Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search page is wrong


  • This topic is locked This topic is locked
15 replies to this topic

#1 Rollietjes

Rollietjes

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 06 February 2015 - 02:02 PM

Hi,

 

Since today my google search page in google chrome and IE looks weird. When I'm going to google.com all looks right, I'm signed in to my google+ account.

But when I'm going to search something the page doesn't look normal and I'm not signed in anymore. (see attached files)

When I'm using encrypted.google.com nothing is wrong... And in firefox all is looking normal too.

I can't find out if this is a virus or a malware or something so I hope one of you guys can help me:)

 

I already did a scan with AVG, adwcleaner, and superantispyware but nothing helps.

My OS is windows 8.1

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:08:15 AM

Posted 09 February 2015 - 08:15 AM

:welcome:

 

 
1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything
     
    ============================================================================
     
     
     
     
    Please download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
    A simple way to check your system: Start --> Computer (right click) --> Properties
     
    FRST_zps5d956a1a.jpg
     
     
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #3 Rollietjes

    Rollietjes
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:02:15 PM

    Posted 09 February 2015 - 10:35 AM

    Hi thanks for your help!

     

    Here are the logs:

     

    aswMBR:

     

    aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
    Run date: 2015-02-09 16:20:19
    -----------------------------
    16:20:19.553    OS Version: Windows x64 6.2.9200 
    16:20:19.557    Number of processors: 4 586 0x4501
    16:20:19.557    ComputerName: ROLINDA-LAPTOP  UserName: Rolinda
    16:20:29.796    Initialize success
    16:20:29.935    VM: initialized successfully
    16:20:29.935    VM: Intel CPU supported 
    16:20:45.534    VM: disk I/O iaStorA.sys
    16:21:24.133    AVAST engine download error: 0
    16:21:42.213    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e
    16:21:42.213    Disk 0 Vendor: TOSHIBA_MQ01ABF050 AM002C Size: 476940MB BusType: 8
    16:21:42.335    Disk 0 MBR read successfully
    16:21:42.335    Disk 0 MBR scan
    16:21:42.335    Disk 0 unknown MBR code
    16:21:42.351    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
    16:21:42.476    Disk 0 scanning C:\Windows\system32\drivers
    16:21:52.475    Service scanning
    16:22:41.517    Modules scanning
    16:22:41.521    Disk 0 trace - called modules:
    16:22:42.017    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
    16:22:42.032    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000ba1eb060]
    16:22:42.032    3 CLASSPNP.SYS[fffff8016081e27b] -> nt!IofCallDriver -> [0xffffe000ba1ea5d0]
    16:22:42.057    5 hpdskflt.sys[fffff80160c7342b] -> nt!IofCallDriver -> [0xffffe000b76ad660]
    16:22:42.073    7 ACPI.sys[fffff8015fe8f7aa] -> nt!IofCallDriver -> \Device\0000002e[0xffffe000b77f4060]
    16:22:42.085    Disk 0 statistics 134196/0/0 @ 7,55 MB/s
    16:22:42.093    Scan finished successfully
    16:22:59.800    Disk 0 MBR has been saved successfully to "C:\Users\Rolinda\Desktop\MBR.dat"
    16:22:59.800    The log file has been saved successfully to "C:\Users\Rolinda\Desktop\aswMBR.txt"
     
     
    FRST:
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
    Ran by Rolinda (administrator) on ROLINDA-LAPTOP on 09-02-2015 16:24:26
    Running from C:\Users\Rolinda\Downloads
    Loaded Profiles: Rolinda (Available profiles: Rolinda)
    Platform: Windows 8.1 (X64) OS Language: Nederlands (Nederland)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Dropbox, Inc.) C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (BitTorrent Inc.) C:\Users\Rolinda\AppData\Roaming\uTorrent\uTorrent.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files\WindowsApps\ActiproSoftwareLLC.562882FEEB491_2.4.15.15_neutral__24pqs290vpjk0\CodeWriter.exe
    (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
    HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\Run: [GoogleChromeAutoLaunch_EA0E8EB3DA63D6A361036FDA45F36674] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\MountPoints2: {7781d48c-fdd7-11e3-825e-54353036611c} - "H:\SETUP.EXE" 
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\MountPoints2: {95f190ff-a964-11e4-8292-54353036611c} - "F:\SETUP.EXE" 
    Startup: C:\Users\Rolinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    ProxyEnable: [HKLM] => ProxyEnable is set.
    ProxyEnable: [HKLM-x32] => ProxyEnable is set.
    ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-856661239-2680828645-2770266133-1001 -> {3AF9AAB8-1114-4B7E-9EAC-581960B0227E} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-856661239-2680828645-2770266133-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 212.54.44.54 212.54.40.25
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Rolinda\AppData\Roaming\Mozilla\Firefox\Profiles\bd44bdb1.default
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @ABNAMRO/BECON,version=1.00 -> C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll (ABN AMRO)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
    FF Extension: Adblock Plus - C:\Users\Rolinda\AppData\Roaming\Mozilla\Firefox\Profiles\bd44bdb1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-06]
    FF HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
    FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-23]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SPF012BD59-D656-480F-92EB-1FA43388EA49&SSPV=
    CHR StartupUrls: Default -> "https://www.facebook.com/", "https://www.tumblr.com/dashboard", "https://twitter.com/", "hxxp://trakt.tv/", "https://www.youtube.com/", "https://www.encrypted.google.com/"
    CHR DefaultSearchKeyword: Default -> https://encrypted.google.com/
    CHR DefaultSuggestURL: Default -> 
    CHR Profile: C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Bejeweled) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-09-19]
    CHR Extension: (Angry Birds) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-09-19]
    CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-09-19]
    CHR Extension: (Google Documenten) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-19]
    CHR Extension: (Google Drive) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-19]
    CHR Extension: (YOUZEEK Free Music) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce [2014-09-19]
    CHR Extension: (YouTube) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-19]
    CHR Extension: (Google Cast) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-02-07]
    CHR Extension: (TVGiDS.tv) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocdjdnpjmkaaaangagmlnkcpfjkjfcn [2014-09-19]
    CHR Extension: (Adblock Plus) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-08]
    CHR Extension: (Google Zoeken) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-19]
    CHR Extension: (Go to IMDb) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fipkcplmpmhcmfgkgahliaabodplkjio [2014-09-19]
    CHR Extension: (XKit) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-09-19]
    CHR Extension: (World TV) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdejljjjgegbbgoopclmcaabkjlbcmdm [2014-09-19]
    CHR Extension: (Lunaria Story) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohldomknihdgjdinaabghnpnkjhkgcm [2014-09-19]
    CHR Extension: (Eye Dropper) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2014-09-19]
    CHR Extension: (WhatFont) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2014-09-19]
    CHR Extension: (Reddit Enhancement Suite) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-09-19]
    CHR Extension: (Hangouts) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-09-19]
    CHR Extension: (Google Wallet) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-27]
    CHR Extension: (Hover Zoom) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-09-19]
    CHR Extension: (Deezer) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2014-09-19]
    CHR Extension: (Bubble Santa) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbokbbbgkgifjmmbokbdiimcffphbgha [2014-09-19]
    CHR Extension: (Outlook.com) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-09-19]
    CHR Extension: (Gmail) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-19]
    CHR Profile: C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Presentaties) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
    CHR Extension: (Google Documenten) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
    CHR Extension: (Google Drive) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
    CHR Extension: (YouTube) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
    CHR Extension: (Google Zoeken) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
    CHR Extension: (Google Spreadsheets) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
    CHR Extension: (Google Wallet) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
    CHR Extension: (Gmail) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
    R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
    R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-21] (InstallShield®) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-21] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
    S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-29] (AVG Technologies)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    S3 e.dentifier2; C:\Windows\system32\DRIVERS\aabed2.sys [28672 2008-03-20] (Todos Data System AB)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
    R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-22] (Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
    S3 stdpms; C:\Windows\System32\drivers\stdpms.sys [28904 2014-10-22] (Splashtop Inc.)
    S3 tapSF0901; C:\Windows\system32\DRIVERS\tapSF0901.sys [39104 2014-07-11] (Spotflux, Inc.)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    U3 McMPFSvc; No ImagePath
    U3 McNaiAnn; No ImagePath
    U3 mcpltsvc; No ImagePath
    U3 McProxy; No ImagePath
    U3 mfecore; No ImagePath
    U3 MSK80Service; No ImagePath
    U3 aswMBR; \??\C:\Users\Rolinda\AppData\Local\Temp\aswMBR.sys [X]
    U3 aswVmm; \??\C:\Users\Rolinda\AppData\Local\Temp\aswVmm.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-09 16:24 - 2015-02-09 16:25 - 00029558 _____ () C:\Users\Rolinda\Downloads\FRST.txt
    2015-02-09 16:23 - 2015-02-09 16:24 - 00000000 ____D () C:\FRST
    2015-02-09 16:23 - 2015-02-09 16:23 - 02132992 _____ (Farbar) C:\Users\Rolinda\Downloads\FRST64.exe
    2015-02-09 16:23 - 2015-02-09 16:23 - 01124352 _____ (Farbar) C:\Users\Rolinda\Downloads\FRST.exe
    2015-02-09 16:22 - 2015-02-09 16:25 - 00001828 _____ () C:\Users\Rolinda\Desktop\aswMBR.txt
    2015-02-09 16:22 - 2015-02-09 16:22 - 00000512 _____ () C:\Users\Rolinda\Desktop\MBR.dat
    2015-02-09 16:20 - 2015-02-09 16:20 - 05198336 _____ (AVAST Software) C:\Users\Rolinda\Downloads\aswMBR (1).exe
    2015-02-09 16:19 - 2015-02-09 16:19 - 05198336 _____ (AVAST Software) C:\Users\Rolinda\Downloads\aswMBR.exe
    2015-02-09 08:35 - 2015-02-09 08:35 - 00000245 _____ () C:\Users\Rolinda\.swfinfo
    2015-02-09 08:31 - 2015-02-09 08:31 - 00003149 _____ () C:\Users\Rolinda\Downloads\RTL-XL.bundle-master.zip
    2015-02-08 19:31 - 2015-02-08 19:31 - 01674576 _____ () C:\Users\Rolinda\Downloads\Plex-Trakt-Scrobbler-master.zip
    2015-02-08 19:25 - 2015-02-08 19:37 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Plex Media Server
    2015-02-08 19:25 - 2015-02-08 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
    2015-02-08 19:24 - 2015-02-08 19:24 - 00000000 ____D () C:\Program Files (x86)\Plex
    2015-02-08 19:20 - 2015-02-08 19:22 - 86795776 _____ (Plex, Inc.) C:\Users\Rolinda\Downloads\Plex-Media-Server-0.9.1107.803-87d0708-en-US.exe
    2015-02-08 18:55 - 2015-02-08 18:55 - 00008953 _____ () C:\Users\Rolinda\Downloads\[kickass.so]son.of.a.gun.2014.720p.brrip.x264.yify.torrent
    2015-02-08 14:21 - 2015-02-08 14:21 - 02112512 _____ () C:\Users\Rolinda\Downloads\AdwCleaner (1).exe
    2015-02-08 10:24 - 2015-02-08 10:24 - 00021467 _____ () C:\Users\Rolinda\Downloads\2B536BAA0D11D5733283E2B862C43E66442DBE6A.torrent
    2015-02-07 20:07 - 2015-02-07 20:07 - 00401920 _____ (Farbar) C:\Users\Rolinda\Downloads\MiniToolBox.exe
    2015-02-07 20:07 - 2015-02-07 20:07 - 00052855 _____ () C:\Users\Rolinda\Downloads\Result.txt
    2015-02-07 19:23 - 2015-02-07 19:23 - 00008945 _____ () C:\Users\Rolinda\Downloads\[kickass.so]dumb.and.dumber.to.2014.720p.brrip.x264.yify.torrent
    2015-02-07 18:02 - 2015-02-07 18:02 - 02347384 _____ (ESET) C:\Users\Rolinda\Downloads\esetsmartinstaller_enu.exe
    2015-02-07 18:00 - 2015-02-07 18:00 - 00025999 _____ () C:\Users\Rolinda\Downloads\6972B8FB06DF3ABE810562AC553172C99A65D31E.torrent
    2015-02-07 17:59 - 2015-02-07 17:59 - 00035474 _____ () C:\Users\Rolinda\Downloads\B76FD031C8A186A41235783701104DDBC7B46799.torrent
    2015-02-07 17:58 - 2015-02-07 17:58 - 00026770 _____ () C:\Users\Rolinda\Downloads\1696B82E875ABBDB4DFEEE7309AD4C6DE6C0E160.torrent
    2015-02-07 17:58 - 2015-02-07 17:58 - 00026770 _____ () C:\Users\Rolinda\Downloads\1696B82E875ABBDB4DFEEE7309AD4C6DE6C0E160 (1).torrent
    2015-02-06 22:38 - 2015-02-06 22:38 - 01388274 _____ (Thisisu) C:\Users\Rolinda\Downloads\JRT.exe
    2015-02-06 22:35 - 2015-02-08 15:29 - 00000348 _____ () C:\Windows\setupact.log
    2015-02-06 22:35 - 2015-02-06 22:35 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-06 22:34 - 2015-02-08 14:25 - 00000958 _____ () C:\Windows\PFRO.log
    2015-02-06 21:54 - 2015-02-06 21:55 - 05325208 _____ (Piriform Ltd) C:\Users\Rolinda\Downloads\ccsetup502.exe
    2015-02-06 19:48 - 2015-02-06 19:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rolinda\Downloads\mbam-setup-2.0.4.1028.exe
    2015-02-06 19:41 - 2015-02-06 19:41 - 00019362 _____ () C:\Users\Rolinda\Downloads\[kickass.so]the.100.2014.s02e09.1080p.web.dl.nl.subs.sam.tbs.torrent
    2015-02-06 19:30 - 2015-02-06 19:30 - 00012576 _____ () C:\Users\Rolinda\Downloads\[kickass.so]the.100.s02e10.nl.subs.hdtvx264.mp4 (1).torrent
    2015-02-06 19:30 - 2015-02-06 19:30 - 00012476 _____ () C:\Users\Rolinda\Downloads\[kickass.so]the.100.s02e09.nl.subs.hdtvx264.mp4.torrent
    2015-02-06 19:29 - 2015-02-06 19:29 - 00012576 _____ () C:\Users\Rolinda\Downloads\[kickass.so]the.100.s02e10.nl.subs.hdtvx264.mp4.torrent
    2015-02-06 19:22 - 2015-02-06 19:22 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-02-06 19:22 - 2015-02-06 19:22 - 00001126 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-02-06 19:22 - 2015-02-06 19:22 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Mozilla
    2015-02-06 19:22 - 2015-02-06 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-02-06 19:20 - 2015-02-06 19:20 - 00243600 _____ () C:\Users\Rolinda\Downloads\Firefox Setup Stub 35.0.1.exe
    2015-02-06 12:53 - 2015-02-06 12:53 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\SUPERAntiSpyware.com
    2015-02-06 12:52 - 2015-02-06 12:52 - 21193928 _____ (SUPERAntiSpyware) C:\Users\Rolinda\Downloads\SUPERAntiSpyware.exe
    2015-02-06 12:52 - 2015-02-06 12:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2015-02-06 12:18 - 2015-02-06 12:18 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-06 12:18 - 2015-02-06 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-02-06 12:17 - 2015-02-09 16:22 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-06 12:17 - 2015-02-08 15:30 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-06 12:17 - 2015-02-06 12:17 - 00004060 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-06 12:17 - 2015-02-06 12:17 - 00003824 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-06 11:29 - 2015-02-06 11:29 - 00000000 __SHD () C:\Users\Rolinda\AppData\Local\EmieBrowserModeList
    2015-02-06 11:20 - 2015-02-06 11:20 - 02112512 _____ () C:\Users\Rolinda\Downloads\AdwCleaner.exe
    2015-02-06 11:12 - 2015-02-06 11:12 - 00361742 _____ () C:\Users\Rolinda\Downloads\GateSimSetup-1.4.rar
    2015-02-06 11:12 - 2015-02-06 11:12 - 00003053 _____ () C:\Users\Rolinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logic Gate Simulator.lnk
    2015-02-06 11:12 - 2015-02-06 11:12 - 00000000 ____D () C:\Program Files (x86)\Steve Kollmansberger
    2015-02-06 10:48 - 2015-02-06 10:48 - 00001059 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
    2015-02-06 10:48 - 2015-02-06 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
    2015-02-06 10:48 - 2015-02-06 10:48 - 00000000 ____D () C:\Program Files\Oracle
    2015-02-06 10:48 - 2014-11-24 12:07 - 00916024 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
    2015-02-06 10:48 - 2014-11-24 12:07 - 00128080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
    2015-02-06 09:34 - 2015-02-08 19:03 - 00005064 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ROLINDA-LAPTOP-Rolinda Rolinda-Laptop
    2015-02-06 08:30 - 2015-02-08 15:31 - 00000000 ____D () C:\Users\Rolinda\Documents\Youcam
    2015-02-05 15:41 - 2015-02-06 22:00 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\TeamViewer
    2015-02-05 15:15 - 2015-02-05 15:15 - 07821960 _____ (TeamViewer GmbH) C:\Users\Rolinda\Downloads\TeamViewer_Setup_nl.exe
    2015-02-05 13:45 - 2015-02-05 13:45 - 00008770 _____ () C:\Users\Rolinda\Downloads\[kickass.so]big.hero.6.2014.720p.brrip.x264.yify.torrent
    2015-02-05 13:39 - 2015-02-05 13:39 - 00030173 _____ () C:\Users\Rolinda\Downloads\[kickass.so]the.100.s02e11.hdtv.x264.killers.ettv.torrent
    2015-02-05 13:39 - 2015-02-05 13:39 - 00022118 _____ () C:\Users\Rolinda\Downloads\[kickass.so]arrow.s03e12.hdtv.x264.lol.ettv.torrent
    2015-02-05 13:39 - 2015-02-05 13:39 - 00008115 _____ () C:\Users\Rolinda\Downloads\[kickass.so]baby.daddy.s04e06.real.hdtv.x264.killers.eztv.torrent
    2015-02-05 10:33 - 2015-02-05 10:33 - 29415744 _____ (Mozilla) C:\Users\Rolinda\Downloads\Thunderbird Setup 31.4.0.exe
    2015-02-05 10:33 - 2015-02-05 10:33 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\Thunderbird
    2015-02-05 10:33 - 2015-02-05 10:33 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Thunderbird
    2015-02-05 10:33 - 2015-02-05 10:33 - 00000000 ____D () C:\ProgramData\Mozilla
    2015-02-05 09:29 - 2015-02-05 20:37 - 00000000 ____D () C:\Users\Rolinda\Documents\Outlook-bestanden
    2015-02-05 08:34 - 2015-02-05 08:34 - 00017521 _____ () C:\Users\Rolinda\Downloads\[kickass.so]big.hero.6.2014.1080p.brrip.x264.yify.torrent
    2015-02-04 15:08 - 2015-02-06 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-04 11:30 - 2015-02-04 11:32 - 110587080 _____ (Oracle Corporation) C:\Users\Rolinda\Downloads\VirtualBox-4.3.20-96997-Win.exe
    2015-02-04 11:20 - 2015-02-06 10:57 - 00000000 ____D () C:\Users\Rolinda\VirtualBox VMs
    2015-02-04 10:40 - 2015-02-06 10:57 - 00000000 ____D () C:\Users\Rolinda\.VirtualBox
    2015-02-03 14:52 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2015-02-03 14:52 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2015-02-03 14:51 - 2015-02-03 14:51 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
    2015-02-03 14:51 - 2015-02-03 14:51 - 00000000 ____D () C:\Program Files (x86)\Kodi
    2015-02-03 14:08 - 2015-02-03 14:08 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
    2015-02-03 14:07 - 2015-02-03 14:13 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Popcorn Time
    2015-02-03 12:10 - 2015-02-03 12:10 - 00000000 ____D () C:\Users\Rolinda\Documents\Edraw Max
    2015-02-03 11:59 - 2015-02-03 12:11 - 00000000 ____D () C:\Users\Rolinda\Documents\Edraw Max 7.7.0.2761 + Crack
    2015-02-03 09:43 - 2015-02-03 12:00 - 00000506 _____ () C:\Windows\Tasks\InstallShield Update Task.job
    2015-02-03 09:43 - 2015-02-03 09:43 - 00003252 _____ () C:\Windows\System32\Tasks\InstallShield Update Task
    2015-02-03 09:43 - 2015-02-03 09:43 - 00000000 ____D () C:\Program Files (x86)\InstallShield
    2015-02-03 09:40 - 2015-02-03 09:40 - 00000000 ____D () C:\Users\Rolinda\Documents\Microsoft Toolkit 2.5.2 - Windows & Office KMS Activator
    2015-02-03 09:31 - 2015-02-03 09:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
    2015-02-03 09:19 - 2015-02-04 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-02-03 09:18 - 2015-02-03 09:18 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
    2015-02-03 09:17 - 2015-02-03 09:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
    2015-02-03 09:15 - 2015-02-03 09:17 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
    2015-02-03 09:12 - 2015-02-03 09:12 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
    2015-02-03 09:12 - 2015-02-03 09:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
    2015-02-03 09:11 - 2015-02-03 09:11 - 00000000 __RHD () C:\MSOCache
    2015-02-02 12:05 - 2015-02-02 12:05 - 00000000 ____D () C:\Users\Rolinda\Documents\Aangepaste Office-sjablonen
    2015-01-25 19:45 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2015-01-25 19:45 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
    2015-01-25 18:56 - 2015-01-28 19:47 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
    2015-01-14 17:21 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 17:21 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 17:21 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
    2015-01-14 17:21 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2015-01-14 17:21 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
    2015-01-14 17:21 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-01-14 17:21 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 17:21 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
    2015-01-14 17:21 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
    2015-01-14 17:21 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2015-01-14 17:21 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-01-14 17:21 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-01-14 17:21 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-01-14 17:21 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-01-14 17:21 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
    2015-01-14 17:21 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2015-01-14 17:21 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-01-14 17:21 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-01-14 17:21 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-01-14 17:21 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
    2015-01-14 17:21 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
    2015-01-14 17:21 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-01-14 17:21 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-01-14 17:21 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-09 16:24 - 2014-06-27 10:00 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\uTorrent
    2015-02-09 16:16 - 2014-06-27 09:19 - 01238213 _____ () C:\Windows\WindowsUpdate.log
    2015-02-09 16:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-02-09 10:09 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-02-09 09:19 - 2014-07-06 22:29 - 00000000 ____D () C:\ProgramData\MFAData
    2015-02-09 08:46 - 2014-06-27 11:17 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Adobe
    2015-02-09 08:35 - 2014-06-27 09:21 - 00000000 ____D () C:\Users\Rolinda
    2015-02-08 19:23 - 2014-02-14 18:26 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-08 19:20 - 2014-10-18 15:38 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Popcorn-Time
    2015-02-08 18:20 - 2014-06-27 09:27 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-856661239-2680828645-2770266133-1001
    2015-02-08 16:23 - 2014-06-27 11:28 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\Kodi
    2015-02-08 15:32 - 2014-06-28 16:39 - 00000000 ___RD () C:\Users\Rolinda\Dropbox
    2015-02-08 15:32 - 2014-06-28 16:37 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\Dropbox
    2015-02-08 15:32 - 2014-06-27 09:24 - 00000000 ___DO () C:\Users\Rolinda\SkyDrive
    2015-02-08 15:29 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-08 15:27 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2015-02-08 14:23 - 2014-06-27 18:37 - 00000000 ____D () C:\AdwCleaner
    2015-02-08 12:46 - 2014-08-30 12:48 - 00003188 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRolinda
    2015-02-08 12:46 - 2014-07-06 21:25 - 00000370 _____ () C:\Windows\Tasks\HPCeeScheduleForRolinda.job
    2015-02-07 18:01 - 2014-06-28 09:54 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-02-07 18:01 - 2014-06-28 09:54 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-02-07 08:24 - 2014-07-08 11:31 - 04125184 ___SH () C:\Users\Rolinda\Desktop\Thumbs.db
    2015-02-06 22:33 - 2014-06-27 13:13 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\12974
    2015-02-06 22:00 - 2014-06-27 10:35 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\DAEMON Tools Lite
    2015-02-06 21:59 - 2014-07-07 17:18 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\FileZilla
    2015-02-06 21:58 - 2013-08-26 07:57 - 00000000 ____D () C:\Windows\Panther
    2015-02-06 19:22 - 2014-07-21 12:13 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\Mozilla
    2015-02-06 12:18 - 2014-06-27 09:36 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-02-06 12:17 - 2014-06-27 09:35 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Deployment
    2015-02-06 11:06 - 2014-06-27 09:21 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Packages
    2015-02-06 10:51 - 2013-08-22 15:44 - 05176528 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-06 10:04 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-02-06 08:33 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2015-02-05 13:42 - 2013-10-26 05:44 - 00842182 _____ () C:\Windows\system32\perfh013.dat
    2015-02-05 13:42 - 2013-10-26 05:44 - 00178462 _____ () C:\Windows\system32\perfc013.dat
    2015-02-05 13:42 - 2013-08-26 07:09 - 01970564 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-04 15:41 - 2014-06-27 10:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-04 15:39 - 2013-08-22 14:25 - 00000301 _____ () C:\Windows\win.ini
    2015-02-04 15:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-02-04 11:33 - 2014-06-27 09:21 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\VirtualStore
    2015-02-04 11:27 - 2014-06-27 10:14 - 00000000 ___RD () C:\Alfa-College
    2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-03 14:45 - 2014-06-27 18:28 - 00000000 ____D () C:\Rolinda
    2015-02-03 14:08 - 2014-10-18 15:38 - 00002282 _____ () C:\Users\Rolinda\Desktop\Popcorn Time.lnk
    2015-02-03 09:30 - 2013-08-22 20:12 - 00000000 ____D () C:\Windows\ShellNew
    2015-02-03 09:15 - 2014-06-27 10:38 - 00000000 ____D () C:\Program Files\Microsoft Office
    2015-02-03 09:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
    2015-02-01 14:21 - 2013-10-25 20:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-02-01 14:20 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
    2015-01-27 16:44 - 2014-06-28 20:40 - 00000132 _____ () C:\Users\Rolinda\AppData\Roaming\Adobe PNG Format CC Prefs
    2015-01-27 16:03 - 2014-07-08 11:33 - 04499456 ___SH () C:\Users\Rolinda\Downloads\Thumbs.db
    2015-01-25 11:09 - 2014-10-18 15:21 - 00000958 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
    2015-01-25 11:09 - 2014-07-07 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2015-01-22 10:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-15 20:58 - 2014-06-29 15:54 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 20:51 - 2014-06-29 15:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
     
    ==================== Files in the root of some directories =======
     
    2014-06-28 20:40 - 2015-01-27 16:44 - 0000132 _____ () C:\Users\Rolinda\AppData\Roaming\Adobe PNG Format CC Prefs
    2014-07-09 10:28 - 2014-09-16 19:09 - 0001456 _____ () C:\Users\Rolinda\AppData\Local\Adobe Save for Web 13.0 Prefs
     
    Some content of TEMP:
    ====================
    C:\Users\Rolinda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2giped.dll
    C:\Users\Rolinda\AppData\Local\Temp\Quarantine.exe
    C:\Users\Rolinda\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-02-01 12:34
     
    ==================== End Of Log ============================
     
    Addition:
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
    Ran by Rolinda at 2015-02-09 16:26:10
    Running from C:\Users\Rolinda\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    µTorrent (HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
    ABN AMRO e.dentifier2 software (HKLM-x32\...\{55BF7E3E-F00A-4A3D-BB76-09228B35FFD6}) (Version: 02.00 - ABN AMRO BANK)
    Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
    Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
    Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
    AVG 2015 (Version: 15.0.4281 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Dropbox (HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    FileZilla Client 3.9.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.2 - Tim Kosse)
    Free Studio version 6.4.1.1215 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.1.1215 - DVDVideoSoft Ltd.)
    Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
    Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{8DD31D24-52CC-4DF7-AD21-E088EB48D902}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7051.4593 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden
    Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
    Kodi (HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\Kodi) (Version:  - XBMC-Foundation)
    Logic Gate Simulator (HKLM-x32\...\{846B9C6A-7CBA-47EF-9BBF-4C5F765CDCB6}) (Version: 1.1.0 - Steve Kollmansberger)
    Microsoft Office Language Pack 2013  - Dutch/Nederlands (HKLM\...\Office15.OMUI.nl-nl) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visio Language Pack 2013  - Dutch/Nederlands (HKLM\...\Office15.VisMUI.nl-nl) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 35.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 nl)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
    Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
    Ralink Bluetooth Stack64 (HKLM\...\{8A69F02D-A72B-AEE6-1CD3-6B05B9F9DD83}) (Version: 11.0.742.0 - Mediatek)
    Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.34.0 - Mediatek)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0055-0413-1000-0000000FF1CE}_Office15.VisMUI.nl-nl_{8D7561AF-505B-46A8-AB31-ADEBD0FFDE83}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0413-1000-0000000FF1CE}_Office15.OMUI.nl-nl_{DDC7BAC3-C5A2-4E24-A4B6-F1CB7C3AF4E4}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    Zona (HKLM-x32\...\Zona)) (Version:  - )
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
     
    ==================== Restore Points  =========================
     
    06-02-2015 10:47:19 Installed Oracle VM VirtualBox 4.3.20
    08-02-2015 19:23:10 Plex Media Server
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {155ABDEE-736F-4B05-A61A-96CC7403E110} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ROLINDA-LAPTOP-Rolinda Rolinda-Laptop => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
    Task: {1E2D9873-87A6-4106-8DB7-19480A64B743} - System32\Tasks\HPCeeScheduleForRolinda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
    Task: {2704C9ED-FCF8-484D-89AA-375FFF518DA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.)
    Task: {290E228B-599C-4B79-B422-FEC2B2345942} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-15] (Microsoft Corporation)
    Task: {29871374-12F2-4874-BC6A-B7A659244CAF} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
    Task: {3F4E107F-8DA3-4B87-8388-E5683F2E2891} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {4137A726-E18F-4D88-A572-2E32F4F34384} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
    Task: {45951856-5528-414F-8242-9467AA8A67E8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
    Task: {4AFC4ACD-D5F6-42E3-8728-58F76528E673} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.)
    Task: {5A33A785-207D-4759-944B-6B12E590044C} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=nl
    Task: {6CD8BBCD-FC8A-430C-8300-EF9E2ECF07FB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {7B9D802A-CA46-42B8-B464-53430617F930} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-r.olinda@live.nl => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
    Task: {837CD10F-0ACF-4C3E-931E-335616A065F9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {893D8856-7AFB-4F0A-A4EE-B7C8E7797BDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {A45363B5-18E2-4BA6-AD9F-0E56283BABF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {B8173F73-014C-45CF-98F1-0990D94A0ACD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {BCD8C40E-A94C-4DE7-B291-CF9CE5A90A54} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
    Task: {E3DCBF6C-664D-462D-9B58-B525EFF35AD0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
    Task: {EA9AE4DD-B4A3-4029-BD3B-BB4C6688C431} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
    Task: {EB430735-661E-4A7B-BDA0-541B1ED4D6EE} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForRolinda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\InstallShield Update Task.job => C:\Windows\system32\wscript.exe
    Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe
     
    ==================== Loaded Modules (whitelisted) ==============
     
    2013-09-26 10:26 - 2013-09-26 10:26 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    2013-09-26 10:32 - 2013-09-26 10:32 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
    2013-09-26 10:28 - 2013-09-26 10:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2013-09-26 10:25 - 2013-09-26 10:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2013-09-26 10:25 - 2013-09-26 10:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2013-09-26 10:25 - 2013-09-26 10:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2013-09-26 10:39 - 2013-09-26 10:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2013-09-26 10:39 - 2013-09-26 10:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2014-07-21 12:08 - 2014-07-21 12:08 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2013-09-26 10:34 - 2013-09-26 10:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2015-02-03 09:54 - 2015-02-03 09:54 - 00743936 _____ () C:\Program Files\WindowsApps\ActiproSoftwareLLC.562882FEEB491_2.4.15.15_neutral__24pqs290vpjk0\CodeWriter.exe
    2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-07-31 16:22 - 2014-07-31 16:22 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
    2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-02-08 15:31 - 2015-02-08 15:31 - 00043008 _____ () c:\users\rolinda\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2giped.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2015-02-06 12:18 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
    2015-02-06 12:18 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
    2014-02-14 18:42 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2015-02-06 12:18 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
    2015-02-06 12:18 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
    2014-02-14 18:17 - 2013-09-04 02:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00031368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
    2015-02-08 18:35 - 2015-02-08 18:35 - 01879040 _____ () C:\Users\Rolinda\AppData\Local\Packages\actiprosoftwarellc.562882feeb491_24pqs290vpjk0\AC\Microsoft\CLR_v4.0_32\NativeImages\CodeWriter\3320e2edebdbde6386d6f39fe03aaaaa\CodeWriter.ni.exe
    2014-11-07 19:29 - 2014-11-07 19:29 - 03530752 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
    2014-11-07 19:29 - 2014-11-07 19:29 - 00960000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
    2014-11-07 19:29 - 2014-11-07 19:29 - 01130496 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
    2014-11-07 19:29 - 2014-11-07 19:29 - 00133120 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll
    2014-11-07 19:29 - 2014-11-07 19:29 - 00808448 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
    2014-11-07 19:29 - 2014-11-07 19:29 - 00228864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
    2015-02-08 18:36 - 2015-02-08 18:36 - 00174592 _____ () C:\Users\Rolinda\AppData\Local\Packages\actiprosoftwarellc.562882feeb491_24pqs290vpjk0\AC\Microsoft\CLR_v4.0_32\NativeImages\GoogleAnalytics\b7710361e0b1d0ef7a885cccec5ac236\GoogleAnalytics.ni.dll
    2015-02-08 18:37 - 2015-02-08 18:37 - 00242176 _____ () C:\Users\Rolinda\AppData\Local\Packages\actiprosoftwarellc.562882feeb491_24pqs290vpjk0\AC\Microsoft\CLR_v4.0_32\NativeImages\GoogleAnalytics.Core\74f683133b0ce2e291909d4e4eae4c1a\GoogleAnalytics.Core.ni.dll
    2014-11-07 19:29 - 2014-11-07 19:29 - 00337920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll
    2015-02-08 18:31 - 2015-02-08 18:31 - 00304128 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
    2014-07-03 11:35 - 2014-07-03 11:35 - 01282048 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Users\Rolinda\SkyDrive:ms-properties
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
     
    ==================== EXE Association (whitelisted) ===============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== Other Registry Areas =====================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rolinda\Pictures\Foto's bewaren\Wallapapers\City-Lights-by-Night.jpg
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "vProt"
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\StartupApproved\StartupFolder: => "GamersFirst LIVE!.lnk"
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\StartupApproved\Run: => "Spotify Web Helper"
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-856661239-2680828645-2770266133-500 - Administrator - Disabled)
    Gast (S-1-5-21-856661239-2680828645-2770266133-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-856661239-2680828645-2770266133-1003 - Limited - Enabled)
    Rolinda (S-1-5-21-856661239-2680828645-2770266133-1001 - Administrator - Enabled) => C:\Users\Rolinda
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (02/08/2015 05:46:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005
     
    Error: (02/08/2015 02:33:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6594
     
    Error: (02/08/2015 02:33:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6594
     
    Error: (02/08/2015 02:33:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (02/08/2015 02:33:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 5219
     
    Error: (02/08/2015 02:33:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 5219
     
    Error: (02/08/2015 02:33:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (02/08/2015 02:33:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3875
     
    Error: (02/08/2015 02:33:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3875
     
    Error: (02/08/2015 02:33:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
     
    System errors:
    =============
    Error: (02/09/2015 10:51:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De CyberLink PowerDVD 12 Media Server Service-service is onverwacht beëindigd. Dit is nu 3 keer gebeurd.
     
    Error: (02/08/2015 10:09:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De CyberLink PowerDVD 12 Media Server Service-service is onverwacht beëindigd. Dit is nu 2 keer gebeurd.
     
    Error: (02/08/2015 03:41:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De CyberLink PowerDVD 12 Media Server Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
     
    Error: (02/08/2015 03:29:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: De McAfee Boot Delay Start Service-service kan vanwege de volgende fout niet worden gestart: 
    %%2
     
    Error: (02/08/2015 02:33:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De CyberLink PowerDVD 12 Media Server Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
     
    Error: (02/08/2015 02:25:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: De McAfee Boot Delay Start Service-service kan vanwege de volgende fout niet worden gestart: 
    %%2
     
    Error: (02/07/2015 08:17:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De CyberLink PowerDVD 12 Media Server Service-service is onverwacht beëindigd. Dit is nu 3 keer gebeurd.
     
    Error: (02/07/2015 09:33:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De CyberLink PowerDVD 12 Media Server Service-service is onverwacht beëindigd. Dit is nu 2 keer gebeurd.
     
    Error: (02/06/2015 10:51:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De CyberLink PowerDVD 12 Media Server Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (02/08/2015 05:46:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005
     
    Error: (02/08/2015 02:33:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 6594
     
    Error: (02/08/2015 02:33:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 6594
     
    Error: (02/08/2015 02:33:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (02/08/2015 02:33:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 5219
     
    Error: (02/08/2015 02:33:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 5219
     
    Error: (02/08/2015 02:33:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (02/08/2015 02:33:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3875
     
    Error: (02/08/2015 02:33:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3875
     
    Error: (02/08/2015 02:33:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
    Percentage of memory in use: 46%
    Total physical RAM: 8122.15 MB
    Available physical RAM: 4332.53 MB
    Total Pagefile: 14266.15 MB
    Available Pagefile: 9055.53 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB
     
    ==================== Drives ================================
     
    Drive c: (Windows) (Fixed) (Total:450.15 GB) (Free:314.3 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:14.84 GB) (Free:1.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive h: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:375.73 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 6D5A60D8)
     
    Partition: GPT Partition Type.
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F74F2D87)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================


    #4 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:08:15 AM

    Posted 09 February 2015 - 10:54 AM

    Download CKScanner by askey127 from Here & save it to your Desktop.
  • Doubleclick CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Please Run this program only once
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #5 Rollietjes

    Rollietjes
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:02:15 PM

    Posted 09 February 2015 - 11:11 AM

    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\adobe\adobe dreamweaver cc\configuration\taglibraries\html\keygen.vtm
    c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\serviceinfo.plist
    c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\url\crackle\servicecode.pys
    c:\rolinda\adobe illustrator cc 17.1 final multilanguage [chingliu]\crack\adobe.cc.anticloud.exe
    c:\rolinda\adobe illustrator cc 17.1 final multilanguage [chingliu]\crack\vr.nfo
    c:\rolinda\troep\photoshop\adobe photoshop cc 14.1 final multilanguage [chingliu]\crack\adobe.cc.anticloud.exe
    c:\rolinda\troep\photoshop\adobe photoshop cc 14.1 final multilanguage [chingliu]\crack\vr.nfo
    c:\users\rolinda\documents\edraw max 7.7.0.2761 + crack\edraw max 7.7.0.2761.tgz
    c:\users\rolinda\documents\edraw max 7.7.0.2761 + crack\torrent downloaded from extratorrent.com.txt
    c:\users\rolinda\documents\edraw max 7.7.0.2761 + crack\tracked_by_h33t_com.txt
    c:\users\rolinda\documents\edraw max 7.7.0.2761 + crack\edraw max\edrawmax_full.exe
    c:\users\rolinda\documents\edraw max 7.7.0.2761 + crack\edraw max\instructions.txt
    c:\users\rolinda\documents\edraw max 7.7.0.2761 + crack\edraw max\readme.url
    c:\users\rolinda\documents\edraw max 7.7.0.2761 + crack\edraw max\crack\addreg.reg
    c:\users\rolinda\documents\edraw max 7.7.0.2761 + crack\edraw max\crack\readme.url
    c:\users\rolinda\documents\edraw max 7.7.0.2761 + crack\edraw max\crack\user.cfg
    c:\users\rolinda\documents\microsoft toolkit 2.5.2 - windows & office kms activator\microsoft toolkit.exe
    scanner sequence 3.GJ.11.AMAPXZ
     ----- EOF ----- 


    #6 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:08:15 AM

    Posted 09 February 2015 - 11:47 AM

    Let me explain how you infected your computer and where we stand, you infected it by downloading illegal software via the torrents or kickass. The greater percentage of these programs contains malicious code of some sort. This forum as all the other malware removal forums do not support the use of illegal software, if this software infected your computer and I continued to help you remove the infection it could be construed in the eyes of the law as aiding and abetting a crime.

     

    If you want to continue cleaning up your system than I have to ask you to uninstall all the illegal stuff first, after you do run CKScanner again and post a new log. If you care not to uninstall any of those programs than its your call and this thread will be closed, let me know what you decide


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #7 Rollietjes

    Rollietjes
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:02:15 PM

    Posted 09 February 2015 - 12:13 PM

    CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\serviceinfo.plist
    c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\url\crackle\servicecode.pys
    scanner sequence 3.AA.11.LQLBP0
     ----- EOF ----- 


    #8 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:08:15 AM

    Posted 09 February 2015 - 01:00 PM

    Great, thanks for understanding.

     

    FYI     If you where sitting in my chair and aware of all the latest threats I think you would tend to be more careful, there are threats going around now that steal all your usernames and passwords  from sites you frequent, especially if you do any online banking. They can also steal Credit Card info, some of the latest threats encrypt all your documents so that you cant access them and hold them for ransom, the only way to get them back is to pay them and its not cheap. There are also threats that are so severe that it leaves no other choice but to format your drive and reinstall windows ...not nice.

     

    Run these in order please and post the log from each one

     

    Download MiniToolBox and save it to your desktop,  right click on it and select RUN AS ADMINISTRATOR
     
    Checkmark the following boxes:
    •  
    • Flush DNS 
    • Reset IE Proxy Settings 
     
     
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
     
     
    ==================================================================
     

     
    -AdwCleaner-by Xplode
     
    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
     
    Do not click on any links in the top Advertisment.
     
    •  
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
     
     
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    •  
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
     
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
    •  
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
     
     
    MBAMDashboard_zpsddef9b5f.gif
     
    •  
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
     

     


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #9 Rollietjes

    Rollietjes
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:02:15 PM

    Posted 09 February 2015 - 01:04 PM

    Thans for your help I appreciate it:) I will be more carefull.

     

    I have to go now, so I will do the other stuff later on the evening!



    #10 Rollietjes

    Rollietjes
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:02:15 PM

    Posted 09 February 2015 - 04:38 PM

    I already run some of the programs, so I think there is not that much to see..

     

    The logs:

     

    MiniToolBox by Farbar  Version: 30-11-2014
    Ran by Rolinda (administrator) on 09-02-2015 at 21:45:46
    Running from "C:\Users\Rolinda\Downloads"
    Microsoft Windows 8.1  (X64)
    Boot Mode: Normal
    ***************************************************************************
     
    ========================= Flush DNS: ===================================
     
    Windows IP Configuration
     
    Successfully flushed the DNS Resolver Cache.
     
    "Reset IE Proxy Settings": IE Proxy Settings were reset.
     
    **** End of log ****
     
    # AdwCleaner v4.110 - Logfile created 09/02/2015 at 21:49:35
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-09.1 [Server]
    # Operating system : Windows 8.1  (x64)
    # Username : Rolinda - ROLINDA-LAPTOP
    # Running from : C:\Users\Rolinda\Downloads\AdwCleaner.exe
    # Option : Cleaning
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
     
    ***** [ Scheduled tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 
     
    ***** [ Web browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17416
     
     
    -\\ Mozilla Firefox v35.0.1 (x86 nl)
     
     
    -\\ Google Chrome v40.0.2214.111
     
     
    -\\ Comodo Dragon v
     
     
    -\\ Chrome Canary v
     
     
    *************************
     
    AdwCleaner[R0].txt - [3747 bytes] - [27/06/2014 18:37:27]
    AdwCleaner[R1].txt - [1535 bytes] - [28/06/2014 12:29:45]
    AdwCleaner[R2].txt - [2342 bytes] - [28/06/2014 13:14:56]
    AdwCleaner[R3].txt - [10298 bytes] - [19/09/2014 18:24:08]
    AdwCleaner[R4].txt - [1582 bytes] - [14/10/2014 20:16:02]
    AdwCleaner[R5].txt - [1350 bytes] - [18/10/2014 19:27:48]
    AdwCleaner[R6].txt - [2934 bytes] - [06/02/2015 11:21:14]
    AdwCleaner[R7].txt - [1754 bytes] - [08/02/2015 14:22:12]
    AdwCleaner[R8].txt - [1868 bytes] - [09/02/2015 21:47:59]
    AdwCleaner[S0].txt - [3807 bytes] - [27/06/2014 18:38:18]
    AdwCleaner[S1].txt - [1609 bytes] - [28/06/2014 12:30:35]
    AdwCleaner[S2].txt - [2430 bytes] - [28/06/2014 13:15:40]
    AdwCleaner[S3].txt - [9687 bytes] - [19/09/2014 18:25:45]
    AdwCleaner[S4].txt - [1809 bytes] - [14/10/2014 20:17:49]
    AdwCleaner[S5].txt - [1479 bytes] - [18/10/2014 19:29:32]
    AdwCleaner[S6].txt - [2990 bytes] - [06/02/2015 11:23:21]
    AdwCleaner[S7].txt - [1822 bytes] - [08/02/2015 14:23:49]
    AdwCleaner[S8].txt - [1797 bytes] - [09/02/2015 21:49:35]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1856  bytes] ##########
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 8.1 x64
    Ran by Rolinda on ma 09-02-2015 at 21:56:17,30
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on ma 09-02-2015 at 22:03:39,00
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    '
     
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 9-2-2015
    Scan Time: 22:07:39
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.4.1028
    Malware Database: v2015.02.09.10
    Rootkit Database: v2015.02.03.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
     
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Rolinda
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 386938
    Time Elapsed: 29 min, 13 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 0
    (No malicious items detected)
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)


    #11 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:08:15 AM

    Posted 09 February 2015 - 04:58 PM

    Good, go ahead and reboot your computer so that anything that was removed will be sure to be removed,

     

    Running from C:\Users\Rolinda\Downloads <--- This is where your running FRST from, it runs better from the desktop , so go to your downloads folder and find FRST64, right click on it and select CUT, then come back to your desktop and right click on a blank space and select PASTE

     

     

    Than run a new scan with FRST, be sure to checkmark Additions and post both new logs please


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #12 Rollietjes

    Rollietjes
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:02:15 PM

    Posted 10 February 2015 - 03:04 AM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
    Ran by Rolinda (administrator) on ROLINDA-LAPTOP on 10-02-2015 09:02:20
    Running from C:\Users\Rolinda\Desktop
    Loaded Profiles: Rolinda (Available profiles: Rolinda)
    Platform: Windows 8.1 (X64) OS Language: Nederlands (Nederland)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Dropbox, Inc.) C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-14] (Realtek Semiconductor)
    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5142664 2014-12-21] (Plex, Inc.)
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\Run: [GoogleChromeAutoLaunch_EA0E8EB3DA63D6A361036FDA45F36674] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\MountPoints2: {7781d48c-fdd7-11e3-825e-54353036611c} - "H:\SETUP.EXE" 
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\MountPoints2: {95f190ff-a964-11e4-8292-54353036611c} - "F:\SETUP.EXE" 
    Startup: C:\Users\Rolinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    ProxyEnable: [HKLM] => ProxyEnable is set.
    ProxyEnable: [HKLM-x32] => ProxyEnable is set.
    ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-856661239-2680828645-2770266133-1001 -> {3AF9AAB8-1114-4B7E-9EAC-581960B0227E} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-856661239-2680828645-2770266133-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/1346-154357-12126-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 212.54.44.54 212.54.40.25
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Rolinda\AppData\Roaming\Mozilla\Firefox\Profiles\bd44bdb1.default
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @ABNAMRO/BECON,version=1.00 -> C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll (ABN AMRO)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
    FF Extension: Adblock Plus - C:\Users\Rolinda\AppData\Roaming\Mozilla\Firefox\Profiles\bd44bdb1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-06]
    FF HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
    FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-23]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=5&UP=SPF012BD59-D656-480F-92EB-1FA43388EA49&SSPV=
    CHR StartupUrls: Default -> "https://www.facebook.com/", "https://www.tumblr.com/dashboard", "https://twitter.com/", "hxxp://trakt.tv/", "https://www.youtube.com/", "https://www.encrypted.google.com/"
    CHR DefaultSearchKeyword: Default -> https://encrypted.google.com/
    CHR DefaultSuggestURL: Default -> 
    CHR Profile: C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Bejeweled) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-09-19]
    CHR Extension: (Angry Birds) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-09-19]
    CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-09-19]
    CHR Extension: (Google Documenten) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-19]
    CHR Extension: (Google Drive) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-19]
    CHR Extension: (YOUZEEK Free Music) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce [2014-09-19]
    CHR Extension: (YouTube) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-19]
    CHR Extension: (Google Cast) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-02-07]
    CHR Extension: (TVGiDS.tv) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocdjdnpjmkaaaangagmlnkcpfjkjfcn [2014-09-19]
    CHR Extension: (Adblock Plus) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-08]
    CHR Extension: (Google Zoeken) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-19]
    CHR Extension: (Go to IMDb) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fipkcplmpmhcmfgkgahliaabodplkjio [2014-09-19]
    CHR Extension: (XKit) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-09-19]
    CHR Extension: (World TV) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdejljjjgegbbgoopclmcaabkjlbcmdm [2014-09-19]
    CHR Extension: (Lunaria Story) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohldomknihdgjdinaabghnpnkjhkgcm [2014-09-19]
    CHR Extension: (Eye Dropper) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2014-09-19]
    CHR Extension: (WhatFont) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2014-09-19]
    CHR Extension: (Reddit Enhancement Suite) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-09-19]
    CHR Extension: (Hangouts) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-09-19]
    CHR Extension: (Google Wallet) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-27]
    CHR Extension: (Hover Zoom) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-09-19]
    CHR Extension: (Deezer) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2014-09-19]
    CHR Extension: (Bubble Santa) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbokbbbgkgifjmmbokbdiimcffphbgha [2014-09-19]
    CHR Extension: (Outlook.com) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-09-19]
    CHR Extension: (Gmail) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-19]
    CHR Profile: C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Presentaties) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-14]
    CHR Extension: (Google Documenten) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-14]
    CHR Extension: (Google Drive) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-14]
    CHR Extension: (YouTube) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-14]
    CHR Extension: (Google Zoeken) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-14]
    CHR Extension: (Google Spreadsheets) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-14]
    CHR Extension: (Google Wallet) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-14]
    CHR Extension: (Gmail) - C:\Users\Rolinda\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-14]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
    R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
    R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-21] (InstallShield®) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-21] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
    S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-29] (AVG Technologies)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    S3 e.dentifier2; C:\Windows\system32\DRIVERS\aabed2.sys [28672 2008-03-20] (Todos Data System AB)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
    R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-08-22] (Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
    S3 stdpms; C:\Windows\System32\drivers\stdpms.sys [28904 2014-10-22] (Splashtop Inc.)
    S3 tapSF0901; C:\Windows\system32\DRIVERS\tapSF0901.sys [39104 2014-07-11] (Spotflux, Inc.)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    U3 McMPFSvc; No ImagePath
    U3 McNaiAnn; No ImagePath
    U3 mcpltsvc; No ImagePath
    U3 McProxy; No ImagePath
    U3 mfecore; No ImagePath
    U3 MSK80Service; No ImagePath
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-10 09:02 - 2015-02-10 09:02 - 02132992 _____ (Farbar) C:\Users\Rolinda\Desktop\FRST64.exe
    2015-02-10 09:02 - 2015-02-10 09:02 - 00028159 _____ () C:\Users\Rolinda\Desktop\FRST.txt
    2015-02-10 08:57 - 2015-02-10 09:02 - 00000000 ____D () C:\FRST
    2015-02-09 22:04 - 2015-02-09 22:04 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Rolinda\Downloads\mbam-setup-2.0.4.1028.exe
    2015-02-09 21:55 - 2015-02-09 21:55 - 01388274 _____ (Thisisu) C:\Users\Rolinda\Downloads\JRT.exe
    2015-02-09 21:46 - 2015-02-09 21:46 - 02112512 _____ () C:\Users\Rolinda\Downloads\AdwCleaner.exe
    2015-02-09 21:45 - 2015-02-09 21:45 - 00401920 _____ (Farbar) C:\Users\Rolinda\Downloads\MiniToolBox.exe
    2015-02-09 21:45 - 2015-02-09 21:45 - 00000510 _____ () C:\Users\Rolinda\Downloads\Result.txt
    2015-02-09 18:25 - 2015-02-09 18:25 - 00090401 _____ () C:\Users\Rolinda\Downloads\[kickass.to]the.other.guys.2010.1080p.bluray.x264.metis.torrent
    2015-02-09 18:22 - 2015-02-09 18:22 - 00008953 _____ () C:\Users\Rolinda\Downloads\[kickass.to]son.of.a.gun.2014.720p.brrip.x264.yify.torrent
    2015-02-09 18:13 - 2015-02-09 18:13 - 00000437 _____ () C:\Users\Rolinda\Downloads\ckfiles.txt
    2015-02-09 18:12 - 2015-02-09 18:12 - 00468480 _____ () C:\Users\Rolinda\Downloads\CKScanner.exe
    2015-02-09 08:35 - 2015-02-09 08:35 - 00000245 _____ () C:\Users\Rolinda\.swfinfo
    2015-02-08 19:25 - 2015-02-08 19:37 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Plex Media Server
    2015-02-08 19:25 - 2015-02-08 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
    2015-02-08 19:24 - 2015-02-08 19:24 - 00000000 ____D () C:\Program Files (x86)\Plex
    2015-02-06 22:35 - 2015-02-09 21:50 - 00000464 _____ () C:\Windows\setupact.log
    2015-02-06 22:35 - 2015-02-06 22:35 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-06 22:34 - 2015-02-08 14:25 - 00000958 _____ () C:\Windows\PFRO.log
    2015-02-06 19:22 - 2015-02-06 19:22 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-02-06 19:22 - 2015-02-06 19:22 - 00001126 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-02-06 19:22 - 2015-02-06 19:22 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Mozilla
    2015-02-06 19:22 - 2015-02-06 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-02-06 12:53 - 2015-02-06 12:53 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\SUPERAntiSpyware.com
    2015-02-06 12:52 - 2015-02-06 12:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2015-02-06 12:18 - 2015-02-06 12:18 - 00002262 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-06 12:18 - 2015-02-06 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-02-06 12:17 - 2015-02-09 22:22 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-06 12:17 - 2015-02-09 21:51 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-06 12:17 - 2015-02-06 12:17 - 00004060 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-06 12:17 - 2015-02-06 12:17 - 00003824 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-06 11:29 - 2015-02-06 11:29 - 00000000 __SHD () C:\Users\Rolinda\AppData\Local\EmieBrowserModeList
    2015-02-06 11:12 - 2015-02-06 11:12 - 00003053 _____ () C:\Users\Rolinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logic Gate Simulator.lnk
    2015-02-06 11:12 - 2015-02-06 11:12 - 00000000 ____D () C:\Program Files (x86)\Steve Kollmansberger
    2015-02-06 10:48 - 2015-02-06 10:48 - 00001059 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
    2015-02-06 10:48 - 2015-02-06 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
    2015-02-06 10:48 - 2015-02-06 10:48 - 00000000 ____D () C:\Program Files\Oracle
    2015-02-06 10:48 - 2014-11-24 12:07 - 00916024 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
    2015-02-06 10:48 - 2014-11-24 12:07 - 00128080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
    2015-02-06 09:34 - 2015-02-09 22:17 - 00005064 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ROLINDA-LAPTOP-Rolinda Rolinda-Laptop
    2015-02-06 08:30 - 2015-02-09 21:53 - 00000000 ____D () C:\Users\Rolinda\Documents\Youcam
    2015-02-05 15:41 - 2015-02-06 22:00 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\TeamViewer
    2015-02-05 10:33 - 2015-02-05 10:33 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\Thunderbird
    2015-02-05 10:33 - 2015-02-05 10:33 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Thunderbird
    2015-02-05 10:33 - 2015-02-05 10:33 - 00000000 ____D () C:\ProgramData\Mozilla
    2015-02-05 09:29 - 2015-02-05 20:37 - 00000000 ____D () C:\Users\Rolinda\Documents\Outlook-bestanden
    2015-02-04 15:08 - 2015-02-06 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-04 11:20 - 2015-02-06 10:57 - 00000000 ____D () C:\Users\Rolinda\VirtualBox VMs
    2015-02-04 10:40 - 2015-02-06 10:57 - 00000000 ____D () C:\Users\Rolinda\.VirtualBox
    2015-02-03 14:52 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2015-02-03 14:52 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2015-02-03 14:51 - 2015-02-03 14:51 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
    2015-02-03 14:51 - 2015-02-03 14:51 - 00000000 ____D () C:\Program Files (x86)\Kodi
    2015-02-03 14:08 - 2015-02-03 14:08 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
    2015-02-03 14:07 - 2015-02-03 14:13 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Popcorn Time
    2015-02-03 09:43 - 2015-02-03 12:00 - 00000506 _____ () C:\Windows\Tasks\InstallShield Update Task.job
    2015-02-03 09:43 - 2015-02-03 09:43 - 00003252 _____ () C:\Windows\System32\Tasks\InstallShield Update Task
    2015-02-03 09:43 - 2015-02-03 09:43 - 00000000 ____D () C:\Program Files (x86)\InstallShield
    2015-02-03 09:31 - 2015-02-03 09:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
    2015-02-03 09:19 - 2015-02-04 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-02-03 09:18 - 2015-02-03 09:18 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
    2015-02-03 09:17 - 2015-02-03 09:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
    2015-02-03 09:15 - 2015-02-03 09:17 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
    2015-02-03 09:12 - 2015-02-03 09:12 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
    2015-02-03 09:12 - 2015-02-03 09:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
    2015-02-03 09:11 - 2015-02-03 09:11 - 00000000 __RHD () C:\MSOCache
    2015-02-02 12:05 - 2015-02-02 12:05 - 00000000 ____D () C:\Users\Rolinda\Documents\Aangepaste Office-sjablonen
    2015-01-25 19:45 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2015-01-25 19:45 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
    2015-01-25 18:56 - 2015-01-28 19:47 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
    2015-01-14 17:21 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 17:21 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 17:21 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
    2015-01-14 17:21 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-01-14 17:21 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2015-01-14 17:21 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
    2015-01-14 17:21 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-01-14 17:21 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 17:21 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
    2015-01-14 17:21 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
    2015-01-14 17:21 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2015-01-14 17:21 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-01-14 17:21 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-01-14 17:21 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-01-14 17:21 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-01-14 17:21 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
    2015-01-14 17:21 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2015-01-14 17:21 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-01-14 17:21 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-01-14 17:21 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-01-14 17:21 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
    2015-01-14 17:21 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
    2015-01-14 17:21 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-01-14 17:21 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-01-14 17:21 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-10 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-02-10 08:59 - 2014-07-06 22:29 - 00000000 ____D () C:\ProgramData\MFAData
    2015-02-10 08:58 - 2014-06-27 09:27 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-856661239-2680828645-2770266133-1001
    2015-02-10 08:53 - 2014-06-27 09:19 - 01458786 _____ () C:\Windows\WindowsUpdate.log
    2015-02-09 21:54 - 2014-06-28 16:39 - 00000000 ___RD () C:\Users\Rolinda\Dropbox
    2015-02-09 21:54 - 2014-06-28 16:37 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\Dropbox
    2015-02-09 21:53 - 2014-06-27 09:24 - 00000000 ___DO () C:\Users\Rolinda\SkyDrive
    2015-02-09 21:50 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-09 21:50 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
    2015-02-09 21:49 - 2014-06-27 18:37 - 00000000 ____D () C:\AdwCleaner
    2015-02-09 21:47 - 2014-06-27 10:00 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\uTorrent
    2015-02-09 18:55 - 2014-10-18 15:38 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Popcorn-Time
    2015-02-09 18:12 - 2014-06-27 18:28 - 00000000 ____D () C:\Rolinda
    2015-02-09 18:08 - 2014-06-27 11:18 - 00000000 ____D () C:\ProgramData\Adobe
    2015-02-09 18:06 - 2014-06-27 13:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-02-09 10:09 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-02-09 08:46 - 2014-06-27 11:17 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Adobe
    2015-02-09 08:35 - 2014-06-27 09:21 - 00000000 ____D () C:\Users\Rolinda
    2015-02-08 19:23 - 2014-02-14 18:26 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-08 16:23 - 2014-06-27 11:28 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\Kodi
    2015-02-08 12:46 - 2014-08-30 12:48 - 00003188 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRolinda
    2015-02-08 12:46 - 2014-07-06 21:25 - 00000370 _____ () C:\Windows\Tasks\HPCeeScheduleForRolinda.job
    2015-02-07 18:01 - 2014-06-28 09:54 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-02-07 18:01 - 2014-06-28 09:54 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-02-07 08:24 - 2014-07-08 11:31 - 04125184 ___SH () C:\Users\Rolinda\Desktop\Thumbs.db
    2015-02-06 22:33 - 2014-06-27 13:13 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\12974
    2015-02-06 22:00 - 2014-06-27 10:35 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\DAEMON Tools Lite
    2015-02-06 21:59 - 2014-07-07 17:18 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\FileZilla
    2015-02-06 21:58 - 2013-08-26 07:57 - 00000000 ____D () C:\Windows\Panther
    2015-02-06 19:22 - 2014-07-21 12:13 - 00000000 ____D () C:\Users\Rolinda\AppData\Roaming\Mozilla
    2015-02-06 12:18 - 2014-06-27 09:36 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-02-06 12:17 - 2014-06-27 09:35 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Deployment
    2015-02-06 11:06 - 2014-06-27 09:21 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\Packages
    2015-02-06 10:51 - 2013-08-22 15:44 - 05176528 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-06 10:04 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-02-06 08:33 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2015-02-05 13:42 - 2013-10-26 05:44 - 00842182 _____ () C:\Windows\system32\perfh013.dat
    2015-02-05 13:42 - 2013-10-26 05:44 - 00178462 _____ () C:\Windows\system32\perfc013.dat
    2015-02-05 13:42 - 2013-08-26 07:09 - 01970564 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-04 15:41 - 2014-06-27 10:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-04 15:39 - 2013-08-22 14:25 - 00000301 _____ () C:\Windows\win.ini
    2015-02-04 15:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-02-04 11:33 - 2014-06-27 09:21 - 00000000 ____D () C:\Users\Rolinda\AppData\Local\VirtualStore
    2015-02-04 11:27 - 2014-06-27 10:14 - 00000000 ___RD () C:\Alfa-College
    2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-03 14:08 - 2014-10-18 15:38 - 00002282 _____ () C:\Users\Rolinda\Desktop\Popcorn Time.lnk
    2015-02-03 09:30 - 2013-08-22 20:12 - 00000000 ____D () C:\Windows\ShellNew
    2015-02-03 09:15 - 2014-06-27 10:38 - 00000000 ____D () C:\Program Files\Microsoft Office
    2015-02-03 09:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
    2015-02-01 14:21 - 2013-10-25 20:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-02-01 14:20 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
    2015-01-27 16:44 - 2014-06-28 20:40 - 00000132 _____ () C:\Users\Rolinda\AppData\Roaming\Adobe PNG Format CC Prefs
    2015-01-27 16:03 - 2014-07-08 11:33 - 04499456 ___SH () C:\Users\Rolinda\Downloads\Thumbs.db
    2015-01-25 11:09 - 2014-10-18 15:21 - 00000958 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
    2015-01-25 11:09 - 2014-07-07 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2015-01-22 10:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-15 20:58 - 2014-06-29 15:54 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 20:51 - 2014-06-29 15:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
     
    ==================== Files in the root of some directories =======
     
    2014-06-28 20:40 - 2015-01-27 16:44 - 0000132 _____ () C:\Users\Rolinda\AppData\Roaming\Adobe PNG Format CC Prefs
    2014-07-09 10:28 - 2014-09-16 19:09 - 0001456 _____ () C:\Users\Rolinda\AppData\Local\Adobe Save for Web 13.0 Prefs
     
    Some content of TEMP:
    ====================
    C:\Users\Rolinda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwu7tcw.dll
    C:\Users\Rolinda\AppData\Local\Temp\Quarantine.exe
    C:\Users\Rolinda\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-02-01 12:34
     
    ==================== End Of Log ============================
     
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
    Ran by Rolinda at 2015-02-10 09:02:52
    Running from C:\Users\Rolinda\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    µTorrent (HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
    ABN AMRO e.dentifier2 software (HKLM-x32\...\{55BF7E3E-F00A-4A3D-BB76-09228B35FFD6}) (Version: 02.00 - ABN AMRO BANK)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
    AVG 2015 (Version: 15.0.4284 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Dropbox (HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    FileZilla Client 3.9.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.2 - Tim Kosse)
    Free Studio version 6.4.1.1215 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.1.1215 - DVDVideoSoft Ltd.)
    Free YouTube Download version 3.2.49.1111 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1111 - DVDVideoSoft Ltd.)
    Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
    HP Connected Music (Meridian - player) (HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{8DD31D24-52CC-4DF7-AD21-E088EB48D902}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7051.4593 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden
    Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
    Kodi (HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\Kodi) (Version:  - XBMC-Foundation)
    Logic Gate Simulator (HKLM-x32\...\{846B9C6A-7CBA-47EF-9BBF-4C5F765CDCB6}) (Version: 1.1.0 - Steve Kollmansberger)
    Microsoft Office Language Pack 2013  - Dutch/Nederlands (HKLM\...\Office15.OMUI.nl-nl) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visio Language Pack 2013  - Dutch/Nederlands (HKLM\...\Office15.VisMUI.nl-nl) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 35.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 nl)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
    Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Plex Media Server (HKLM-x32\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.1107 - Plex, Inc.) Hidden
    Ralink Bluetooth Stack64 (HKLM\...\{8A69F02D-A72B-AEE6-1CD3-6B05B9F9DD83}) (Version: 11.0.742.0 - Mediatek)
    Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.34.0 - Mediatek)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0055-0413-1000-0000000FF1CE}_Office15.VisMUI.nl-nl_{8D7561AF-505B-46A8-AB31-ADEBD0FFDE83}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0413-1000-0000000FF1CE}_Office15.OMUI.nl-nl_{DDC7BAC3-C5A2-4E24-A4B6-F1CB7C3AF4E4}) (Version:  - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    Zona (HKLM-x32\...\Zona)) (Version:  - )
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-856661239-2680828645-2770266133-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
     
    ==================== Restore Points  =========================
     
    08-02-2015 19:23:10 Plex Media Server
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {155ABDEE-736F-4B05-A61A-96CC7403E110} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ROLINDA-LAPTOP-Rolinda Rolinda-Laptop => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
    Task: {1E2D9873-87A6-4106-8DB7-19480A64B743} - System32\Tasks\HPCeeScheduleForRolinda => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
    Task: {2704C9ED-FCF8-484D-89AA-375FFF518DA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.)
    Task: {29871374-12F2-4874-BC6A-B7A659244CAF} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
    Task: {3F4E107F-8DA3-4B87-8388-E5683F2E2891} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {4137A726-E18F-4D88-A572-2E32F4F34384} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
    Task: {45951856-5528-414F-8242-9467AA8A67E8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
    Task: {4AFC4ACD-D5F6-42E3-8728-58F76528E673} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.)
    Task: {5A33A785-207D-4759-944B-6B12E590044C} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=nl
    Task: {6CD8BBCD-FC8A-430C-8300-EF9E2ECF07FB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {837CD10F-0ACF-4C3E-931E-335616A065F9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {893D8856-7AFB-4F0A-A4EE-B7C8E7797BDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {A45363B5-18E2-4BA6-AD9F-0E56283BABF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {B8173F73-014C-45CF-98F1-0990D94A0ACD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {BCD8C40E-A94C-4DE7-B291-CF9CE5A90A54} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
    Task: {E3DCBF6C-664D-462D-9B58-B525EFF35AD0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
    Task: {EA9AE4DD-B4A3-4029-BD3B-BB4C6688C431} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
    Task: {EB430735-661E-4A7B-BDA0-541B1ED4D6EE} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
    Task: {FD04CB4A-AFB9-492A-BF97-9EE32D8BE6CD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-15] (Microsoft Corporation)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForRolinda.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\InstallShield Update Task.job => C:\Windows\system32\wscript.exe
    Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe
     
    ==================== Loaded Modules (whitelisted) ==============
     
    2013-09-26 10:26 - 2013-09-26 10:26 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    2013-09-26 10:32 - 2013-09-26 10:32 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
    2013-09-26 10:28 - 2013-09-26 10:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2013-09-26 10:25 - 2013-09-26 10:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2013-09-26 10:25 - 2013-09-26 10:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2013-09-26 10:25 - 2013-09-26 10:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2013-09-26 10:39 - 2013-09-26 10:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2013-09-26 10:39 - 2013-09-26 10:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2014-07-21 12:08 - 2014-07-21 12:08 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2013-09-26 10:34 - 2013-09-26 10:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
    2014-02-14 18:42 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-02-09 21:52 - 2015-02-09 21:52 - 00043008 _____ () c:\users\rolinda\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwu7tcw.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Rolinda\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
    2014-12-21 22:31 - 2014-12-21 22:31 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
    2014-02-14 18:17 - 2013-09-04 02:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
    2014-12-21 22:31 - 2014-12-21 22:31 - 00031368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
    2014-07-31 16:22 - 2014-07-31 16:22 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
    2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
    2015-02-06 12:18 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
    2015-02-06 12:18 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
    2015-02-06 12:18 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
    2015-02-06 12:18 - 2015-02-04 10:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Users\Rolinda\SkyDrive:ms-properties
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
     
    ==================== EXE Association (whitelisted) ===============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== Other Registry Areas =====================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rolinda\Pictures\Foto's bewaren\Wallapapers\City-Lights-by-Night.jpg
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "vProt"
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\StartupApproved\StartupFolder: => "GamersFirst LIVE!.lnk"
    HKU\S-1-5-21-856661239-2680828645-2770266133-1001\...\StartupApproved\Run: => "Spotify Web Helper"
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-856661239-2680828645-2770266133-500 - Administrator - Disabled)
    Gast (S-1-5-21-856661239-2680828645-2770266133-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-856661239-2680828645-2770266133-1003 - Limited - Enabled)
    Rolinda (S-1-5-21-856661239-2680828645-2770266133-1001 - Administrator - Enabled) => C:\Users\Rolinda
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (02/09/2015 10:37:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROLINDA-LAPTOP)
    Description: Het activeren van de app winstore_cw5n1h2txyewy!Windows.Store is mislukt door de fout -2144927151. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie.
     
    Error: (02/09/2015 10:06:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROLINDA-LAPTOP)
    Description: Het activeren van de app winstore_cw5n1h2txyewy!Windows.Store is mislukt door de fout -2144927151. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie.
     
     
    System errors:
    =============
    Error: (02/10/2015 09:03:07 AM) (Source: DCOM) (EventID: 10010) (User: ROLINDA-LAPTOP)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (02/10/2015 09:02:37 AM) (Source: DCOM) (EventID: 10010) (User: ROLINDA-LAPTOP)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (02/10/2015 08:59:10 AM) (Source: DCOM) (EventID: 10010) (User: ROLINDA-LAPTOP)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (02/10/2015 08:58:40 AM) (Source: DCOM) (EventID: 10010) (User: ROLINDA-LAPTOP)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (02/10/2015 08:58:10 AM) (Source: DCOM) (EventID: 10010) (User: ROLINDA-LAPTOP)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (02/10/2015 08:57:40 AM) (Source: DCOM) (EventID: 10010) (User: ROLINDA-LAPTOP)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (02/10/2015 08:57:10 AM) (Source: DCOM) (EventID: 10010) (User: ROLINDA-LAPTOP)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (02/10/2015 08:56:40 AM) (Source: DCOM) (EventID: 10010) (User: ROLINDA-LAPTOP)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (02/09/2015 10:39:09 PM) (Source: disk) (EventID: 11) (User: )
    Description: Het stuurprogramma heeft een controllerfout gevonden in \Device\Harddisk1\DR1.
     
    Error: (02/09/2015 10:39:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: De CyberLink PowerDVD 12 Media Server Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (02/09/2015 10:37:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROLINDA-LAPTOP)
    Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151
     
    Error: (02/09/2015 10:06:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROLINDA-LAPTOP)
    Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
    Percentage of memory in use: 39%
    Total physical RAM: 8122.15 MB
    Available physical RAM: 4877.1 MB
    Total Pagefile: 14266.15 MB
    Available Pagefile: 10402.95 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB
     
    ==================== Drives ================================
     
    Drive c: (Windows) (Fixed) (Total:450.15 GB) (Free:351.21 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:14.84 GB) (Free:1.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive h: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:335.34 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 6D5A60D8)
     
    Partition: GPT Partition Type.
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F74F2D87)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================


    #13 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:08:15 AM

    Posted 10 February 2015 - 08:31 AM

    Task: {EA9AE4DD-B4A3-4029-BD3B-BB4C6688C431} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

     

    AutoKMS.exe is a malware technically classified as HackTool. AutoKMS crack software can be used to crack or patch unregistered copies of Microsoft Office.


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #14 Rollietjes

    Rollietjes
    • Topic Starter

    • Members
    • 18 posts
    • OFFLINE
    •  
    • Local time:02:15 PM

    Posted 10 February 2015 - 08:37 AM

    It's an empty folder..



    #15 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:08:15 AM

    Posted 10 February 2015 - 08:45 AM

    What folder is empty ?  Do you have a paid license for Microsoft Office ??


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users