Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help


  • This topic is locked This topic is locked
8 replies to this topic

#1 Theagle

Theagle

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 25 August 2015 - 03:32 PM

Need help with my computer, my internet broke again after malware removal.
I already tried alot of things, this is a new frst file last made

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:02-08-2015 01
Gestart door Theagle (Beheerder) op THEAGLE-PC (25-08-2015 22:21:21)
Gestart vanaf C:\Users\Theagle\Desktop
Geladen Profielen: Theagle (Beschikbare Profielen: Theagle)
Platform: Windows 7 Professional (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 8 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processen (gefilterd) =================

(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)

(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe


==================== Register (gefilterd) ==================

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Beleid restrictie <======= AANDACHT

==================== Internet (gefilterd) ====================

(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-634205993-3993676356-899950619-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/nl-nl/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-29] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-29] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{57AA3F2E-632E-4716-9321-013152E43953}: [NameServer] 199.203.131.150,82.163.143.168
Tcpip\..\Interfaces\{57AA3F2E-632E-4716-9321-013152E43953}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{76988586-C83C-4A9E-AF11-E43098373AA0}: [NameServer] 199.203.131.150,82.163.143.168
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-29] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-06-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Theagle\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-634205993-3993676356-899950619-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-08-25] ()

Chrome:
=======
CHR Profile: C:\Users\Theagle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Theagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-16]
CHR Extension: (Google Docs) - C:\Users\Theagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-16]
CHR Extension: (Google Drive) - C:\Users\Theagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-16]
CHR Extension: (YouTube) - C:\Users\Theagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-16]
CHR Extension: (Google Search) - C:\Users\Theagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-16]
CHR Extension: (Google Sheets) - C:\Users\Theagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Theagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]
CHR Extension: (Gmail) - C:\Users\Theagle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-16]

==================== Services (gefilterd) ========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [Bestand niet getekend]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-08-25] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [796624 2015-07-14] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (gefilterd) ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [8704 2015-06-01] (Windows ® Win 7 DDK provider) [Bestand niet getekend]
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [32792 2015-06-01] (SteelSeries ApS)
S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [43616 2015-06-01] (SteelSeries ApS)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)

==================== NetSvcs (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)


==================== Een Maand Aangemaakt bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2015-08-25 22:21 - 2015-08-25 22:21 - 00008525 _____ C:\Users\Theagle\Desktop\FRST.txt
2015-08-25 22:00 - 2015-08-25 21:58 - 01282568 ____N (Avira Operations GmbH & Co. KG) C:\Users\Theagle\Desktop\AviraDNSRepairEN.exe
2015-08-25 21:59 - 2015-08-25 21:59 - 00991232 ____N C:\Users\Theagle\Desktop\MicrosoftFixit50267.msi
2015-08-25 18:18 - 2015-08-25 18:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-25 18:17 - 2015-08-25 18:16 - 16563304 ____N (Malwarebytes Corp.) C:\Users\Theagle\Desktop\mbar-1.09.2.1008 (1).exe
2015-08-25 18:16 - 2015-08-25 18:15 - 16408221 ____N C:\Users\Theagle\Desktop\mbar-1.09.2.1008-1.exe
2015-08-25 18:14 - 2015-08-25 18:08 - 16408221 ____N (Malwarebytes Corp.) C:\Users\Theagle\Desktop\mbar-1.09.2.1008.exe
2015-08-25 18:12 - 2015-08-25 18:31 - 00000000 ____D C:\Users\Theagle\Desktop\mbar
2015-08-25 18:03 - 2015-08-25 21:56 - 00002992 _____ C:\Users\Theagle\Desktop\FSS.txt
2015-08-25 18:03 - 2015-08-25 18:01 - 00899072 ____N (Farbar) C:\Users\Theagle\Desktop\FSS.exe
2015-08-25 18:00 - 2015-08-25 18:00 - 00000269 _____ C:\Users\Theagle\Desktop\reset.bat
2015-08-25 17:34 - 2015-08-25 17:34 - 00022162 _____ C:\Windows\System32\Tasks\DNSMOHAWK
2015-08-25 17:34 - 2015-08-25 17:34 - 00003992 _____ C:\Windows\System32\Tasks\LaunchPreSignup
2015-08-25 17:34 - 2015-08-25 17:34 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2015-08-25 17:02 - 2015-08-25 17:02 - 00282512 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-08-25 17:02 - 2015-08-25 17:02 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2015-08-25 17:02 - 2015-08-25 17:02 - 00000000 ____D C:\Users\Theagle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-08-25 17:02 - 2015-08-25 17:02 - 00000000 ____D C:\Users\Theagle\AppData\Local\Ubisoft Game Launcher
2015-08-25 17:01 - 2015-08-25 17:02 - 00001208 _____ C:\Users\Theagle\Desktop\Uplay.lnk
2015-08-25 17:01 - 2015-08-25 17:01 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-08-17 12:18 - 2015-08-17 12:18 - 00000000 ____D C:\Users\Theagle\AppData\Local\Blizzard
2015-08-17 12:11 - 2015-08-17 12:11 - 00000941 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2015-08-17 12:11 - 2015-08-17 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-08-07 17:30 - 2015-08-07 17:31 - 00000000 ____D C:\Users\Theagle\Documents\StarCraft II Beta
2015-08-05 21:45 - 2015-08-05 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-08-05 21:45 - 2015-08-05 21:45 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-08-05 21:45 - 2015-08-03 12:12 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-08-05 17:57 - 2015-08-05 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2015-08-05 17:57 - 2015-08-05 17:57 - 00000000 ____D C:\Program Files\AutoHotkey
2015-08-05 17:55 - 2015-08-05 17:55 - 02869078 _____ C:\Users\Theagle\Downloads\AutoHotkey112203_Install.exe
2015-08-05 17:52 - 2015-08-05 17:52 - 00061440 _____ (Gary's Hood) C:\Users\Theagle\Downloads\rsclient.exe
2015-08-04 22:24 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-04 22:24 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-04 22:24 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-04 22:24 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-04 22:24 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-04 22:24 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-04 22:24 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-04 22:23 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-04 22:23 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-04 22:21 - 2015-08-25 17:34 - 00000000 ____D C:\Program Files (x86)\SegmentBooster
2015-08-04 22:17 - 2015-08-04 22:17 - 00353959 _____ C:\Users\Theagle\Downloads\MicrosoftFixit20140.mini.diagcab
2015-08-04 22:16 - 2015-08-04 22:16 - 00000538 _____ C:\DelFix.txt
2015-08-04 22:07 - 2015-08-25 22:21 - 00000000 ____D C:\FRST
2015-08-04 22:06 - 2015-08-04 22:07 - 02169856 ____N (Farbar) C:\Users\Theagle\Desktop\FRST64.exe
2015-08-04 21:45 - 2015-08-04 21:46 - 00000000 ____D C:\Users\Theagle\AppData\Roaming\Tunngle
2015-08-04 21:45 - 2015-08-04 21:46 - 00000000 ____D C:\Program Files (x86)\Tunngle
2015-08-04 21:45 - 2015-08-04 21:45 - 00000998 _____ C:\Users\Public\Desktop\Tunngle.lnk
2015-08-04 21:45 - 2015-08-04 21:45 - 00000000 ____D C:\Users\Theagle\Documents\Tunngle
2015-08-04 21:45 - 2015-08-04 21:45 - 00000000 ____D C:\Users\Public\Documents\Tunngle
2015-08-04 21:45 - 2015-08-04 21:45 - 00000000 ____D C:\ProgramData\Tunngle
2015-08-04 21:45 - 2015-08-04 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-08-04 21:45 - 2009-09-16 08:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2015-08-04 21:43 - 2015-08-04 21:43 - 04813584 _____ (Tunngle.net GmbH ) C:\Users\Theagle\Downloads\Tunngle_Setup_v5.3.exe
2015-08-04 21:36 - 2015-08-25 22:18 - 00000000 ____D C:\Users\Theagle\AppData\Local\LogMeIn Hamachi
2015-08-03 11:01 - 2015-08-03 11:02 - 747596686 _____ C:\Users\Theagle\Downloads\CSS_Content_Addon-Jan2015.zip
2015-08-03 10:57 - 2015-08-03 10:57 - 00530820 _____ C:\Users\Theagle\Downloads\CSS_Content_Addon-Jan2015.zip.zip
2015-07-30 13:13 - 2015-07-30 13:13 - 00000000 ____D C:\Users\Theagle\AppData\Roaming\Curse Client
2015-07-28 18:53 - 2015-07-28 18:53 - 00000000 ____D C:\Users\Theagle\Documents\RCT3
2015-07-28 18:53 - 2015-07-28 18:53 - 00000000 ____D C:\Users\Theagle\AppData\Roaming\Atari
2015-07-28 18:24 - 2015-07-28 18:24 - 00000000 ____D C:\Program Files (x86)\Portable
2015-07-27 16:13 - 2015-07-27 16:13 - 00000000 ____D C:\Users\Theagle\AppData\Roaming\SmartSteamEmu

==================== Een Maand Gewijzigd bestanden en mappen ========

(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)

2015-08-25 22:21 - 2015-05-16 18:47 - 00566293 _____ C:\Windows\WindowsUpdate.log
2015-08-25 22:18 - 2015-07-12 19:06 - 00000346 ____H C:\Windows\Tasks\UHIUUFDXVNBFQMWD.job
2015-08-25 22:18 - 2015-07-12 19:06 - 00000340 _____ C:\Windows\Tasks\NLSAGZR1.job
2015-08-25 22:18 - 2015-07-12 19:04 - 00000994 _____ C:\Windows\Tasks\wPSCsz0.job
2015-08-25 22:18 - 2015-05-16 19:32 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-25 22:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-25 22:18 - 2009-07-14 06:51 - 00036650 _____ C:\Windows\setupact.log
2015-08-25 22:09 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-25 22:09 - 2009-07-14 06:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-25 21:54 - 2015-05-16 19:32 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-25 20:50 - 2015-07-23 17:28 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-25 18:18 - 2015-07-23 17:27 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-25 18:11 - 2015-05-30 20:27 - 00000000 ____D C:\Users\Theagle\Desktop\bleep
2015-08-25 18:00 - 2009-07-14 04:34 - 00000021 __RSH C:\Windows\system32\Drivers\etc\hosts.old
2015-08-25 17:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-25 17:28 - 2015-05-16 19:47 - 00088060 _____ C:\Windows\PFRO.log
2015-08-25 17:15 - 2015-05-16 20:19 - 00000000 ____D C:\Users\Theagle\AppData\Roaming\Skype
2015-08-25 17:10 - 2015-07-06 17:28 - 00000000 ____D C:\Users\Theagle\AppData\Local\Battle.net
2015-08-25 17:01 - 2015-05-29 16:39 - 00080805 _____ C:\Windows\DirectX.log
2015-08-21 14:27 - 2015-07-12 19:05 - 00003830 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1436720745
2015-08-21 14:27 - 2015-07-12 19:05 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-19 13:11 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-18 21:55 - 2015-05-29 21:21 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-08-18 21:55 - 2015-05-29 21:21 - 00000775 _____ C:\Windows\LkmdfCoInst.log
2015-08-18 13:49 - 2015-05-16 19:55 - 00000000 ____D C:\Users\Theagle\AppData\Roaming\uTorrent
2015-08-18 13:34 - 2015-05-16 20:19 - 00000000 ____D C:\ProgramData\Skype
2015-08-16 21:40 - 2015-05-28 10:49 - 00000000 ____D C:\Users\Theagle\Documents\My Games
2015-08-16 18:12 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-16 13:48 - 2015-07-06 17:28 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-08-07 17:30 - 2015-07-06 17:28 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-08-05 18:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-08-05 17:57 - 2009-07-14 11:57 - 00000000 ____D C:\Windows\ShellNew
2015-08-04 22:21 - 2015-07-12 19:07 - 00000000 ____D C:\ProgramData\ca6c001200006432
2015-08-04 21:55 - 2015-05-16 19:31 - 00057944 _____ C:\Users\Theagle\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-04 21:48 - 2009-07-14 07:08 - 00009932 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-04 21:48 - 2009-07-14 06:45 - 00266848 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-02 20:18 - 2015-07-06 17:28 - 00000000 ____D C:\Users\Theagle\AppData\Roaming\Battle.net
2015-07-30 14:41 - 2009-07-14 11:16 - 00744900 _____ C:\Windows\system32\perfh013.dat
2015-07-30 14:41 - 2009-07-14 11:16 - 00152928 _____ C:\Windows\system32\perfc013.dat
2015-07-30 14:41 - 2009-07-14 07:13 - 01668596 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-30 13:46 - 2015-07-12 19:24 - 00000000 ____D C:\Users\Theagle\AppData\Local\SteelSeries Engine 3 Client
2015-07-30 13:46 - 2015-07-12 18:57 - 00000000 ____D C:\Program Files\SteelSeries
2015-07-30 13:46 - 2015-05-16 19:31 - 00000000 ____D C:\Users\Theagle\AppData\Local\Deployment

==================== Bestanden in de root van sommige mappen =======

2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Theagle\AppData\Roaming\wPSCsz0
2015-05-28 11:43 - 2015-03-29 11:43 - 0000032 ____R () C:\ProgramData\hash.dat

Bestanden om te verplaatsen of verwijderen:
====================
C:\ProgramData\hash.dat


==================== Bamital & volsnap Check =================

(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)

C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\SysWOW64\wininit.exe => Bestand is getekend
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\SysWOW64\explorer.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\SysWOW64\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\SysWOW64\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\SysWOW64\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\SysWOW64\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend


LastRegBack: 2015-08-16 18:26

==================== Eind van log ============================
Extra scanresultaten van Farbar Recovery Scan Tool (x64) Versie:02-08-2015 01
Gestart door Theagle (2015-08-25 22:22:14)
Gestart vanaf C:\Users\Theagle\Desktop
Boot Modus: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-634205993-3993676356-899950619-500 - Administrator - Disabled)
Gast (S-1-5-21-634205993-3993676356-899950619-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-634205993-3993676356-899950619-1002 - Limited - Enabled)
Theagle (S-1-5-21-634205993-3993676356-899950619-1001 - Administrator - Enabled) => C:\Users\Theagle

==================== Security Center ========================

(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Geïnstalleerde programma's ======================

(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)

µTorrent (HKU\S-1-5-21-634205993-3993676356-899950619-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoHotkey 1.1.22.03 (HKLM\...\AutoHotkey) (Version: 1.1.22.03 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Cubemen (HKLM-x32\...\Steam App 207250) (Version: - 3 Sprockets)
Curse (HKLM-x32\...\{39258ACA-B9D9-418C-ACE2-D874436BD88D}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-634205993-3993676356-899950619-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
DETOUR (HKLM-x32\...\Steam App 92100) (Version: - Sandswept Studios)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version: - Splash Damage®)
DNS Unlocker version 1.3 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.3 - www.vidcreek.tv)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== AANDACHT
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware versie 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Opera Stable 30.0.1835.88 (HKLM-x32\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com)
Raptr (HKLM-x32\...\Raptr) (Version: - )
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\RollerCoaster Tycoon 3 Platinum3) (Version: 3 - Friends in War)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media)
SegmentBooster (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{7743de67}) (Version: - Software Publisher) <==== AANDACHT
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.9.2834.0 - Hi-Rez Studios)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version: - Yager)
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version: - Three Rings)
StarCraft II - Legacy of the Void Beta (HKLM-x32\...\StarCraft II - Legacy of the Void Beta) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.3 - Tunngle.net GmbH)
UltraMon (HKLM\...\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}) (Version: 3.3.0 - Realtime Soft Ltd)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Aangepaste CLSID (gefilterd): ==========================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

CustomCLSID: HKU\S-1-5-21-634205993-3993676356-899950619-1001_Classes\CLSID\{65c79ff0-365f-43e5-9532-dfa66914ab0d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Herstelpunten =========================

25-08-2015 22:00:21 Installed Microsoft Fix it 50267
25-08-2015 22:16:03 Restore Point Created by FRST

==================== Hosts inhoud: ===============================

(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)

2009-07-14 04:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplande Taken (gefilterd) =============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

Task: {16B7D89C-3CEA-40B3-884C-A8BC18EC6AE2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2934F009-2EC4-4300-87F5-A7DE457201C8} - System32\Tasks\DNSMOHAWK => dnsmohawk.exe
Task: {39474910-571B-4F5C-A433-B9F58C173CE2} - System32\Tasks\Opera scheduled Autoupdate 1436720745 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
Task: {79B41E3B-FBE9-4C47-90EB-BD5DE83C87A7} - System32\Tasks\wPSCsz0 => C:\Users\Theagle\AppData\Roaming\wPSCsz0.exe <==== AANDACHT
Task: {7CE2501C-9FEF-470F-8918-54F0F22F53B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {996B8A5C-FDDB-4F81-996F-CCA403E4F326} - System32\Tasks\{226FE9A4-A904-40FC-A657-335A8936D868} => pcalua.exe -a C:\Users\Theagle\Downloads\setup.exe -d C:\Users\Theagle\Downloads
Task: {D3C6B5B4-EB21-494C-9F1C-764FEB718718} - System32\Tasks\NLSAGZR1 => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== AANDACHT
Task: {E0182736-A5A6-4958-8211-674816463D9C} - System32\Tasks\UHIUUFDXVNBFQMWD => C:\ProgramData\Service1198\Service1198.exe <==== AANDACHT
Task: {FD2BBD1C-3F50-4AEC-9994-EEF4298A9494} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-16] (Google Inc.)
Task: {FE30B250-0289-48C8-B63A-B6B6EED73C39} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== AANDACHT

(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NLSAGZR1.job => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== AANDACHT
Task: C:\Windows\Tasks\UHIUUFDXVNBFQMWD.job => C:\ProgramData\Service1198\Service1198.exe <==== AANDACHT
Task: C:\Windows\Tasks\wPSCsz0.job => C:\Users\Theagle\AppData\Roaming\wPSCsz0.exe <==== AANDACHT

==================== Geladen Modules (gefilterd) ==============

2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-25 17:02 - 2015-08-25 17:02 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

==================== Alternate Data Streams (gefilterd) =========

(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)


==================== Veilige Modus (gefilterd) ===================

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dhilio120.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ninjoelv120.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Bacmaeimj => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhilio120.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ninjoelv120.sys => ""="Driver"

==================== EXE Bestandskoppeling (gefilterd) ===============

(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)


==================== Internet Explorer trusted/restricted ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)


==================== Andere gebieden ============================

(Momenteel is er geen automatische fix voor dit onderdeel.)

HKU\S-1-5-21-634205993-3993676356-899950619-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 199.203.131.150 - 82.163.143.168
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is uitgeschakeld.

==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==

(Momenteel is er geen automatische fix voor dit onderdeel.)

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SteelSeries Engine 3.lnk => C:\Windows\pss\SteelSeries Engine 3.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Theagle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Theagle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "Q:\Games\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Firewall regels (gefilterd) ===============

(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A3D55491-631A-4C9E-B36B-492716995E60}] => (Allow) C:\Users\Theagle\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{53895620-E791-4E1C-B6E9-8C0680C63E60}] => (Allow) C:\Users\Theagle\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6BF21A16-230E-4036-9615-71E8F2597CBE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{52CE2859-A82C-4E07-BE9D-B4D09CFFBE4B}] => (Allow) Q:\Games\Steam\Steam.exe
FirewallRules: [{E53D00F8-2C08-4571-8577-6254E706B341}] => (Allow) Q:\Games\Steam\Steam.exe
FirewallRules: [{331A0806-80D9-40B6-9839-9C56DE0A541C}] => (Allow) Q:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{5334F477-7749-43C1-84DF-2781F8613174}] => (Allow) Q:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{3C67BA37-1D4F-4182-A571-13D4B3909033}] => (Allow) Q:\Games\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{E487FF5F-97C2-4C28-AB48-B1BA3885F3EF}] => (Allow) Q:\Games\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{3C58A833-34A0-4272-98C8-97F2632BDD53}] => (Allow) Q:\Games\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{E3B73086-6930-4B1F-BB85-4C90118D5D9F}] => (Allow) Q:\Games\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1373FFCC-E636-4D39-BCCC-4878D7CCBF20}] => (Allow) Q:\Games\Steam\steamapps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{87BF5282-C439-452D-9DA3-8D3FDB98F490}] => (Allow) Q:\Games\Steam\steamapps\common\Spiral Knights\java_vm\bin\javaw.exe
FirewallRules: [{1398BE92-783F-48F7-9497-FE46E8B95277}] => (Allow) Q:\Games\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{234B395B-E2B0-4E99-BFC4-1B70D9989034}] => (Allow) Q:\Games\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{4F625089-34F0-4291-90A4-5484CFA34982}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{9FFA4F22-05CB-4B59-9DA0-058E460DECD6}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{ABA272F4-6596-4996-A0B4-15AF26B371DF}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{927AABDA-66D4-4403-9154-ACA2280EFB7F}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{E1E4C6B3-3364-4542-8C4D-FBCBC9B1BF7E}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{325751A3-A1D3-4975-BF0F-14D3972FF842}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{3AB5E755-3A3F-43C2-BFD2-25C7BC9A8AF9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1ABA69C8-7757-441D-B173-5BF378ED86D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D3E619BE-C95C-4B66-BCD0-3473C3575BC8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{152F16AB-B2EB-4476-A882-D24525EB0EA1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9161B900-6B2E-45DD-907B-9238B2FAC610}] => (Allow) Q:\Games\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{A99C7A93-DC32-4674-B54C-AFD8D752F55E}] => (Allow) Q:\Games\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{ACC99CDB-BAF6-4740-A269-1813E64069C5}] => (Allow) Q:\Games\Steam\steamapps\common\Scribblenauts\Scribble.exe
FirewallRules: [{CA2AFA43-C478-4BE6-ADC9-B927C336801C}] => (Allow) Q:\Games\Steam\steamapps\common\Scribblenauts\Scribble.exe
FirewallRules: [TCP Query User{1FCD9472-0681-41FD-92F7-ED55297B8071}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{BA3F4BE8-2992-4B17-AACB-1CF26F026D9E}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{EA8A8CAC-C153-481E-B72D-7329226DA1A4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A8515DE1-F3C3-4E9B-81C1-C42470FDA378}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{EFB70FD0-0D19-493A-9F89-CEEEDD86117C}] => (Allow) Q:\Games\World of Warcraft\StarCraft II\StarCraft II.exe
FirewallRules: [{DC68BACC-2F28-4BFB-A24E-A8551C464BDA}] => (Allow) Q:\Games\World of Warcraft\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{D5C620F1-08A1-44F6-AED6-670D7097BEA1}Q:\games\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) Q:\games\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{AE7587E4-25EE-450D-9ECF-E4DF45865BB6}Q:\games\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) Q:\games\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{1815CE85-D4D1-4011-8983-E67EEA793E3F}Q:\games\world of warcraft\starcraft ii\versions\base32283\sc2.exe] => (Block) Q:\games\world of warcraft\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{AFEB95E2-5114-4054-973B-C27DF26974C0}Q:\games\world of warcraft\starcraft ii\versions\base32283\sc2.exe] => (Block) Q:\games\world of warcraft\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{2FCB0008-07DC-43C9-B10D-E7EC2E33D430}Q:\games\world of warcraft\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Block) Q:\games\world of warcraft\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{98B0E06C-DEE3-40EF-966E-8249155033EF}Q:\games\world of warcraft\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Block) Q:\games\world of warcraft\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{E7344C4F-AF2A-4A65-8DAD-55CD6D9E9428}] => (Allow) C:\ProgramData\NujbuIjo\etapave.EXE
FirewallRules: [{FD3A34C0-D73A-41D3-B454-95C860155A9A}] => (Allow) C:\ProgramData\NujbuIjo\etapave.EXE
FirewallRules: [{DCE538F8-5BDB-46E6-AA1E-52BA3EDCF9C1}] => (Allow) C:\ProgramData\NujbuIjo\etapave.EXE
FirewallRules: [{B53E99DF-3076-4847-AC98-E61E5A33EA10}] => (Allow) C:\ProgramData\NujbuIjo\etapave.EXE
FirewallRules: [{B661CBD1-75F0-4B6E-9C01-0CD300CD098C}] => (Allow) C:\ProgramData\NujbuIjo\etapave.EXE
FirewallRules: [{C6EB5C02-5946-4CB0-A6FF-E1C197450D9F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3A688F6B-BD76-4473-BD1F-BDC2C11714EE}] => (Allow) Q:\Games\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{3920E582-88C0-4420-A612-132A23EA85F4}] => (Allow) Q:\Games\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{6CDAA16B-D85C-41B2-8E81-DD9FCEA1734D}] => (Allow) Q:\Games\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{A194B07E-1A96-4F21-B4A9-3B29DDFAD7AE}] => (Allow) Q:\Games\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{254F48DD-3B46-419B-98DA-E5C2428C1A78}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{77DE8C5D-AA3A-419C-9C2F-6DA489CC1755}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{E9D7D512-076D-429D-BD51-6E567555A6E6}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{2921869E-B82D-4A47-8C73-B23631A02271}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{6D4B06C4-F86B-4013-A28E-85011119904E}] => (Allow) Q:\Games\Steam\steamapps\common\DETOUR\Detour.exe
FirewallRules: [{FEE13AD0-58C8-4A88-A1EB-23110A18E42A}] => (Allow) Q:\Games\Steam\steamapps\common\DETOUR\Detour.exe
FirewallRules: [{B72C30AF-3B1F-4068-87F3-48338B6AC4C6}] => (Allow) Q:\Games\Steam\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{147E3486-E0BC-49F4-B9DE-2A39BD2995AD}] => (Allow) Q:\Games\Steam\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{2659C745-8D4C-45C9-8A10-7928598CFCA2}] => (Allow) Q:\Games\Steam\steamapps\common\Cubemen\Cubemen.exe
FirewallRules: [{04E30943-7350-47A5-8778-3F501E2EFB88}] => (Allow) Q:\Games\Steam\steamapps\common\Cubemen\Cubemen.exe
FirewallRules: [{1E96586E-F5D4-4F3B-898B-F6F015301DBE}] => (Allow) Q:\Games\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{F2CE9D0E-6377-42BE-81F1-2B157DC1A783}] => (Allow) Q:\Games\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{CBA722BA-E7C4-417A-A258-E47EB4E0EE40}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{08C9C61D-B717-4CE3-A420-2D2827C6D856}] => (Allow) Q:\Games\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{8E25377B-DFE2-43AB-A2C3-0048C0F33ECA}] => (Allow) Q:\Games\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{40D9B6EC-D0B7-427F-86C0-EA304F14CFD2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7043896D-5D49-4B8F-9A53-36E51802012F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{33939601-4837-44B1-8C17-4FA41C8F9948}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{435AD65C-BD19-4C0D-A18D-D95BFC876200}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B9250CFF-8578-4AB6-A20A-C08D887E74F5}] => (Allow) Q:\Games\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{8D566C1C-B010-421C-878C-A83378A5FC79}] => (Allow) Q:\Games\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{8D356926-7C8D-4AD9-9830-A0DB36A89A7C}] => (Allow) Q:\Games\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{49ECAFCB-BE07-4C13-B1A4-4529D99C0447}] => (Allow) Q:\Games\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe

==================== Defecte Apparaatbeheer Apparaten =============


==================== Eventlog fouten: =========================

Applicatiefouten:
==================
Error: (08/25/2015 10:16:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.


Bewerking:
Schrijvergegevens verzamelen

Context:
Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
Naam van schrijver: System Writer
Instantie-id van schrijver: {70c69d47-b776-455a-8fe5-38be0c471bec}

Error: (08/25/2015 05:04:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: mbam.exe, versie: 2.3.55.0, tijdstempel: 0x557a2a02
Naam van module met fout: mbam.exe, versie: 2.3.55.0, tijdstempel: 0x557a2a02
Uitzonderingscode: 0xc0000005
Foutoffset: 0x001de590
Id van proces met fout: 0xf60
Starttijd van toepassing met fout: 0xmbam.exe0
Pad naar toepassing met fout: mbam.exe1
Pad naar module met fout: mbam.exe2
Rapport-id: mbam.exe3

Error: (08/18/2015 10:15:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma eu4.exe, versie 1.0.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 27b0

Starttijd: 01d0d9f297bd559c

Eindtijd: 41

Toepassingspad: Q:\Games\Steam\steamapps\common\Europa Universalis IV\eu4.exe

Rapport-id: eaeefb31-45e5-11e5-ad10-4061869aaf27

Error: (08/04/2015 09:48:44 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (08/03/2015 11:17:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: WinRAR.exe, versie: 5.20.0.0, tijdstempel: 0x547d8f4e
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutoffset: 0xffffffff65746167
Id van proces met fout: 0xfd4
Starttijd van toepassing met fout: 0xWinRAR.exe0
Pad naar toepassing met fout: WinRAR.exe1
Pad naar module met fout: WinRAR.exe2
Rapport-id: WinRAR.exe3

Error: (07/25/2015 01:46:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Het programma Steam.exe, versie 2.89.12.34 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm.

Proces-id: 44c

Starttijd: 01d0c6cf4ad7acdf

Eindtijd: 2

Toepassingspad: Q:\Games\Steam\Steam.exe

Rapport-id: bede09e4-32c2-11e5-87fa-4061869aaf27

Error: (07/24/2015 04:22:48 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/24/2015 03:21:40 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/24/2015 01:30:26 PM) (Source: HiRezSoftwareManagerSvc) (EventID: 0) (User: )
Description: Service kan niet worden gestart. System.InvalidOperationException: Could not start IPC server
bij Hirez.Patcher.HiPatchService.InternalStart()
bij Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)
bij System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/24/2015 01:28:37 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out


Systeemfouten:
=============
Error: (08/25/2015 10:18:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: De volgende opstartstuurprogramma's zijn niet geladen:
cdrom

Error: (08/25/2015 10:17:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Apple Mobile Device Service-service kan vanwege de volgende fout niet worden gestart:
%%109

Error: (08/25/2015 10:17:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De Print Spooler-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (08/25/2015 10:17:15 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: De Spooler-service kan niet als NT AUTHORITY\SYSTEM met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%50

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (08/25/2015 10:16:45 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de Windows Search-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt:
%%1056

Error: (08/25/2015 10:16:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De LogMeIn Hamachi Tunneling Engine-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (08/25/2015 10:16:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (08/25/2015 10:16:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De Windows Media Player Network Sharing Service-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (08/25/2015 10:16:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De PnkBstrA-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.

Error: (08/25/2015 10:16:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De LMIGuardianSvc-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.


Microsoft Office:
=========================
Error: (08/25/2015 10:16:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Toegang geweigerd.


Bewerking:
Schrijvergegevens verzamelen

Context:
Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
Naam van schrijver: System Writer
Instantie-id van schrijver: {70c69d47-b776-455a-8fe5-38be0c471bec}

Error: (08/25/2015 05:04:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02mbam.exe2.3.55.0557a2a02c0000005001de590f6001d0df47497e4211C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe91f52a6d-4b3a-11e5-adb3-4061869aaf27

Error: (08/18/2015 10:15:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: eu4.exe1.0.0.027b001d0d9f297bd559c41Q:\Games\Steam\steamapps\common\Europa Universalis IV\eu4.exeeaeefb31-45e5-11e5-ad10-4061869aaf27

Error: (08/04/2015 09:48:44 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (08/03/2015 11:17:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WinRAR.exe5.20.0.0547d8f4eunknown0.0.0.000000000c0000005ffffffff65746167fd401d0cdcd33b68a7eC:\Program Files\WinRAR\WinRAR.exeunknown757699af-39c0-11e5-87fa-4061869aaf27

Error: (07/25/2015 01:46:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.89.12.3444c01d0c6cf4ad7acdf2Q:\Games\Steam\Steam.exebede09e4-32c2-11e5-87fa-4061869aaf27

Error: (07/24/2015 04:22:48 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/24/2015 03:21:40 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/24/2015 01:30:26 PM) (Source: HiRezSoftwareManagerSvc) (EventID: 0) (User: )
Description: Service kan niet worden gestart. System.InvalidOperationException: Could not start IPC server
bij Hirez.Patcher.HiPatchService.InternalStart()
bij Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)
bij System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/24/2015 01:28:37 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out


==================== Geheugen info ===========================

Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 13%
Total physical RAM: 8183.11 MB
Available physical RAM: 7038.93 MB
Total Virtual: 16364.38 MB
Available Virtual: 15181.92 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:80 GB) (Free:39.1 GB) NTFS
Drive q: (NieuwVolume) (Fixed) (Total:385.66 GB) (Free:247.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9D0035E1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=80 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=385.7 GB) - (Type=07 NTFS)

==================== Eind van log ============================

Attached Files


Edited by Oh My!, 30 August 2015 - 10:29 PM.


BC AdBot (Login to Remove)

 


#2 Theagle

Theagle
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 30 August 2015 - 12:46 PM

Bump

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 AM

Posted 30 August 2015 - 03:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/588029 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Theagle

Theagle
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 30 August 2015 - 04:33 PM

I still need help, can't get on the internet and have no idea how to make a fixlist, i didn't start my pc since i made the frst. So its not relevant to make a new one

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:13 AM

Posted 30 August 2015 - 10:28 PM

Greetings Theagle and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I will help you the best I can but I may need some help with the foreign language.

Can you tell me if you recognize this?

Israel Tel Aviv Xglobe Online Ltd

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Insert a USB device into a clean computer
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your USB device as fixlist.txt
closeprocesses:
CHR HKLM\SOFTWARE\Policies\Google: Beleid restrictie <======= AANDACHT
2015-08-25 17:34 - 2015-08-25 17:34 - 00022162 _____ C:\Windows\System32\Tasks\DNSMOHAWK
2015-08-25 17:34 - 2015-08-25 17:34 - 00003992 _____ C:\Windows\System32\Tasks\LaunchPreSignup
2015-08-25 17:34 - 2015-08-25 17:34 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2015-08-25 22:18 - 2015-07-12 19:06 - 00000346 ____H C:\Windows\Tasks\UHIUUFDXVNBFQMWD.job
2015-08-25 22:18 - 2015-07-12 19:06 - 00000340 _____ C:\Windows\Tasks\NLSAGZR1.job
2015-08-25 22:18 - 2015-07-12 19:04 - 00000994 _____ C:\Windows\Tasks\wPSCsz0.job
2015-08-04 22:21 - 2015-07-12 19:07 - 00000000 ____D C:\ProgramData\ca6c001200006432
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Theagle\AppData\Roaming\wPSCsz0
2015-05-28 11:43 - 2015-03-29 11:43 - 0000032 ____R () C:\ProgramData\hash.dat
Task: {79B41E3B-FBE9-4C47-90EB-BD5DE83C87A7} - System32\Tasks\wPSCsz0 => C:\Users\Theagle\AppData\Roaming\wPSCsz0.exe <==== AANDACHT
Task: {D3C6B5B4-EB21-494C-9F1C-764FEB718718} - System32\Tasks\NLSAGZR1 => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== AANDACHT
Task: {E0182736-A5A6-4958-8211-674816463D9C} - System32\Tasks\UHIUUFDXVNBFQMWD => C:\ProgramData\Service1198\Service1198.exe <==== AANDACHT
Task: {FE30B250-0289-48C8-B63A-B6B6EED73C39} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== AANDACHT
C:\Program Files (x86)\OLBPre
Task: C:\Windows\Tasks\NLSAGZR1.job => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== AANDACHT
Task: C:\Windows\Tasks\UHIUUFDXVNBFQMWD.job => C:\ProgramData\Service1198\Service1198.exe <==== AANDACHT
Task: C:\Windows\Tasks\wPSCsz0.job => C:\Users\Theagle\AppData\Roaming\wPSCsz0.exe <==== AANDACHT
C:\ProgramData\EpsanDrive
C:\ProgramData\Service1198
C:\Users\Theagle\AppData\Roaming\wPSCsz0.exe
cmd: ipconfig /flushdns
reboot:
  • Remove the USB device and insert it into the compromised computer
  • Copy and paste fixlist.txt onto your desktop
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Attempt to boot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize the Internet Service Provider
  • Fixlog
  • Can you boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Theagle

Theagle
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 31 August 2015 - 04:53 AM

I don't recognize the xglobe thing
After the fix I still cant connect to the internet ,but i can boot.
Here is the fixlog:

Fix resultaat van Farbar Recovery Scan Tool (x64) Versie:30-08-2015
Gestart door Theagle (2015-08-31 11:38:20) Run:2
Gestart vanaf C:\Users\Theagle\Desktop
Geladen Profielen: Theagle (Beschikbare Profielen: Theagle)
Boot Modus: Normal
==============================================

fixlist inhoud:
*****************
closeprocesses:
CHR HKLM\SOFTWARE\Policies\Google: Beleid restrictie <======= AANDACHT
2015-08-25 17:34 - 2015-08-25 17:34 - 00022162 _____ C:\Windows\System32\Tasks\DNSMOHAWK
2015-08-25 17:34 - 2015-08-25 17:34 - 00003992 _____ C:\Windows\System32\Tasks\LaunchPreSignup
2015-08-25 17:34 - 2015-08-25 17:34 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2015-08-25 22:18 - 2015-07-12 19:06 - 00000346 ____H C:\Windows\Tasks\UHIUUFDXVNBFQMWD.job
2015-08-25 22:18 - 2015-07-12 19:06 - 00000340 _____ C:\Windows\Tasks\NLSAGZR1.job
2015-08-25 22:18 - 2015-07-12 19:04 - 00000994 _____ C:\Windows\Tasks\wPSCsz0.job
2015-08-04 22:21 - 2015-07-12 19:07 - 00000000 ____D C:\ProgramData\ca6c001200006432
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Theagle\AppData\Roaming\wPSCsz0
2015-05-28 11:43 - 2015-03-29 11:43 - 0000032 ____R () C:\ProgramData\hash.dat
Task: {79B41E3B-FBE9-4C47-90EB-BD5DE83C87A7} - System32\Tasks\wPSCsz0 => C:\Users\Theagle\AppData\Roaming\wPSCsz0.exe <==== AANDACHT
Task: {D3C6B5B4-EB21-494C-9F1C-764FEB718718} - System32\Tasks\NLSAGZR1 => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== AANDACHT
Task: {E0182736-A5A6-4958-8211-674816463D9C} - System32\Tasks\UHIUUFDXVNBFQMWD => C:\ProgramData\Service1198\Service1198.exe <==== AANDACHT
Task: {FE30B250-0289-48C8-B63A-B6B6EED73C39} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== AANDACHT
C:\Program Files (x86)\OLBPre
Task: C:\Windows\Tasks\NLSAGZR1.job => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== AANDACHT
Task: C:\Windows\Tasks\UHIUUFDXVNBFQMWD.job => C:\ProgramData\Service1198\Service1198.exe <==== AANDACHT
Task: C:\Windows\Tasks\wPSCsz0.job => C:\Users\Theagle\AppData\Roaming\wPSCsz0.exe <==== AANDACHT
C:\ProgramData\EpsanDrive
C:\ProgramData\Service1198
C:\Users\Theagle\AppData\Roaming\wPSCsz0.exe
cmd: ipconfig /flushdns
reboot:
*****************

Proces succesvol afgesloten.
"HKLM\SOFTWARE\Policies\Google" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\DNSMOHAWK => is succesvol verplaatst.
C:\Windows\System32\Tasks\LaunchPreSignup => is succesvol verplaatst.
C:\Program Files (x86)\DNS Unlocker => is succesvol verplaatst.
C:\Windows\Tasks\UHIUUFDXVNBFQMWD.job => is succesvol verplaatst.
C:\Windows\Tasks\NLSAGZR1.job => is succesvol verplaatst.
C:\Windows\Tasks\wPSCsz0.job => is succesvol verplaatst.
C:\ProgramData\ca6c001200006432 => is succesvol verplaatst.
C:\Users\Theagle\AppData\Roaming\wPSCsz0 => is succesvol verplaatst.
C:\ProgramData\hash.dat => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79B41E3B-FBE9-4C47-90EB-BD5DE83C87A7}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79B41E3B-FBE9-4C47-90EB-BD5DE83C87A7}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\wPSCsz0 => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wPSCsz0" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3C6B5B4-EB21-494C-9F1C-764FEB718718}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3C6B5B4-EB21-494C-9F1C-764FEB718718}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\NLSAGZR1 => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NLSAGZR1" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E0182736-A5A6-4958-8211-674816463D9C}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0182736-A5A6-4958-8211-674816463D9C}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\UHIUUFDXVNBFQMWD => is succesvol verplaatst.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UHIUUFDXVNBFQMWD" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE30B250-0289-48C8-B63A-B6B6EED73C39}" => sleutel is succesvol verwijderd.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE30B250-0289-48C8-B63A-B6B6EED73C39}" => sleutel is succesvol verwijderd.
C:\Windows\System32\Tasks\LaunchPreSignup => niet gevonden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup => sleutel niet gevonden.
"C:\Program Files (x86)\OLBPre" => bestand/map niet gevonden.
C:\Windows\Tasks\NLSAGZR1.job => niet gevonden.
C:\Windows\Tasks\UHIUUFDXVNBFQMWD.job => niet gevonden.
C:\Windows\Tasks\wPSCsz0.job => niet gevonden.
"C:\ProgramData\EpsanDrive" => bestand/map niet gevonden.
"C:\ProgramData\Service1198" => bestand/map niet gevonden.
"C:\Users\Theagle\AppData\Roaming\wPSCsz0.exe" => bestand/map niet gevonden.

========= ipconfig /flushdns =========


Windows IP-configuratie

De DNS-omzettingscache is leeggemaakt.

========= Eind van CMD: =========



Het systeem moest herstart worden..

==== Eind van Fixlog 11:38:21 ====

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:13 AM

Posted 31 August 2015 - 10:12 AM

Thanks, at least we made some progress. Rather than changing all of my instructions download programs onto a USB and transfer them to the infected computer as necessary.

Please do this.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Result log
  • FSS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:13 AM

Posted 03 September 2015 - 08:53 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,998 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:13 AM

Posted 05 September 2015 - 08:08 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users