-06-04 16:28 - 06549184 _____ (Piriform Ltd) C:\Users\PETER\Downloads\ccsetup506.exe
    2015-06-04 16:04 - 2015-06-04 16:27 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
    2015-06-04 16:03 - 2015-06-04 16:04 - 00000000 ____D C:\Program Files\Adware-Removal-Tool
    2015-06-04 16:00 - 2015-06-04 16:00 - 00753184 _____ C:\Users\PETER\Downloads\Adware-Removal-Tool-v3.9.1.exe
    2015-06-04 15:47 - 2015-06-04 15:47 - 00000446 _____ C:\Users\PETER\Downloads\teetimeics.ics
    2015-06-02 22:28 - 2015-06-02 22:28 - 00000000 _____ C:\autoexec.bat
    2015-06-02 22:27 - 2015-06-02 22:27 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\PETER\Downloads\SpyHunter-Installer.exe
    2015-06-02 08:14 - 2015-06-02 08:14 - 00002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
    2015-05-25 23:23 - 2015-05-25 23:23 - 00000000 ____D C:\Program Files\avast software
    2015-05-24 20:48 - 2015-05-24 20:48 - 00000000 ____D C:\ProgramData\Muzzy Lane Software
    2015-05-23 00:59 - 2015-05-23 00:59 - 06289130 _____ C:\Users\PETER\Downloads\mbam-chameleon-3.1.16.0 (1).zip
    2015-05-23 00:59 - 2015-05-23 00:59 - 00000000 ____D C:\Users\PETER\Downloads\Chameleon
    2015-05-23 00:58 - 2015-05-23 00:59 - 06289130 _____ C:\Users\PETER\Downloads\mbam-chameleon-3.1.16.0.zip
    2015-05-10 18:37 - 2015-05-10 18:37 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Greenshot
    2015-05-10 18:37 - 2015-05-10 18:37 - 00000000 ____D C:\Users\PETER\AppData\Local\Greenshot
    2015-05-10 18:37 - 2015-05-10 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-09 00:28 - 2009-07-14 11:16 - 00745764 _____ C:\Windows\system32\perfh013.dat
    2015-06-09 00:28 - 2009-07-14 11:16 - 00153716 _____ C:\Windows\system32\perfc013.dat
    2015-06-09 00:28 - 2009-07-14 07:13 - 01670960 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-06-09 00:26 - 2015-03-01 13:35 - 00005050 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PETER-PC-PETER PETER-PC
    2015-06-09 00:26 - 2014-06-01 00:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-06-09 00:26 - 2012-06-10 23:45 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-09 00:26 - 2012-04-08 09:21 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-09 00:26 - 2009-07-14 04:34 - 00000593 _____ C:\Windows\win.ini
    2015-06-08 23:30 - 2012-04-07 18:27 - 01194800 _____ C:\Windows\WindowsUpdate.log
    2015-06-08 23:27 - 2013-08-23 21:33 - 00000000 ____D C:\ProgramData\Origin
    2015-06-08 23:27 - 2012-05-10 21:47 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Dropbox
    2015-06-08 23:27 - 2012-05-04 17:05 - 00151552 _____ C:\Windows\KMSEmulator.exe
    2015-06-08 23:27 - 2012-05-04 17:05 - 00002982 _____ C:\Windows\System32\Tasks\AutoKMS
    2015-06-08 23:27 - 2012-05-04 17:05 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
    2015-06-08 23:26 - 2013-05-31 19:32 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-06-08 23:26 - 2012-07-18 22:54 - 00000000 ____D C:\Users\PETER\AppData\Roaming\.oit
    2015-06-08 23:26 - 2012-06-10 23:45 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-08 23:26 - 2012-04-07 18:34 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-06-08 23:26 - 2010-08-15 21:05 - 00000040 ___SH C:\ProgramData\.zreglib
    2015-06-08 23:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-08 23:26 - 2009-07-14 06:51 - 00236262 _____ C:\Windows\setupact.log
    2015-06-08 23:03 - 2009-07-14 06:45 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-08 23:03 - 2009-07-14 06:45 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-08 22:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
    2015-06-08 22:54 - 2012-04-07 20:50 - 01382742 _____ C:\Windows\PFRO.log
    2015-06-08 22:44 - 2012-04-07 18:26 - 00000000 ____D C:\Users\PETER
    2015-06-08 16:09 - 2014-08-26 20:37 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Skype
    2015-06-08 07:26 - 2014-06-14 08:57 - 00000000 ____D C:\Users\PETER\AppData\Local\Adobe
    2015-06-08 00:28 - 2012-04-26 21:35 - 00000000 ____D C:\Users\PETER\AppData\Local\Apple Computer
    2015-06-07 23:41 - 2015-01-06 19:01 - 00000000 ____D C:\Users\PETER\AppData\Local\CrashDumps
    2015-06-07 23:38 - 2014-05-31 23:41 - 00000000 ____D C:\AdwCleaner
    2015-06-07 14:04 - 2014-06-01 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-07 14:04 - 2014-06-01 00:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-06-07 14:00 - 2012-04-29 17:32 - 00000000 ____D C:\Users\PETER\AppData\Roaming\MediaMonkey
    2015-06-07 12:22 - 2015-05-05 22:43 - 00000001 _____ C:\Users\PETER\AppData\Roaming\update.dat
    2015-06-07 09:11 - 2012-07-15 23:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-06-06 14:46 - 2014-04-21 14:05 - 00000000 ____D C:\Users\PETER\Desktop\Bureaublad documenten
    2015-06-06 14:22 - 2012-04-07 17:27 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Adobe
    2015-06-05 20:29 - 2013-05-29 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-06-05 17:59 - 2014-08-26 20:37 - 00000000 ____D C:\ProgramData\Skype
    2015-06-04 16:14 - 2009-07-14 07:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-06-02 08:14 - 2012-05-08 18:54 - 00000000 ____D C:\Program Files (x86)\Google
    2015-05-28 15:33 - 2009-07-14 06:45 - 05379248 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-05-26 00:23 - 2012-04-07 18:41 - 00203344 _____ C:\Users\PETER\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-05-24 17:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-05-22 22:17 - 2013-04-21 21:46 - 00000000 ____D C:\Users\PETER\Desktop\Spellen
    2015-05-19 15:46 - 2015-03-01 13:15 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2015-05-18 21:37 - 2012-06-10 23:45 - 00004052 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-05-18 21:37 - 2012-06-10 23:45 - 00003800 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-05-16 09:06 - 2015-05-07 16:04 - 00000000 ____D C:\Users\PETER\AppData\Roaming\chportu
    2015-05-15 14:29 - 2013-02-24 22:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-05-12 16:31 - 2012-05-10 21:48 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

    ==================== Files in the root of some directories =======

    2014-04-27 21:53 - 2014-04-27 21:55 - 0052828 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
    2014-06-23 15:47 - 2014-06-23 15:47 - 0000272 _____ () C:\Users\PETER\AppData\Roaming\.backup.dm
    2012-11-21 08:50 - 2013-07-09 12:08 - 0000624 _____ () C:\Users\PETER\AppData\Roaming\All CPU MeterV3_Settings.ini
    2012-06-08 01:00 - 2012-06-08 02:14 - 0000412 _____ () C:\Users\PETER\AppData\Roaming\All CPU Meter_Settings.ini
    2013-04-17 21:04 - 2013-11-30 00:54 - 0000093 _____ () C:\Users\PETER\AppData\Roaming\ARCompanion.log
    2013-06-30 20:29 - 2015-01-23 19:51 - 0000839 _____ () C:\Users\PETER\AppData\Roaming\Drives Meter_Settings.ini
    2013-10-02 00:46 - 2015-03-27 15:27 - 0002310 _____ () C:\Users\PETER\AppData\Roaming\Rim.Desktop.Exception.log
    2013-10-02 00:41 - 2013-10-02 00:41 - 0001153 _____ () C:\Users\PETER\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2013-10-02 00:46 - 2015-03-27 15:27 - 0002310 _____ () C:\Users\PETER\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2013-10-02 00:50 - 2015-03-27 15:27 - 0002310 _____ () C:\Users\PETER\AppData\Roaming\Rim.Transcoder.Exception.log
    2015-05-05 22:43 - 2015-06-07 12:22 - 0000001 _____ () C:\Users\PETER\AppData\Roaming\update.dat
    2013-06-11 00:08 - 2013-06-11 00:08 - 0001456 _____ () C:\Users\PETER\AppData\Local\Adobe Save for Web 12.0 Prefs
    2012-10-16 18:44 - 2014-10-01 21:45 - 0023040 _____ () C:\Users\PETER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-05-03 21:38 - 2015-05-03 21:38 - 0000000 ___SH () C:\Users\PETER\AppData\Local\LumaEmu
    2013-11-21 17:50 - 2014-11-07 22:15 - 0007623 _____ () C:\Users\PETER\AppData\Local\resmon.resmoncfg
    2010-08-15 21:05 - 2015-06-08 23:26 - 0000040 ___SH () C:\ProgramData\.zreglib

    Some files in TEMP:
    ====================
    C:\Users\PETER\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpofofsn.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-03 00:20

    ==================== End of log ============================
     
  23. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    Addition.txt part 1:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
    Ran by PETER at 2015-06-09 00:28:41
    Running from C:\Users\PETER\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3467867667-3157156364-2699428233-500 - Administrator - Disabled)
    Gast (S-1-5-21-3467867667-3157156364-2699428233-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3467867667-3157156364-2699428233-1003 - Limited - Enabled)
    PETER (S-1-5-21-3467867667-3157156364-2699428233-1000 - Administrator - Enabled) => C:\Users\PETER

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Aangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version: - Belastingdienst)
    Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version: - Belastingdienst)
    Acronis True Image 2014 (HKLM-x32\...\{1F91344A-B963-4431-89E8-4F80DEE282BE}Visible) (Version: 17.0.5560 - Acronis)
    Acronis True Image 2014 (x32 Version: 17.0.5560 - Acronis) Hidden
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
    Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.11) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
    Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
    Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
    Advanced Archive Password Recovery (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Advanced Archive Password Recovery) (Version: 4.53 - ElcomSoft Co. Ltd.)
    AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games)
    AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.14 - ASUSTeK)
    Akamai NetSession Interface (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
    Alcatel PC Suite V7.0.40 (HKLM-x32\...\{93DB-0E9758B0D131_PCS_Alcatel_Union}_is1) (Version: - Singularity Software Co., Ltd.)
    Among Ripples (HKLM-x32\...\Steam App 341720) (Version: - Eat Create Sleep)
    Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
    AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.0.7.0 - SlySoft)
    AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)
    Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
    Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)
    Assassin's Creed Unity (HKLM-x32\...\Assassin's Creed Unity_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
    ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
    Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
    AutoCAD 2007 - English (HKLM-x32\...\{5783F2D7-5001-0409-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)
    Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)
    Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
    Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
    Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
    BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
    BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
    BlackBerry Device Manager 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research In Motion Ltd.)
    BlackBerry Device Manager 7.0 (x32 Version: 7.0.0.40 - Research In Motion Ltd.) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    calibre 64bit (HKLM\...\{EB3D23E3-91A7-46A0-9D7F-698151973A41}) (Version: 2.12.0 - Kovid Goyal)
    Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
    Capsized (HKLM-x32\...\Steam App 95300) (Version: - Alientrap Games Inc)
    Cashflow 4.3 (HKLM-x32\...\{387962FD-1BDE-41CB-9DBC-16BBDCD56CA2}) (Version: 4.3.20.20 - BankingTools)
    Cashflow 5 (HKLM-x32\...\{19bf98d8-43fd-4ed1-a269-96ea37fba88f}) (Version: 5.0.4.0 - BankingTools)
    Cashflow 5 (x32 Version: 5.0.4.0 - BankingTools) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
    CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
    Cities - Skylines (HKLM-x32\...\Cities - Skylines_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
    ClickAid (HKLM-x32\...\ClickAid) (Version: - )
    Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version: - EA Los Angeles)
    Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
    Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
    Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
    Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
    Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation)
    CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
    CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
    Corsair Raptor HS40 (HKLM-x32\...\{B77575BE-73DB-43C6-A555-82BB713BCB79}) (Version: - Corsair Components, Inc.)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    Crest (HKLM-x32\...\Steam App 341710) (Version: - Eat Create Sleep)
    DDPB (HKLM-x32\...\{748590DB-44CD-48D2-8585-2496BBFE919F}) (Version: 1.0.9 - DauDen.vn)
    De Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
    De Sims™ 3 Creëer een Wereld-tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)
    De Sims™ 3 Jaargetijden (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
    De Sims™ 3 Levensweg (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
    De Sims™ 3 Wereldavonturen (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
    De Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.625.10 - Electronic Arts Inc.)
    De Sims™ 4 Creëer-een-Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Dropbox (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
    DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)
    EaseUS Todo Backup Free 6.5 (HKLM-x32\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
    Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.8 - Poikosoft)
    EPSON BX620FWD Series Handboek (HKLM-x32\...\EPSON BX620FWD Series Manual) (Version: - )
    EPSON BX620FWD Series Printer Uninstall (HKLM\...\EPSON BX620FWD Series) (Version: - SEIKO EPSON Corporation)
    Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
    Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
    Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
    Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
    EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)
    FFmpeg (Windows) for Audacity versie 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
    Folder Size 2.0.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1) (Version: 2.0.0.0 - MindGems, Inc.)
    Game Dev Tycoon v1.4.13 (HKLM-x32\...\Game Dev Tycoon v1.4.131.4.13) (Version: 1.4.13 - Friends in War)
    Ghost Master (HKLM-x32\...\Steam App 6200) (Version: - Sick Puppies)
    Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
    Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
    Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
    HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    HP Color LaserJet CP1210 Series (HKLM\...\HP Color LaserJet CP1210 Series) (Version: - )
    HP Color LaserJet CP1210 Series Toolbox (HKLM\...\{F323676A-B911-4B57-827F-32D02DCD4971}) (Version: 1.0.21 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
    HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Uw bedrijfsnaam)
    iBomber Attack Demo (HKLM-x32\...\Steam App 224800) (Version: - )
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    iExplorer 3.2.2.4 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
    iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - )
    Insider Tales - Vanished in Rome (HKLM-x32\...\Denda Games Insider Tales - Vanished in Rome) (Version: 1.0.0.0 - Denda Games)
    Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    Intrusion 2 (HKLM-x32\...\Steam App 214970) (Version: - Aleksey Abramenko)
    IPCMonitor_en version 1.0.1.2 (HKLM-x32\...\{8EC13308-5065-43FA-A5E8-E225F18DAB89}_is1) (Version: 1.0.1.2 - IPCMonitor, Inc.)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    Jaksta Streaming Media Recorder (4.4.5) (HKLM-x32\...\Jaksta Streaming Media Recorder) (Version: 4.4.5 - Jaksta Technologies)
    Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Little Inferno (HKLM-x32\...\Steam App 221260) (Version: - Tomorrow Corporation)
    MacroKey Manager (HKLM-x32\...\InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}) (Version: - )
    MacroKey Manager (Version: 1.00.0000 - Uw bedrijfsnaam) Hidden
    MagicBerry for Blackberry version 3.5 (HKLM-x32\...\{404CBB42-3EF1-4ECF-BFBD-A557807CBF3B}_is1) (Version: 3.5 - Mena Step Innovative Solutions (Ashraf Awwad))
    Making History: The Calm & The Storm Demo (HKLM-x32\...\Steam App 6260) (Version: - Muzzy Lane)
    Malwarebytes Anti-Malware versie 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    marvell 61xx (HKLM-x32\...\mv61xxDriver) (Version: 1.2.0.7600 - Marvell)
    Matrox Imaging Products (HKLM-x32\...\Matrox Imaging Products) (Version: - )
    MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
    MediaMonkey Gold (HKLM-x32\...\MediaMonkey Gold4) (Version: 4 - MediaMonkey Gold)
    MediaMonkey Gold Cracked (HKLM-x32\...\MediaMonkey Gold Cracked2012) (Version: 2012 - MediaMonkey Gold Cracked)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
    Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
    Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 15.0.4719.1002 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
    Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Mp3tag v2.54 (HKLM-x32\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.1 - MusicBrainz)
    Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
    NavDesk 7.50 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50) (Version: 7.50.0109.128 - Navman Technology NZ Limited)
    NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
    Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
    Netwerkhandleiding EPSON BX620FWD Series (HKLM-x32\...\EPSON BX620FWD Series Network Guide) (Version: - )
    NL2000V4_installer (HKLM-x32\...\{0372FD44-1579-45C9-96E9-4B2CAEE8BF84}) (Version: 4.0.20 - NL2000)
    NVIDIA 3D Vision controllerstuurprogramma 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA 3D Vision stuurprogramma 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
    NVIDIA Grafisch stuurprogramma 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA HD Audio-stuurprogramma 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
    NVIDIA PhysX systeemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
    Offline Rekening Overzicht (HKLM-x32\...\{80D2DAFC-A65D-4317-8A75-15286181EC23}) (Version: 1.0.2.0 - J.J.F. Verhaag)
    Oil Rush (HKLM-x32\...\Steam App 200390) (Version: - Unigine Corp.)
    OmniPage Pro 12.0 (HKLM-x32\...\{0DDFF679-AEDE-4BD3-8B56-0180A96BD1A7}) (Version: 12.00.0000 - ScanSoft, Inc.)
    ONE TOUCH Upgrade (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Communication Technology Holdings Limited)
    Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
    Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
    Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
    Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
    Palringo (HKLM-x32\...\Palringo) (Version: - Palringo Limited)
    Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)
    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Philips Wireless Music Receiver Utility (HKLM-x32\...\ST6UNST #1) (Version: - )
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    plist Editor for Windows 1.0.2 (HKLM-x32\...\plist Editor for Windows) (Version: 1.0.2 - VOWSoft,Ltd.)
    plist Editor Pro 2.0.0 (HKLM-x32\...\plist Editor Pro) (Version: 2.0.0 - VOWSoft, Ltd.)
    Popcorn Time (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Popcorn Time) (Version: - Popcorn Official)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
    Presto! PageManager 9.00.11 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.00.11 - Newsoft Technology Corporation)
    Primal Carnage (HKLM-x32\...\Steam App 215470) (Version: - )
    Print To Go 2.0 (HKLM-x32\...\Print_To_Go) (Version: 2.0.110.0 - Uw bedrijfsnaam)
    Print To Go 2.0 (x32 Version: 2.0.110.0 - Uw bedrijfsnaam) Hidden
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
    PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
    Replay Media Catcher 4 (4.3.2) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.2 - Applian Technologies)
    ScanSoft RealSpeak (HKLM-x32\...\{031C88EF-4EA5-4A9D-A77D-857A914CAFA5}) (Version: 12.00.0000 - ScanSoft Inc.)
    Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shelter 2 (HKLM-x32\...\Steam App 275100) (Version: - Might and Delight)
    SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
    Should I Remove It (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
    SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
    SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )
    Sims 4 by BuZeR version final (HKLM-x32\...\{ED118F10-E516-4245-160F-6213F508F71F}_is1) (Version: final - )
    SKTimeStamp (HKLM\...\{EED7256E-46F0-4C1D-89E4-BD2A0595FEBF}) (Version: 1.3.3 - Stefans Tools)
    Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
    SmartDraw 2012 (HKLM-x32\...\SmartDraw 2012) (Version: - SmartDraw.com)
    SmartDraw 2013 (HKLM-x32\...\SmartDraw 2013) (Version: - SmartDraw.com)
    SPORE™ Anthology RePack by SxSxL (HKLM-x32\...\SPORE™ Anthology_is1) (Version: 1.05.0001 - )
    Spy EasyUpdate (HKLM-x32\...\InstallShield_{38FF3704-9DAD-44E2-A15D-9C6BD1901D65}) (Version: 1.33.0407 - SPY)
    Spy EasyUpdate (x32 Version: 1.33.0407 - SPY) Hidden
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Steinberg WaveLab (HKLM-x32\...\Steinberg WaveLab6) (Version: 6 - Steinberg WaveLab)
    Subnautica (HKLM-x32\...\Steam App 264710) (Version: - Unknown Worlds Entertainment)
    Subtitle Edit 3.2.8 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.2.8.1220 - Nikse)
    SurveillancePlugin (HKLM-x32\...\{B4637DBD-7E8E-46D4-BC9C-EC1C9F1DC561}) (Version: 1.0.0.423 - Synology)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Syncios versie 2.0.6 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 2.0.6 - Anvsoft, Inc.)
    Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
    System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
    System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
    Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
    The Plan (HKLM-x32\...\Steam App 250600) (Version: - Krillbite Studio)
    Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)
    Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.03 - Ubisoft)
    TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Uw bedrijfsnaam)
    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
    Utility (x32 Version: 1.00.0002 - Uw bedrijfsnaam) Hidden
    ViceVersa Pro 2.5 64-bit (Build 2502) (HKLM\...\ViceVersa Pro 2.5_is1) (Version: 2 - TGRMN Software)
    Visual Similarity Duplicate Image Finder Corporate 4.2.0.1 (HKLM-x32\...\{72D6BE71-2A6F-4D01-809E-A3174D1738A0}_is1) (Version: 4.2.0.1 - MindGems, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
    WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
    Windows Driver Package - Prolific (Ser2pl) Ports (03/12/2010 3.3.11.152) (HKLM\...\1368C87DCBC1A47DB78AD625B2C7E102AF9F447F) (Version: 03/12/2010 3.3.11.152 - Prolific)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
    Wunderlist (HKLM-x32\...\{05005782-A2CD-4EF9-B838-C3B00FED2412}) (Version: 3.2.1.1 - 6 Wunderkinder GmbH)
    Wunderlist (HKLM-x32\...\{1ca68332-4ba1-4943-9010-eaa1aa45b492}) (Version: 2.3.0.31 - 6 Wunderkinder GmbH)
    Wunderlist (x32 Version: 2.3.0.31 - 6 Wunderkinder GmbH) Hidden
    Xilisoft iPod Rip (HKLM-x32\...\Xilisoft iPod Rip) (Version: 5.4.10.20130320 - Xilisoft)
    XviD MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version: - XviD Development Team)
    Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
    Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    08-06-2015 22:34:47 Voor combofix

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-06-08 22:49 - 2015-06-08 22:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00062427-1F11-4946-ACAF-971366C6390E} - \GPUpdateCheck No Task File <==== ATTENTION
    Task: {054C3F8F-3C8D-4997-BE9E-DE87E0EB4356} - System32\Tasks\avast! Emergency Update => f:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.)
    Task: {09261BDD-5A90-4CB5-9CB0-92976F64F954} - System32\Tasks\{987AA731-C4F4-4880-9E40-A27D08442C09} => C:\Users\PETER\Desktop\mcedit.exe
    Task: {1A222DF8-C9D1-4032-8668-5CE98020625A} - System32\Tasks\avastBCLRestartS-1-5-21-3467867667-3157156364-2699428233-1000 => Chrome.exe
    Task: {2169A842-E2A7-4BDA-9298-7ABA8CCE5BD2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
    Task: {237ACA19-AFC7-4E33-AA4D-25D3C86C1E9E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {43507FE9-5007-4D09-AAF5-A402B18035CC} - System32\Tasks\{EFB4BAC0-49EE-4629-ACB4-784E5B7C047A} => pcalua.exe -a G:\Sims3Setup.exe -d G:\
    Task: {5103D209-95B4-4AB1-B7D2-BD50BA918E18} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
    Task: {55676619-6742-41E5-B2A0-DA9AEE8ADC46} - System32\Tasks\{84199BFE-F4BE-47AC-A700-6EF83A1D9340} => F:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [2007-05-11] (Microsoft Corp.)
    Task: {5C07C886-689E-4FE9-B399-20988EA1828D} - System32\Tasks\{2EB0EDA3-300B-4D00-8365-7121B7238563} => pcalua.exe -a C:\Users\PETER\Downloads\DLS8Setup.8.5.1.exe -d C:\Users\PETER\Downloads
    Task: {6CF87493-211D-4915-9C0D-E0813F011329} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
    Task: {6D23F2FB-5D87-405E-93AA-2E6E3F0FD676} - System32\Tasks\AdobeAAMUpdater-1.0-PETER-PC-PETER => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
    Task: {71D275FF-1E23-48C5-8D02-92E5763BF4EF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
    Task: {76BA195A-1A61-4087-8D2C-A862B8361ABE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
    Task: {7A2EB2DA-A2C7-4208-A5AA-CAEB34243122} - System32\Tasks\{4F6292D1-D0B7-4130-A106-A7B64B814B73} => pcalua.exe -a D:\setup.exe -d D:\
    Task: {7D8C42F7-71B1-43D6-B046-B1D9D5ED4BDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)
    Task: {86C7192E-2179-4A46-BE28-C9024AD07030} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PETER-PC-PETER PETER-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
    Task: {88E6B132-B394-4031-AAED-0387C056E446} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
    Task: {8C7CE49C-84C9-4BAB-9FD2-6C09FCDF45D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
    Task: {8E236520-8A6E-49AD-89F1-C0D193F198BC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {8F546D21-542A-4ED9-8177-178F4ACF1170} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
    Task: {A3671559-5715-41B6-94BC-45D213D07C81} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
    Task: {AB7730AC-C901-4369-8FB0-FE1C0C5BEE1D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
    Task: {B2E8F254-BC04-45F0-B8F5-92DF5E4B061C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-05-04] ()
    Task: {BB861009-ACA9-4EAA-8349-F2823E57A8E8} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe
    Task: {BE9D1902-EA3D-4F06-AF30-B5DE28EF2964} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)
    Task: {C711643B-3D60-413C-8E1D-F5F9EE3BFF22} - System32\Tasks\Core Temp Autostart PETER => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
    Task: {C7C3D25D-0B67-4B4D-B12E-C850EB533167} - System32\Tasks\{715E8390-AA93-4D41-91A4-A65996FA9886} => pcalua.exe -a "F:\Program Files (x86)\Middle Earth Shadow of Mordor\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "F:\Program Files (x86)\Middle Earth Shadow of Mordor\_CommonRedist\vcredist\2010"
    Task: {CB5646F3-5ECF-411D-A901-FC94FA254193} - System32\Tasks\ASUS\ASUS AiChargerPlus Execute => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [2010-11-08] (ASUSTek Computer Inc.)
    Task: {D0A53063-BB3B-43B9-B9D1-0454F5A50943} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
    Task: {D799CB6B-1CE2-4945-B79C-09D6A0BF3592} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {DB152F2D-6810-46B1-8DED-78BAF59633C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
    Task: {F1A98632-2A4C-406A-8CD6-CA6DF5A00BE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {F48FB331-A186-4D70-9970-14F53238A981} - System32\Tasks\{D0E9A8DE-5013-4D63-820D-245884D5BFB1} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe"
    Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
  24. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    Addition.txt part 2

    ==================== Loaded Modules (Whitelisted) ==============

    2014-03-11 11:05 - 2014-11-12 23:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2012-06-08 01:40 - 2012-01-25 14:59 - 00848336 _____ () C:\Program Files\Core Temp\Core Temp.exe
    2010-11-03 11:30 - 2010-11-03 11:30 - 00918144 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
    2010-12-02 04:15 - 2010-12-02 04:15 - 00915584 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
    2012-04-07 17:27 - 2010-10-21 11:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
    2013-07-25 16:21 - 2014-04-03 10:44 - 00033280 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe
    2013-07-25 16:09 - 2014-01-30 19:52 - 00238080 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\Topshelf.dll
    2013-07-25 16:12 - 2014-03-28 13:27 - 00015360 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\Invers.Cwm.Import.SNSBank.dll
    2013-07-25 16:10 - 2014-03-28 13:27 - 00005632 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\Invers.Cwm.Import.AXABank.dll
    2015-03-01 13:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2010-01-15 08:05 - 2010-01-15 08:05 - 06105832 _____ () C:\Windows\System32\WTMKM.exe
    2015-01-25 11:16 - 2013-04-25 06:16 - 00286720 ____N () C:\Windows\system\GfsMgr64.exe
    2015-01-25 11:16 - 2013-04-25 06:16 - 00204800 ____N () C:\Windows\SysWOW64\GfsMgr.exe
    2015-01-25 11:16 - 2014-01-10 08:13 - 01611264 ____N () C:\Program Files\Corsair Raptor HS40\CPL\CAHS40.exe
    2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-06-30 20:27 - 2013-06-30 20:27 - 00012520 _____ () C:\Users\PETER\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
    2013-06-30 20:27 - 2013-06-30 20:27 - 00015080 _____ () C:\Users\PETER\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
    2013-06-30 20:27 - 2013-06-30 20:27 - 00014056 _____ () C:\Users\PETER\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
    2014-11-09 13:31 - 2014-11-09 13:31 - 01672704 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveUI\666d557e394b3b85bce3ae699946817e\ReactiveUI.ni.dll
    2014-04-27 20:58 - 2014-04-27 20:58 - 00035328 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Wunderkinde6f42a4a9#\a03d5c47c984346008ba13e9c563a958\Wunderkinder.Wunderlist.Data.Realtime.ni.dll
    2014-11-09 13:31 - 2014-11-09 13:31 - 00529408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Akavache.Portable\98c66719d8e468f7da71a684a3b5b75f\Akavache.Portable.ni.dll
    2014-11-09 13:31 - 2014-11-09 13:31 - 00050176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Wunderkinded9c6edae#\6fe7a413a861fd42508636309dbedad7\Wunderkinder.Wunderlist.Presentation.ni.dll
    2013-02-13 01:37 - 2013-02-13 01:37 - 00040960 _____ () C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
    2015-05-08 20:50 - 2015-05-08 20:50 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1043.dll
    2014-12-03 12:06 - 2013-09-04 11:59 - 00253512 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
    2010-02-03 15:36 - 2010-02-03 15:36 - 00087488 _____ () F:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
    2013-12-21 18:03 - 2013-12-21 23:51 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2013-01-04 08:25 - 2013-01-04 08:25 - 00248704 _____ () f:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
    2010-01-27 10:27 - 2010-01-27 10:27 - 00665320 _____ () C:\Windows\System32\atwtusb.exe
    2010-01-27 10:27 - 2010-01-27 10:27 - 00665320 _____ () C:\Windows\system32\atwtusb.exe
    2015-04-23 22:04 - 2015-04-23 22:04 - 00104400 _____ () f:\Program Files\AVAST Software\Avast\log.dll
    2015-04-23 22:04 - 2015-04-23 22:04 - 00081728 _____ () f:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-06-08 22:31 - 2015-06-08 22:31 - 02952192 _____ () f:\Program Files\AVAST Software\Avast\defs\15060801\algo.dll
    2012-04-07 17:26 - 2015-06-08 23:26 - 00020992 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
    2012-04-07 17:26 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00098888 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
    2014-12-03 12:06 - 2013-11-14 14:59 - 00031304 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
    2014-12-03 12:06 - 2008-11-25 17:18 - 01291264 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
    2014-12-03 12:06 - 2004-10-05 03:08 - 00055808 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00029768 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00050248 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
    2014-12-03 12:06 - 2014-01-13 18:06 - 00105544 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00030280 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00293960 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00578632 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00468040 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00192072 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
    2014-12-03 12:06 - 2013-12-23 11:01 - 00281672 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00068680 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00069192 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00022600 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00115784 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00192584 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00135752 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
    2014-12-03 12:06 - 2013-10-22 17:31 - 00037960 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00135240 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
    2014-12-03 12:06 - 2013-12-24 17:42 - 00017992 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00096840 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
    2012-04-07 17:28 - 2009-05-21 04:14 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
    2012-04-07 17:28 - 2009-05-21 10:14 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
    2012-07-18 22:51 - 2009-07-08 14:23 - 00057344 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PerformOcr.dll
    2012-07-18 22:51 - 2009-12-04 17:21 - 00057344 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMISM.dll
    2012-07-18 22:51 - 2009-11-20 13:20 - 00147456 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMCommon.dll
    2012-07-18 22:51 - 2008-08-25 17:19 - 00069632 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PHooKDlg.dll
    2012-07-18 22:52 - 2007-03-30 10:24 - 00104528 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Qem.dll
    2012-07-18 22:51 - 2009-12-08 10:51 - 00151552 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ScanModule.dll
    2012-07-18 22:51 - 2009-09-02 09:25 - 00098304 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\CategoryManager.dll
    2012-07-18 22:51 - 2009-11-27 17:50 - 00135168 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSet.dll
    2012-07-18 22:51 - 2009-12-18 19:10 - 00086016 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSave.dll
    2012-07-18 22:51 - 2009-10-16 15:04 - 00614400 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDB_N.dll
    2012-07-18 22:51 - 2009-08-06 10:22 - 00421888 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\FT.dll
    2012-07-18 22:51 - 2009-12-18 16:12 - 00061440 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMINSO.dll
    2012-07-18 22:51 - 2009-09-09 14:44 - 00151552 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMANO.dll
    2012-07-18 22:51 - 2007-03-30 09:49 - 00104528 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ComClass.dll
    2012-07-18 22:51 - 2007-12-20 14:37 - 00176128 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\DocCate.dll
    2012-07-18 22:51 - 2009-12-07 13:55 - 00253952 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMScnSet.dll
    2012-07-18 22:51 - 2009-11-26 17:49 - 00081920 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NetFun2k.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-04-23 18:30 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-01-25 16:26 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-01-25 16:26 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-01-25 16:26 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2014-05-22 07:38 - 2015-06-04 20:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
    2014-09-06 21:07 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2014-09-06 21:07 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2014-09-06 21:07 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2014-09-06 21:07 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2014-09-06 21:07 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2013-05-03 15:35 - 2015-06-04 20:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2014-03-20 22:50 - 2014-03-20 22:50 - 00093696 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
    2014-02-08 08:53 - 2015-06-03 00:02 - 01007104 _____ () F:\Program Files (x86)\Origin\platforms\qwindows.dll
    2014-02-08 08:53 - 2015-06-03 00:02 - 00023552 _____ () F:\Program Files (x86)\Origin\imageformats\qgif.dll
    2014-02-08 08:53 - 2015-06-03 00:02 - 00024576 _____ () F:\Program Files (x86)\Origin\imageformats\qico.dll
    2014-02-08 08:53 - 2015-06-03 00:02 - 00216576 _____ () F:\Program Files (x86)\Origin\imageformats\qjpeg.dll
    2014-02-08 08:53 - 2015-06-03 00:02 - 00261120 _____ () F:\Program Files (x86)\Origin\imageformats\qmng.dll
    2014-02-08 08:53 - 2015-06-03 00:02 - 00019456 _____ () F:\Program Files (x86)\Origin\imageformats\qtga.dll
    2014-02-08 08:53 - 2015-06-03 00:02 - 00337408 _____ () F:\Program Files (x86)\Origin\imageformats\qtiff.dll
    2014-02-08 08:53 - 2015-06-03 00:02 - 00018944 _____ () F:\Program Files (x86)\Origin\imageformats\qwbmp.dll
    2015-06-08 23:26 - 2015-06-08 23:26 - 00043008 _____ () c:\users\peter\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpofofsn.dll
    2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2012-07-18 22:51 - 2008-11-17 14:56 - 00102400 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\nsSign.dll
    2012-07-18 22:51 - 2009-12-07 11:07 - 00352256 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMTree.dll
    2012-07-18 22:51 - 2008-12-12 16:52 - 00106496 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMProp.dll
    2012-07-18 22:51 - 2007-08-31 17:51 - 00040960 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMVoice.dll
    2012-07-18 22:51 - 2008-12-12 17:00 - 00073728 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\OutlookVBA.dll
    2012-07-18 22:51 - 2009-11-27 17:38 - 00331776 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAppBar.dll
    2012-07-18 22:51 - 2009-12-04 17:21 - 04567040 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMView.dll
    2012-07-18 22:51 - 2007-03-30 10:01 - 00038992 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NsOEMKey.dll
    2012-07-18 22:51 - 2009-11-11 17:21 - 00450560 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPageVW.dll
    2012-07-18 22:51 - 2009-11-11 17:20 - 00098304 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDocVW.dll
    2012-07-18 22:51 - 2009-06-26 09:03 - 00086016 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMApSet.dll
    2012-07-18 22:51 - 2009-11-20 11:30 - 01032192 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\SlideBarDLL.dll
    2012-07-18 22:51 - 2009-12-04 17:20 - 00323584 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAnoSet.dll
    2012-07-18 22:51 - 2009-11-09 18:35 - 00184320 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImgVW.dll
    2012-07-18 22:51 - 2008-08-25 16:16 - 00040960 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMIEVW.dll
    2012-07-18 22:51 - 2009-07-14 13:25 - 00040960 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPDFView.dll
    2012-07-18 22:51 - 2009-10-22 17:50 - 00065536 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMStatus.dll
    2012-07-18 22:51 - 2007-03-30 09:57 - 00034896 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Import.dll
    2012-07-18 22:51 - 2008-04-24 10:46 - 00086016 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImageSplitter.dll
    2012-04-07 17:27 - 2010-12-02 17:28 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
    2012-04-07 17:27 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
    2012-04-07 17:27 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
    2012-04-07 17:27 - 2010-11-08 19:10 - 00872960 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
    2012-04-07 17:27 - 2010-10-15 17:40 - 01031680 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
    2012-04-07 17:27 - 2010-11-19 10:53 - 00963584 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
    2012-04-07 17:28 - 2010-12-01 12:33 - 01244672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
    2012-04-07 17:28 - 2011-01-06 10:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
    2012-04-07 17:27 - 2010-09-27 20:51 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
    2012-04-07 17:27 - 2010-09-27 20:51 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
    2012-04-07 17:27 - 2010-11-19 10:55 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
    2012-04-07 17:27 - 2010-08-06 18:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
    2012-04-07 17:27 - 2010-08-06 18:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
    2012-04-07 17:26 - 2010-08-23 04:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll
    2013-03-26 16:16 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2015-04-23 22:04 - 2015-04-23 22:05 - 40540672 _____ () F:\Program Files\AVAST Software\Avast\libcef.dll
    2015-04-23 22:04 - 2015-04-23 22:04 - 00104400 _____ () F:\Program Files\AVAST Software\Avast\log.dll
    2015-04-23 22:04 - 2015-04-23 22:04 - 00081728 _____ () F:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2014-12-03 12:06 - 2013-09-04 11:19 - 00098888 _____ () H:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
    2014-12-03 12:06 - 2013-09-04 11:57 - 00222792 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll
    2014-12-03 12:06 - 2013-09-04 11:57 - 00275528 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll
    2014-12-03 12:06 - 2013-08-15 09:18 - 00113166 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll
    2014-12-03 12:06 - 2013-08-22 17:13 - 00249928 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll
    2012-09-23 20:44 - 2012-09-23 20:44 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\nl_nl\acrotray.nld
    2013-08-22 12:38 - 2013-08-22 12:38 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
    2013-08-22 12:38 - 2013-08-22 12:38 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
    2012-04-07 17:27 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
    2013-08-22 12:41 - 2013-08-22 12:41 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
    2015-05-26 08:59 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
    2015-05-26 08:59 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\PETER\AppData\Local\Temp:LmAjdtQQ1dSkIKvgkIP09sgjs
    AlternateDataStreams: C:\Users\PETER\AppData\Local\Temporary Internet Files:fOBqou0JeYgRSHjpJLl8PRUU
    AlternateDataStreams: C:\Users\PETER\AppData\Local\Wqh8DMoH:h8nv3BQO5rAsx7BcRHtSb

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: avast! Antivirus => 2
    MSCONFIG\startupreg: avast => "f:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
     
  25. Pjotr31

    Pjotr31 TS Rookie Topic Starter Posts: 23

    Addition.txt part 3

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{27A73A8E-8DBF-4795-8135-A15E4CB455BE}C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe] => (Allow) C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe
    FirewallRules: [UDP Query User{F7AEC6C1-64C4-4E0D-8677-CEB875EC3D81}C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe] => (Allow) C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe
    FirewallRules: [TCP Query User{0B17D3D1-89E1-42A3-B5EB-CFE7B015E26D}F:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) F:\program files (x86)\synology\assistant\dsassistant.exe
    FirewallRules: [UDP Query User{8DAA733C-0E93-4A59-85AF-9EEEE22F81D2}F:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) F:\program files (x86)\synology\assistant\dsassistant.exe
    FirewallRules: [{C6FD8151-B4D1-4A22-AB76-9EF1D25B4379}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe
    FirewallRules: [{23A954D6-8A72-4C7D-948C-46F377E3671E}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe
    FirewallRules: [{92B84CD9-395D-421E-B744-0949177EB45C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{07B36B45-A3C0-4671-B44C-8F954ECBD5EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{D5AE1E9E-EA62-4544-9A96-6FE5C4A067FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E3A0D677-CA90-40D7-8C36-ECF5FB8B915E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{6A49E4B2-C60E-4BDA-A575-8CAD9FC5FBD5}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
    FirewallRules: [UDP Query User{0F23E57C-29D9-4458-9FB7-74E88CE46578}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
    FirewallRules: [{D291499E-8C23-49AD-9CD7-7691FDB72F17}] => (Allow) C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{78CEEE0C-E87B-422B-9F2B-1BECD1ADEC3E}] => (Allow) C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{0B162A81-5777-466B-9962-E32CE42C85A3}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Block) F:\Program Files (x86)\mediamonkey\mediamonkey.exe
    FirewallRules: [UDP Query User{A28E22B2-29CF-4056-A085-8C8BDB4F4691}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Block) F:\Program Files (x86)\mediamonkey\mediamonkey.exe
    FirewallRules: [{58B73435-A7AD-4B79-B6FB-EE81DED5A260}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
    FirewallRules: [{473DD8DC-DF30-4BDA-AB31-38F5284AAFCB}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
    FirewallRules: [{342AAFEE-3FB2-47A7-B16E-77AF4401CA75}] => (Allow) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\LicenseCheck.exe
    FirewallRules: [{1E643EA1-FF15-4D15-AD4E-38FC0A6AD334}] => (Allow) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\LicenseCheck.exe
    FirewallRules: [TCP Query User{8603AC8B-9EA2-4457-A106-BA029E012E3A}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peter\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{7C2E3E67-2D25-4B67-BD2C-88E7D181C38F}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peter\appdata\local\akamai\netsession_win.exe
    FirewallRules: [{45FF855D-8BF5-48C3-BA74-AD420F944E8E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{45DF2001-4E8D-46D4-8653-B4572AD353C3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [TCP Query User{CA767D67-084C-42BA-90BA-D22B2575FBF2}F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe] => (Allow) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe
    FirewallRules: [UDP Query User{950F6719-ECA2-4804-AD54-0DBA770C8768}F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe] => (Allow) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe
    FirewallRules: [{680449C8-AFC6-4A93-B4F1-39CC4E5083D5}] => (Block) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe
    FirewallRules: [{9D7038A5-AD5E-4053-A85D-63C1933D06F3}] => (Block) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe
    FirewallRules: [TCP Query User{9BBA7FAE-5818-4132-B2F7-9CDA527D3E99}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
    FirewallRules: [UDP Query User{FA83606C-EE3B-4764-9BF2-35B823126AC5}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
    FirewallRules: [TCP Query User{67C70BB8-F163-4A98-89E4-039CAC26D9FA}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{61C3A176-4DAA-48AC-85E7-BCBEAADF3F8F}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [TCP Query User{70938B3D-8056-4BAF-87B7-3910B5B1C9D7}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\peter\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{18DD193C-0963-420C-8260-0268A850405B}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\peter\appdata\local\akamai\netsession_win.exe
    FirewallRules: [TCP Query User{FEB4C52E-72EC-42E0-BD82-ECD3E9D80AED}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
    FirewallRules: [UDP Query User{270E5A61-677C-46BD-B71C-2C6174872EA2}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
    FirewallRules: [TCP Query User{D0AAEFCC-D7A9-4D57-B320-E4FB560E2077}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{192D84B2-DDE3-4BBB-B58A-91CEFBB5F800}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [TCP Query User{95D11C2E-4A1A-4E3F-A25C-6B8E95C539A4}F:\Program Files (x86)\orbitdownloader\orbitnet.exe] => (Allow) F:\Program Files (x86)\orbitdownloader\orbitnet.exe
    FirewallRules: [UDP Query User{F8F2D8D9-7ADC-4889-BA07-97266F881A73}F:\Program Files (x86)\orbitdownloader\orbitnet.exe] => (Allow) F:\Program Files (x86)\orbitdownloader\orbitnet.exe
    FirewallRules: [TCP Query User{846A7AF8-041F-4362-BBB9-5B7421549EC1}F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe] => (Block) F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe
    FirewallRules: [UDP Query User{133F23DB-EE4F-487D-BF4F-3F638A49D7B7}F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe] => (Block) F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe
    FirewallRules: [TCP Query User{3DC95A7C-2E54-4A50-B13C-000010E7C341}F:\Program Files (x86)\parallel password recovery\run_server.exe] => (Block) F:\Program Files (x86)\parallel password recovery\run_server.exe
    FirewallRules: [UDP Query User{9606A9FD-7B80-449D-9D3F-B3471E995FF5}F:\Program Files (x86)\parallel password recovery\run_server.exe] => (Block) F:\Program Files (x86)\parallel password recovery\run_server.exe
    FirewallRules: [TCP Query User{9D341BDA-B1AB-4669-BDAB-F85017AA60FD}F:\Program Files (x86)\musicbrainz picard\picard.exe] => (Allow) F:\Program Files (x86)\musicbrainz picard\picard.exe
    FirewallRules: [UDP Query User{2653BCD1-6DC7-41F6-8917-1F715955089D}F:\Program Files (x86)\musicbrainz picard\picard.exe] => (Allow) F:\Program Files (x86)\musicbrainz picard\picard.exe
    FirewallRules: [TCP Query User{EBA8804C-D4D9-48F5-BED8-AD723334006A}C:\windows\syswow64\java.exe] => (Block) C:\windows\syswow64\java.exe
    FirewallRules: [UDP Query User{556DF46A-05AD-42E5-8090-F860EBBF30FC}C:\windows\syswow64\java.exe] => (Block) C:\windows\syswow64\java.exe
    FirewallRules: [TCP Query User{1D466C6B-F644-44E7-8884-C5D92581FACD}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Allow) F:\Program Files (x86)\mediamonkey\mediamonkey.exe
    FirewallRules: [UDP Query User{432C5F99-06E8-47AA-B7E9-2A628D7A6A4C}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Allow) F:\Program Files (x86)\mediamonkey\mediamonkey.exe
    FirewallRules: [TCP Query User{9F5FDE20-3E33-4DDF-A702-198FFC783E32}F:\program files\java\jre6\bin\javaw.exe] => (Block) F:\program files\java\jre6\bin\javaw.exe
    FirewallRules: [UDP Query User{991F9134-FF1A-48D6-8217-790CBD162AA8}F:\program files\java\jre6\bin\javaw.exe] => (Block) F:\program files\java\jre6\bin\javaw.exe
    FirewallRules: [TCP Query User{7AF46388-E99A-4BDE-8D89-CB853C34B262}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{B2F6E93F-BD5A-4E70-A57A-EC48BC74D0F8}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [{E86B5A3F-D959-4652-BD85-A59D0DFC595F}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe
    FirewallRules: [{D3E5B9EA-F47B-4645-A796-C18D4000FB04}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe
    FirewallRules: [{FBC46965-880F-4464-A02D-58F9E09134F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{3E673A76-EBB6-41AC-ADAA-EC07A830C9CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{EA2C6A9D-7EE2-411B-B416-57C80E05858E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
    FirewallRules: [{16AE6B8C-FFDD-4D40-A146-1AD46EECB08C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
    FirewallRules: [TCP Query User{A4274554-A386-46B1-AAED-86B368975B5D}F:\steam library folder\steamapps\common\team fortress 2\hl2.exe] => (Allow) F:\steam library folder\steamapps\common\team fortress 2\hl2.exe
    FirewallRules: [UDP Query User{50D24CD5-9EA0-4092-8ACE-A5F8CA38FF58}F:\steam library folder\steamapps\common\team fortress 2\hl2.exe] => (Allow) F:\steam library folder\steamapps\common\team fortress 2\hl2.exe
    FirewallRules: [{16BBB312-9033-4820-869F-3F2CC3D2A428}] => (Block) F:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
    FirewallRules: [{43430466-8C72-4962-8039-25B59D3ED988}] => (Block) %ProgramFiles% (x86)\SmartDraw 2013\SmartDraw.exe
    FirewallRules: [{FF510CB7-8BBD-4319-9972-13E03703E32E}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
    FirewallRules: [{C0F419B2-B110-4FD9-8B22-9456B590C58A}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
    FirewallRules: [TCP Query User{E5AFDC18-C741-423C-AB90-0799CE5DA075}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{3EC10302-257C-4016-A0D7-F85944A7D297}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{310E119F-1EFC-44A6-8E33-7E3A56E869DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{5C8C216F-84B1-4E67-B6C3-9617CB15E4C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{DDDC73B9-D769-45C4-8EE1-1E381FE8EC94}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{5C7DBD6E-2A12-49F3-9BFC-0D93BA1BA1CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{8A6F432F-0BC5-4C20-B14B-8EBCD62B06EC}] => (Allow) F:\Program Files (x86)\Origin Games\Need for Speed World\GameLauncher.exe
    FirewallRules: [{0B620597-8CBD-4B8F-B8C9-915DC1156398}] => (Allow) F:\Program Files (x86)\Origin Games\Need for Speed World\GameLauncher.exe
    FirewallRules: [TCP Query User{4BC4AFC2-6468-4170-9975-605F1C22897C}F:\programdata\electronic arts\data\nfsw.exe] => (Allow) F:\programdata\electronic arts\data\nfsw.exe
    FirewallRules: [UDP Query User{FC5E1BD7-0972-434F-B82B-CE4F9D9EE771}F:\programdata\electronic arts\data\nfsw.exe] => (Allow) F:\programdata\electronic arts\data\nfsw.exe
    FirewallRules: [{3A489C46-31DD-4FDC-A24A-B4EF12CB838F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\iBomber Attack Demo\iBomberAttackDemo.exe
    FirewallRules: [{B86254E1-F2B3-4495-B221-A790E7FF5BE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\iBomber Attack Demo\iBomberAttackDemo.exe
    FirewallRules: [{576B8718-6276-4B50-9094-2B125A54AC07}] => (Allow) H:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
    FirewallRules: [{0334F8F1-ECC7-47D4-849A-D01CB087326E}] => (Allow) H:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
    FirewallRules: [{018BF4CC-17E1-4C29-B276-36867CCBE75F}] => (Allow) LPort=4481
    FirewallRules: [{8A42A4E5-FB7D-435D-8287-CCDAE04E5115}] => (Allow) LPort=4481
    FirewallRules: [{60A253E4-538E-4210-A1E1-F9880F759431}] => (Allow) LPort=4482
    FirewallRules: [{649FC64B-E70A-4B72-B65B-29205BD2E040}] => (Allow) LPort=4482
    FirewallRules: [TCP Query User{85764ABF-76D8-42CC-85F2-B6854B5A047F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{421481C5-BD43-439A-98AF-88B4E470D418}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{15DCD1F1-0B06-4184-9FA9-8D5CE531B044}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{963C2386-7C8E-41F5-B8EF-D888173AFB7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{BBD38712-CBEA-4573-9F39-AABBB38DFC82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{9DD622B4-88E1-4809-8FC7-025DF2E2A553}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{3FD0A622-4157-4072-85F3-7C3D20E06BCE}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
    FirewallRules: [UDP Query User{76090457-16A7-4ED9-80A7-414F45AFF7B9}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
    FirewallRules: [{77F72CCF-3486-42C2-A2B8-A787A03123DF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{5C49F74A-5520-4093-B3CC-4CD138062598}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{851ACB82-334B-4B37-8B31-805178C9CD5A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{19062B4F-F524-4351-8D9F-6A5AC1C9BE65}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{FB007FC0-052A-4366-8509-0953A20EBC19}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe
    FirewallRules: [{076BCE0F-5B1B-4D18-8AEE-D87A6A5E235E}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe
    FirewallRules: [{EFB7688A-14CD-473A-9CF9-4219A84F571F}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe
    FirewallRules: [{33BA2308-4790-43A2-AD6A-A2E3505A7E73}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe
    FirewallRules: [{CF6FC813-C14F-4723-913E-D47DDB556FE0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{84EF5FE2-7C13-42EC-B54C-E6DE798E8C1F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{84649655-4E50-41DB-8429-8F53F4826FF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{42271F38-6BBB-46C0-B7D6-A473DC1C4EE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{63A2593E-37A2-4248-9886-FBB4DF85C720}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{E3F75D13-7967-4BA9-A09E-66705A63E672}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{71077BE5-DBA2-4DE8-8A81-2BB94D19BFD4}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
    FirewallRules: [{4B8C1F86-162D-41CA-AED3-8941D85C1500}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
    FirewallRules: [{4591F867-BCE9-4232-BBF1-32341FE60A0F}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
    FirewallRules: [{B74579CE-FF49-41F2-9072-33D02CE7D951}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
    FirewallRules: [{78A79EA0-77B2-4735-81D9-E3BD85D3DC85}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
    FirewallRules: [{AC61B826-F949-4B03-AB1E-E2E76B4C1F6F}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
    FirewallRules: [{6C0877C0-CC83-4E60-9BAB-279FC291C3E5}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
    FirewallRules: [{3F242F30-B190-4690-A8CC-54DC951AE268}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
    FirewallRules: [TCP Query User{DD239C72-D7B8-4C27-B586-158585286D9A}H:\games\battlefield 4\bf4_x86.exe] => (Allow) H:\games\battlefield 4\bf4_x86.exe
    FirewallRules: [UDP Query User{365B97CE-CFA1-4F44-9D01-46723F3D18B9}H:\games\battlefield 4\bf4_x86.exe] => (Allow) H:\games\battlefield 4\bf4_x86.exe
    FirewallRules: [{02AE2090-1D55-403D-863F-FF7C970D2D37}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{A438C9B7-A184-4945-A04B-DEA5F389F9D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{FAA91DA7-00C8-4B56-86D1-10FE6B6B59BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{C96AE375-0A3C-4DB7-954D-59C61E623DCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    FirewallRules: [{81D121AE-586B-4955-BFD7-0716B34A8D57}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{FF095264-834A-41BC-BAA8-1D5D8BBD91D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{D17791ED-592F-42E2-B069-6B1CC31EAA4A}] => (Allow) H:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
    FirewallRules: [{AF574895-63E4-4A46-871A-D9E619E5966C}] => (Allow) H:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
    FirewallRules: [{E2801422-3D22-41B8-B83F-58E1A0B7A210}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{E972BA8E-8951-44AE-84A8-514919EF150E}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{D9AE9D59-7F50-4496-A9EA-55F2B052D126}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{52B7BA08-CE46-4CA2-B1EE-A6BFDCB2025F}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{EBECC55C-1D7B-46A0-8163-357D744AA8E4}] => (Allow) h:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    FirewallRules: [{DAB03E88-0021-4248-B79B-7E1FD0635D9D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
    FirewallRules: [{DEEBDA1D-1EFE-4BE0-AB88-BEE4A5E211E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
    FirewallRules: [{CF0E2D4E-CBBB-4961-9586-3EB4048A6553}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Little Inferno Beta\Little Inferno.exe
    FirewallRules: [{60C265C8-C649-4857-898F-70877F019F1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Little Inferno Beta\Little Inferno.exe
    FirewallRules: [{B636CFEA-76AC-4114-BFD5-B4D2118AEA2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Capsized\Capsized.exe
    FirewallRules: [{0789103C-A70A-493C-B611-5F62F223AB16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Capsized\Capsized.exe
    FirewallRules: [{72FA1FA6-6F5E-4155-90CE-E8E0D261F4D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe
    FirewallRules: [{8BB8E852-9A0E-4EB7-88C5-5EB5D55346E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe
    FirewallRules: [{633321D3-F0D4-44A9-AD40-65D7A0D90176}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Intrusion 2\intrusion2.exe
    FirewallRules: [{3DF5F331-F675-4E23-BEDD-9E4B94E27BB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Intrusion 2\intrusion2.exe
    FirewallRules: [{C2A69856-6BE6-427F-9DC9-32E29DD97544}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe
    FirewallRules: [{149BB1C6-0A30-4891-A11F-7634FB9E553F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe
    FirewallRules: [{D8F14BAF-7E04-48EA-8C16-A8EC1574B78E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
    FirewallRules: [{C3443A49-8355-4C3D-BE7D-11FFB872A653}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
    FirewallRules: [{F9BD63E6-5169-4C2B-AFEC-0DDC8EB72289}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
    FirewallRules: [{551FB3C0-4645-41CB-AB00-9F43CCE46493}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
    FirewallRules: [{06B9A16A-DDFD-4148-BE6E-A3993B89763D}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
    FirewallRules: [{084C05C5-D121-44F8-9DC2-17C34CEF9E70}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
    FirewallRules: [TCP Query User{A320347E-3FA3-4680-9126-2847785FE7DA}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe
    FirewallRules: [UDP Query User{7C9DB469-8EA9-45E9-A658-8F663792212E}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe
    FirewallRules: [{1EDF5DD5-B89C-4763-BB46-0C2FDE76CBF8}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
    FirewallRules: [{6DA3F26F-26F0-471D-904E-0CE5544B5989}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
    FirewallRules: [{258F0458-EA44-41E3-8D2D-E7B472D90DE8}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
    FirewallRules: [{7EAF7120-A808-42F0-A1AD-823682797941}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
    FirewallRules: [{37899513-D87A-4672-B457-BE0597B097F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{9C0FBBE6-B157-467E-A8CB-81B611BDB45C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
    FirewallRules: [{F61D0966-19B4-4876-853A-D9CC2C4B5E06}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{4A0D555E-1B26-4F42-8D04-70904BC2B645}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{4E82FF9E-1B30-4337-8BBB-8D4941149862}] => (Allow) F:\Battle.net\Battle.net.exe
    FirewallRules: [{6EEA3D04-B5DD-49C8-AB80-D3C8EA2C3AA1}] => (Allow) F:\Battle.net\Battle.net.exe
    FirewallRules: [{A09646E5-0904-4146-BD89-498F842891CD}] => (Allow) F:\Hearthstone\Hearthstone.exe
    FirewallRules: [{193EAC09-7FE7-4F2E-9C38-F62ACE11D341}] => (Allow) F:\Hearthstone\Hearthstone.exe
    FirewallRules: [{40D55099-AEF6-4F68-92B0-CED770C66723}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
    FirewallRules: [TCP Query User{68EC577C-593F-43D2-AB46-BE816E6F92F8}C:\program files (x86)\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files (x86)\mkjogo\mklol\bin\mkim.exe
    FirewallRules: [UDP Query User{64D917BB-F870-40FB-A7A9-004F3C68E4B6}C:\program files (x86)\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files (x86)\mkjogo\mklol\bin\mkim.exe
    FirewallRules: [{19902B20-026B-44CA-95C4-D0070D2E5BEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{48F747B9-5B80-44D1-AEC8-AD6F8D85E9B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
    FirewallRules: [{CE7FD005-D9E2-44C5-A8FD-E140543B155B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{0D7C0248-A5F3-4657-B029-9410676F13FF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{BC7F1360-AE9E-4539-A60D-4D75D2198A50}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{AF6C5CEB-3FD9-46F6-8B77-C3AC4D517133}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
    FirewallRules: [{5137591F-531C-44DE-87F9-C975F47B7073}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{5276F6D8-50D3-4669-A308-11B8201F2D3F}\\192.168.1.65\software\ip camera\bsearch_en.exe] => (Allow) \\192.168.1.65\software\ip camera\bsearch_en.exe
    FirewallRules: [UDP Query User{D1C000F0-BCB3-4B94-91B4-72FE1C6145BB}\\192.168.1.65\software\ip camera\bsearch_en.exe] => (Allow) \\192.168.1.65\software\ip camera\bsearch_en.exe
    FirewallRules: [{2D7BEC0E-3E4B-4820-B719-36F0C4A766DC}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
    FirewallRules: [{4611DF3B-8FE3-4DE5-BFC1-1AAF772EF1AC}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
    FirewallRules: [{E8D4D07D-02C2-40BF-8731-30F375434CAB}] => (Allow) F:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
    FirewallRules: [{E141A120-842F-4823-ABA9-E73239B654B1}] => (Allow) F:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
    FirewallRules: [{F4C786A9-CD6D-4125-BA0E-2EEDE0C5F345}] => (Allow) F:\Sims 4\The SIMS 4-Deluxe Edition-SKIDROWCRACK\Game\Bin\TS4.exe
    FirewallRules: [{024D86F8-1879-4561-9350-792DEF60BBDF}] => (Allow) F:\Sims 4\The SIMS 4-Deluxe Edition-SKIDROWCRACK\Game\Bin\TS4.exe
    FirewallRules: [{2055DF16-9A4E-428D-A024-9C46F3A596F7}] => (Allow) F:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
    FirewallRules: [{0AC28A61-C3F2-46B7-B621-DE1DB834A69E}] => (Allow) F:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
    FirewallRules: [{BF593F61-7723-4A82-8549-63B634DA96A6}] => (Allow) F:\steam library folder\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
    FirewallRules: [{CDE6C2BA-1873-4695-BA61-182C8A50DBD8}] => (Allow) F:\steam library folder\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
    FirewallRules: [{620F44A6-70E9-4C16-A114-D86C3A0194FB}] => (Allow) F:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{A569FC0D-BA47-443C-9340-742FB75D25BA}] => (Allow) F:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{EC201D03-44EF-403A-A921-21C43F119B8F}] => (Block) F:\Program Files (x86)\Middle Earth Shadow of Mordor\x64\ShadowOfMordor.exe
    FirewallRules: [{40BDA590-D721-405A-B3F5-3F4B5EF595F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{C8DC17BD-5717-4DE0-A27B-6407B4B25010}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{7C118354-3226-4360-9FD1-65DC71389647}] => (Block) F:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
    FirewallRules: [TCP Query User{8BCB95E3-7A95-45FD-8E6F-B253FAFC207F}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
    FirewallRules: [UDP Query User{D5729ED5-36F5-40B3-A63C-C18DAC8A2E36}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
    FirewallRules: [TCP Query User{FDA90FF7-1159-45B9-9D0D-831E450A55BF}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
    FirewallRules: [UDP Query User{8EB5D2A2-1CCA-4C33-923F-4D7E2B69F6BF}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
    FirewallRules: [{FE978480-D164-4FD9-A835-879C7D9801A6}] => (Allow) F:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
    FirewallRules: [{A2F44525-A511-457C-9B1C-F17B3C6EEF24}] => (Allow) F:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
    FirewallRules: [{2D26ABDB-A8DD-4825-8504-1F761B66993E}] => (Allow) F:\steam library folder\SteamApps\common\AmongRipples\AmongRipples.exe
    FirewallRules: [{9429715E-8373-4C0D-A795-8956BA81F12A}] => (Allow) F:\steam library folder\SteamApps\common\AmongRipples\AmongRipples.exe
    FirewallRules: [{545E2D5F-3588-48A2-8DE3-09EF2D1C0BBD}] => (Allow) F:\steam library folder\SteamApps\common\Ghost Master\ghost.exe
    FirewallRules: [{D9583C59-40A7-4B1B-B077-62E363F0F4C1}] => (Allow) F:\steam library folder\SteamApps\common\Ghost Master\ghost.exe
    FirewallRules: [{2C78F406-76FF-4F25-A7E5-0D411857C7DB}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0A4B\hppiw.exe
    FirewallRules: [{0C26C0A9-B6FA-4B81-9A83-909F27312618}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0A4B\hppiw.exe
    FirewallRules: [{1F83F92F-3833-421F-A244-C0E3FB694569}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0B7B\hppiw.exe
    FirewallRules: [{0EB9F89D-2FDC-49AD-AAFA-577ABD30B928}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0B7B\hppiw.exe
    FirewallRules: [{A58AA986-58ED-4F18-9DDD-C50BF2940A8B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{87FA797F-6129-465C-8603-70B35453452A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{E054CB61-66C9-42AE-B92F-6C05F6A2923C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{FB9A5A6E-ECF4-4A26-8C2D-2AE7D429034E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    FirewallRules: [{1E4BE5AA-B482-475F-93AD-CBD990B06701}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    FirewallRules: [{B22B92E9-5FB1-4EC2-93FF-4B38D1BB8F1B}] => (Allow) F:\steam library folder\SteamApps\common\Besiege\Besiege.exe
    FirewallRules: [{201F1F9F-1CD7-4F6D-B569-481023F6A437}] => (Allow) F:\steam library folder\SteamApps\common\Besiege\Besiege.exe
    FirewallRules: [{090FDD4B-E896-43DE-87CF-3893E8383E8E}] => (Allow) F:\steam library folder\SteamApps\common\Shelter2\Shelter2.exe
    FirewallRules: [{D7F3A4EE-1ABD-412B-8E85-9F424BD0B1AE}] => (Allow) F:\steam library folder\SteamApps\common\Shelter2\Shelter2.exe
    FirewallRules: [{2FB00F36-4544-4E26-955C-439372EC888B}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
    FirewallRules: [{0A176B48-A3F5-438B-A247-43EFD650232F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{E53E7E62-76B9-49CF-87A0-9EB2753AC14F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0C0E2572-34EC-486C-9919-77E842139269}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{49B73444-5D64-4F25-8412-0285B66AB032}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E20D0868-1E0C-4F3E-99DF-68E89A91EF4D}] => (Allow) F:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{E64CE403-77F0-4F2F-8F52-B083DA0AC171}] => (Allow) F:\steam library folder\SteamApps\common\Napoleon Total War\Napoleon.exe
    FirewallRules: [{93BB2153-5431-48C4-B9A2-1D98A4E8112C}] => (Allow) F:\steam library folder\SteamApps\common\Napoleon Total War\Napoleon.exe
    FirewallRules: [TCP Query User{DE52C308-F913-49AA-9AED-446CA547CD87}F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{7D64ED70-3060-4ED4-AC21-5C843510BA7D}F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
    FirewallRules: [{5A4F6B44-6B7C-4642-B704-F37C2289B06C}] => (Allow) F:\steam library folder\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{2501C92A-CFF4-4007-A072-D712A7F8A6CE}] => (Allow) F:\steam library folder\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [TCP Query User{F2C88D33-4F8B-4AF5-86FE-84EAEA525979}F:\steam library folder\dota 2 beta\dota.exe] => (Allow) F:\steam library folder\dota 2 beta\dota.exe
    FirewallRules: [UDP Query User{945C1935-0881-4C64-B612-025DEBE74F86}F:\steam library folder\dota 2 beta\dota.exe] => (Allow) F:\steam library folder\dota 2 beta\dota.exe
    FirewallRules: [{C514BCB0-0981-4C42-BDA3-CA7A7012710E}] => (Allow) F:\steam library folder\SteamApps\common\Subnautica\Subnautica.exe
    FirewallRules: [{50AC0A48-284E-4FD1-A8AC-5918C6207E75}] => (Allow) F:\steam library folder\SteamApps\common\Subnautica\Subnautica.exe
    FirewallRules: [TCP Query User{8460AE0B-4376-4BB0-81E5-6CE3B421B243}C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe
    FirewallRules: [UDP Query User{F6557E35-67F5-4E20-B191-B18F274A13AC}C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe
    FirewallRules: [{66EFA9DC-A369-4C74-881D-13F9CB007118}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{07D4652B-BFA7-41DA-8C85-33FD00EC6750}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{FA0FDA31-3C1E-4B0F-8F0B-ADA829CF08C3}] => (Allow) F:\steam library folder\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
    FirewallRules: [{2DBD8A65-6F03-44B2-99D6-33EB46B3E7A3}] => (Allow) F:\steam library folder\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
    FirewallRules: [{CF58AB2A-ABB0-4110-858D-3A9829623E8D}] => (Allow) F:\steam library folder\SteamApps\common\The Plan\The Plan.exe
    FirewallRules: [{3F6F67DC-539E-4DEB-9386-DC23614FE541}] => (Allow) F:\steam library folder\SteamApps\common\The Plan\The Plan.exe
    FirewallRules: [{62829CAD-2988-43EF-B31A-3904917A680E}] => (Allow) F:\steam library folder\SteamApps\common\Making History The Calm and The Storm Demo\bin\makehist.exe
    FirewallRules: [{0F0D9699-855E-4069-B909-9FC00A237973}] => (Allow) F:\steam library folder\SteamApps\common\Making History The Calm and The Storm Demo\bin\makehist.exe
    FirewallRules: [{3D83D1DF-D0C5-4BB6-8864-833BB379638A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{C044B64E-5969-4925-A5C0-C312BD205E17}] => (Allow) F:\steam library folder\SteamApps\common\Crest\Crest.exe
    FirewallRules: [{ED5CF348-0F0B-4DE5-A0EE-5BC7463C78AC}] => (Allow) F:\steam library folder\SteamApps\common\Crest\Crest.exe

    ==================== Faulty Device Manager Devices =============

    Name: VBoxAsw Support Driver
    Description: VBoxAsw Support Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: VBoxAswDrv
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/08/2015 11:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2137

    Error: (06/08/2015 11:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2137

    Error: (06/08/2015 11:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/08/2015 11:31:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1139

    Error: (06/08/2015 11:31:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1139

    Error: (06/08/2015 11:31:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/08/2015 07:58:54 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
    Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Gebruik sxstrace.exe voor gedetailleerde diagnose.

    Error: (06/07/2015 11:38:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Naam van toepassing met fout: adwcleaner_4.206.exe, versie: 4.2.0.6, tijdstempel: 0x556b7f98
    Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
    Uitzonderingscode: 0xc0000005
    Foutoffset: 0x0747a53e
    Id van proces met fout: 0x18fc
    Starttijd van toepassing met fout: 0xadwcleaner_4.206.exe0
    Pad naar toepassing met fout: adwcleaner_4.206.exe1
    Pad naar module met fout: adwcleaner_4.206.exe2
    Rapport-id: adwcleaner_4.206.exe3

    Error: (06/07/2015 05:06:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6021

    Error: (06/07/2015 05:06:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6021


    System errors:
    =============
    Error: (06/08/2015 11:27:04 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
    Description: Onverwachte fout. Foutcode: D@01010004

    Error: (06/08/2015 11:27:04 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
    Description: Onverwachte fout. Foutcode: D@01010004

    Error: (06/08/2015 11:27:04 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
    Description: Onverwachte fout. Foutcode: D@01010004

    Error: (06/08/2015 11:27:04 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
    Description: Onverwachte fout. Foutcode: D@01010004

    Error: (06/08/2015 11:26:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: De volgende opstartstuurprogramma's zijn niet geladen:
    MtxDma0

    Error: (06/08/2015 11:26:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: De VBoxAsw Support Driver-service kan vanwege de volgende fout niet worden gestart:
    %%2

    Error: (06/08/2015 11:26:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: De NPEService-service kan vanwege de volgende fout niet worden gestart:
    %%2

    Error: (06/08/2015 11:26:17 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: De vorige afsluiting van het systeem om 23:24:27 op ‎8-‎6-‎2015 is onverwacht gebeurd.

    Error: (06/08/2015 11:14:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De EaseUS Agent Service-service is onverwacht beëindigd. Dit is nu 299 keer gebeurd.

    Error: (06/08/2015 11:14:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De EaseUS Agent Service-service is onverwacht beëindigd. Dit is nu 298 keer gebeurd.


    Microsoft Office:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-06-08 22:44:15.571
    Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume5\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

    Date: 2015-06-08 22:44:15.524
    Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume5\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

    Date: 2015-03-22 20:29:02.603
    Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

    Date: 2015-03-22 20:29:02.550
    Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

    Date: 2013-11-21 17:34:52.563
    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

    Date: 2013-11-21 17:34:52.503
    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

    Date: 2013-11-21 17:34:52.453
    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

    Date: 2013-11-21 17:34:52.393
    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

    Date: 2013-11-21 17:33:45.255
    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

    Date: 2013-11-21 17:33:45.195
    Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
    Percentage of memory in use: 35%
    Total physical RAM: 8099.93 MB
    Available physical RAM: 5223.69 MB
    Total Pagefile: 18198.04 MB
    Available Pagefile: 14233.61 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:223.47 GB) (Free:83.06 GB) NTFS
    Drive e: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (TeraDisk) (Fixed) (Total:931.51 GB) (Free:376.58 GB) NTFS
    Drive h: (SSD 120GB) (Fixed) (Total:119.15 GB) (Free:17.99 GB) NTFS
    Drive m: () (Network) (Total:1830.83 GB) (Free:196.82 GB)
    Drive p: () (Network) (Total:913.94 GB) (Free:37.16 GB)
    Drive s: () (Network) (Total:1830.83 GB) (Free:196.82 GB)
    Drive v: () (Network) (Total:913.94 GB) (Free:37.16 GB)
    Drive w: () (Network) (Total:1830.83 GB) (Free:196.82 GB)
    Drive z: () (Network) (Total:0.24 GB) (Free:0.16 GB)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 5352E724)
    Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: 2F0AD043)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 3373616B)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

    ==================== End of log ============================
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...