Logfile of random's system information tool 1.09 (written by random/random) Run by Gebruiker at 2014-03-24 22:11:12 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 1206 GB (84%) free of 1431 GB Total RAM: 8175 MB (79% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:11:22, on 24-3-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16521) Boot mode: Normal Running processes: C:\Program Files (x86)\Mobogenie\DaemonProcess.exe C:\Program Files\Norman\Npm\Bin\zlh.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Norman\Npm\Bin\zlhh.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Citrix\ICA Client\redirector.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\Gebruiker.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll O2 - BHO: CrossriderApp0048980 - {11111111-1111-1111-1111-110411891180} - C:\Program Files (x86)\DP1819\DP1819-bho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Surftastic - {c6673938-a52b-4dc6-af05-783e7e2c8b65} - C:\Program Files (x86)\Surftastic\Surftasticbho.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [M-Downloader] C:\Program Files (x86)\M-Downloader\Updater.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3407540201-4267568511-3557624643-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3407540201-4267568511-3557624643-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Dropbox.lnk = Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: ,c:\progra~2\citrix\icacli~1\rshook.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Norman eLogger Service (eLoggerSvc6) - Norman AS - C:\Program Files\Norman\Npm\Bin\elogsvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe O23 - Service: MgAssist Service (MgAssistService) - Unknown owner - C:\Program Files (x86)\Mobogenie\MgAssist.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norman Hash Server (NHS) - Unknown owner - C:\Program Files\Norman\Nvc\bin\nhs.exe O23 - Service: Norman Network Filtering service (NNFSVC) - Norman Safeground AS - C:\Program Files\Norman\Ngs\Bin\Nnf.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman AS - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman Safeground AS - C:\Program Files\Norman\npf\bin\npfsvc32.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman Safeground AS - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman AS - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe O23 - Service: Norman Resource Provider (NICCA) (NVOY) - Norman AS - C:\Program Files\Norman\Npm\Bin\Nvoy.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norman Scheduler Service (Scheduler) - Norman AS - C:\Program Files\Norman\Npm\Bin\scheduler.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: System Update kb77500 - Unknown owner - C:\Windows\Microsoft\System Update kb77500\WindowsUpdater.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14266 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch "C:\Program Files\Norman\Npm\Bin\elogsvc.exe" "C:\Program Files\Norman\Npm\Bin\Nvoy.exe" "C:\Program Files\Norman\Ngs\Bin\Nnf.exe" "C:\Program Files\Norman\npf\bin\npfsvc32.exe" "C:\Program Files\Norman\Ngs\Bin\Nprosec.exe" "C:\Windows\system32\nvvsvc.exe" "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs "C:\Program Files\Norman\Npm\Bin\Zanda.exe" "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" C:\Windows\system32\nvvsvc.exe -session -first C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Mobogenie\MgAssist.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Windows\Microsoft\System Update kb77500\WindowsUpdater.exe" "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files (x86)\Mobogenie\DaemonProcess.exe" "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ebce3749-6611-45e8-bb34-594abde6b985 -SystemEventPortName:HostProcess-3b494362-1823-4d8c-a6bd-a2c6ed483a84 -IoCancelEventPortName:HostProcess-ec449b62-8580-41a8-a461-6b19dc35b924 -NonStateChangingEventPortName:HostProcess-dc06e652-b300-4b9a-aee4-fa10ba68147b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9a9a0b07-4cb3-4365-a8e4-431b7236d924 -DeviceGroupId:WpdFsGroup "C:\Windows\WindowsMobile\wmdcBase.exe" C:\Windows\system32\svchost.exe -k WindowsMobile "C:\Program Files\Norman\Npm\Bin\scheduler.exe" "C:\Program Files\Norman\Npm\Bin\Njeeves.exe" "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 "C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Norman\Npm\Bin\zlh.exe" /LOAD /SPLASH "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN "C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup "C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe" /autorun "C:\Program Files\Norman\Npm\Bin\zlhh.exe" /LOAD /SPLASH "C:\Program Files (x86)\Browny02\BrYNSvc.exe" "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" C:\Windows\System32\svchost.exe -k secsvcs "C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" -Embedding "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup "C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe" -autoupdate -startplugins "C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe" "C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe" -Embedding "C:\Program Files (x86)\MSR\Privoxy\privoxy.exe" "C:\Program Files\Norman\Nse\Bin\NSESVC.EXE" -daemon "C:\Program Files\Norman\Nvc\bin\nhs.exe" "C:\Program Files\Norman\Nvc\Bin\nvcoas.exe" "C:\Program Files\Norman\Nvc\Bin\cclaw.exe" /load "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6112.0.959610708\1358904458" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,14,27,33 --gpu-vendor-id=0x10de --gpu-device-id=0x0de0 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1106 --ignored=" --type=renderer " /prefetch:822062411 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_RestoreNavsuggestControl_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group3 pct:10c stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_67/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --enable-software-compositing --channel="6112.3.1685733007\655827143" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="6112.4.1404776896\832758288" --ppapi-flash-args --lang=nl --ignored=" --type=renderer " /prefetch:-632637702 taskeng.exe {B9CA74CF-C004-4028-909B-C6111642D752} taskeng.exe {898F4558-D7AB-49C9-A594-77BF3BA66B65} C:\Windows\system32\sppsvc.exe "c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey EDE8AD99-AF74-7ABD-3B10-AB37A6A90B06 -Reinvoke "C:\Users\Gebruiker\Downloads\RSITx64.exe" ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\AmiUpdXp.job C:\Windows\tasks\DP1819-codedownloader.job C:\Windows\tasks\DP1819-enabler.job C:\Windows\tasks\DP1819-firefoxinstaller.job C:\Windows\tasks\DP1819-updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\Norton Security Scan for Gebruiker.job C:\Windows\tasks\RMAutoUpdate.job C:\Windows\tasks\RMSchedule.job =========Mozilla firefox========= ProfilePath - C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\gtdyvlcn.default prefs.js - "browser.search.useDBForOrder" - "false" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 12.0.0.77 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Citrix.com/npican] "Description"=Citrix ICA Client Plugin "Path"=C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin] "Description"=McAfee Mss Plugin "Path"=C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision] "Description"=NVIDIA stereo images plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] "Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 12.0.0.77 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL C:\Program Files (x86)\Mozilla Firefox\extensions\ {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} C:\Program Files (x86)\Mozilla Firefox\components\ nsIQTScriptablePlugin.xpt C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\gtdyvlcn.default\extensions\ 741a7541-93f4-48e9-b47a-819eb9b71948@056eeb3e-b4ad-4111-975e-4d615058413d.com {07FF1E21-D805-1061-FF4D-77A7BBC4EB60} ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411891180}] DP1819 - C:\Program Files (x86)\DP1819\DP1819-bho64.dll [2014-03-12 958464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-13 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-26 49440] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}] MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-16 96128] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411891180}] DP1819 - C:\Program Files (x86)\DP1819\DP1819-bho.dll [2014-03-12 682496] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-03-24 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-13 194128] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6673938-a52b-4dc6-af05-783e7e2c8b65}] Surftastic - C:\Program Files (x86)\Surftastic\Surftasticbho.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-03-24 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-13 256080] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-13 194128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-01-18 11775592] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 660360] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "M-Downloader"=C:\Program Files (x86)\M-Downloader\Updater.exe [2014-02-24 4675584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2012-05-23 371896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17 651264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2] C:\Users\Gebruiker\AppData\Local\MediaGet2\mediaget.exe [2013-09-01 11077864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files (x86)\QuickTime\qttask.exe [2011-08-06 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2012-08-21 105120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-05-28 39408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBHostSupport] C:\Windows\SysWOW64\Rundll32.exe [2009-07-14 44544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip] C:\Program Files (x86)\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [2006-01-23 196608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 8.0 SE.lnk] C:\PROGRA~2\COMMON~1\PANASO~1\PHOTOF~1\AUTOST~1.EXE [2011-12-02 188600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] C:\Users\GEBRUI~1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2014-01-03 30714328] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Norman ZANDA"=C:\Program Files\Norman\Npm\Bin\ZLH.EXE [2013-03-08 66888] "ControlCenter3"=C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [2008-12-24 114688] "BrStsMon00"=C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2010-02-09 2621440] ""= [] "mobilegeni daemon"=C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [2014-03-13 764096] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "MSVideo8"=VfWWDM32.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-03-24 22:11:12 ----D---- C:\rsit 2014-03-24 22:11:12 ----D---- C:\Program Files\trend micro 2014-03-24 20:47:31 ----D---- C:\ProgramData\Oracle 2014-03-24 20:47:19 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll 2014-03-23 18:06:55 ----D---- C:\Program Files\McAfee Security Scan 2014-03-23 17:40:03 ----D---- C:\Users\Gebruiker\AppData\Roaming\Unity 2014-03-21 18:06:41 ----D---- C:\ProgramData\McAfee Security Scan 2014-03-13 19:06:50 ----D---- C:\Windows\Microsoft 2014-03-13 19:06:35 ----D---- C:\Program Files (x86)\MSR 2014-03-12 22:07:20 ----D---- C:\Program Files (x86)\DP1819 2014-03-12 22:06:42 ----D---- C:\Users\Gebruiker\AppData\Roaming\Wise 2014-03-12 07:03:18 ----A---- C:\Windows\system32\wwansvc.dll 2014-03-12 07:03:17 ----A---- C:\Windows\SYSWOW64\wer.dll 2014-03-12 07:03:17 ----A---- C:\Windows\system32\wer.dll 2014-03-12 07:03:16 ----A---- C:\Windows\system32\win32k.sys 2014-03-12 07:03:14 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2014-03-12 07:03:14 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2014-03-12 07:03:14 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2014-03-12 07:03:14 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2014-03-12 07:03:14 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2014-03-12 07:03:14 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2014-03-12 07:03:14 ----A---- C:\Windows\system32\iertutil.dll 2014-03-12 07:03:14 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2014-03-12 07:03:13 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2014-03-12 07:03:13 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2014-03-12 07:03:13 ----A---- C:\Windows\SYSWOW64\ieui.dll 2014-03-12 07:03:13 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2014-03-12 07:03:13 ----A---- C:\Windows\system32\urlmon.dll 2014-03-12 07:03:13 ----A---- C:\Windows\system32\iernonce.dll 2014-03-12 07:03:13 ----A---- C:\Windows\system32\ieetwproxystub.dll 2014-03-12 07:03:12 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2014-03-12 07:03:12 ----A---- C:\Windows\system32\msfeeds.dll 2014-03-12 07:03:12 ----A---- C:\Windows\system32\iesetup.dll 2014-03-12 07:03:12 ----A---- C:\Windows\system32\ie4uinit.exe 2014-03-12 07:03:11 ----A---- C:\Windows\SYSWOW64\wininet.dll 2014-03-12 07:03:11 ----A---- C:\Windows\SYSWOW64\msrating.dll 2014-03-12 07:03:11 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2014-03-12 07:03:11 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2014-03-12 07:03:11 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2014-03-12 07:03:11 ----A---- C:\Windows\system32\jsproxy.dll 2014-03-12 07:03:11 ----A---- C:\Windows\system32\ieui.dll 2014-03-12 07:03:11 ----A---- C:\Windows\system32\ieetwcollector.exe 2014-03-12 07:03:10 ----A---- C:\Windows\system32\jscript9diag.dll 2014-03-12 07:03:10 ----A---- C:\Windows\system32\jscript9.dll 2014-03-12 07:03:10 ----A---- C:\Windows\system32\ieUnatt.exe 2014-03-12 07:03:10 ----A---- C:\Windows\system32\ieframe.dll 2014-03-12 07:03:10 ----A---- C:\Windows\system32\ieapfltr.dll 2014-03-12 07:03:09 ----A---- C:\Windows\system32\wininet.dll 2014-03-12 07:03:09 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-12 07:03:09 ----A---- C:\Windows\system32\msrating.dll 2014-03-12 07:03:09 ----A---- C:\Windows\system32\mshtml.dll 2014-03-12 07:02:56 ----A---- C:\Windows\SYSWOW64\qedit.dll 2014-03-12 07:02:56 ----A---- C:\Windows\system32\qedit.dll 2014-03-12 07:02:55 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll 2014-03-12 07:02:55 ----A---- C:\Windows\system32\WindowsCodecs.dll 2014-03-04 21:48:55 ----D---- C:\Users\Gebruiker\AppData\Roaming\MDownloader 2014-03-04 21:47:34 ----D---- C:\Users\Gebruiker\AppData\Roaming\M-Downloader 2014-03-04 21:47:30 ----D---- C:\Program Files (x86)\M-Downloader 2014-03-04 21:47:04 ----D---- C:\Program Files (x86)\Mobogenie 2014-03-04 21:46:48 ----D---- C:\Program Files (x86)\Surftastic 2014-02-26 23:06:38 ----D---- C:\Windows\Migration ======List of files/folders modified in the last 1 month====== 2014-03-24 22:11:13 ----D---- C:\Windows\Temp 2014-03-24 22:11:12 ----RD---- C:\Program Files 2014-03-24 20:47:42 ----SHD---- C:\Windows\Installer 2014-03-24 20:47:31 ----HD---- C:\ProgramData 2014-03-24 20:47:27 ----D---- C:\Windows\SysWOW64 2014-03-24 20:47:15 ----A---- C:\Windows\SYSWOW64\javaws.exe 2014-03-24 20:47:15 ----A---- C:\Windows\SYSWOW64\javaw.exe 2014-03-24 20:47:15 ----A---- C:\Windows\SYSWOW64\java.exe 2014-03-24 20:47:14 ----D---- C:\Program Files (x86)\Java 2014-03-24 20:46:36 ----AD---- C:\ProgramData\TEMP 2014-03-24 20:46:00 ----SHD---- C:\System Volume Information 2014-03-24 07:19:56 ----D---- C:\Windows\system32\config 2014-03-24 07:10:21 ----D---- C:\Windows\System32 2014-03-24 07:10:21 ----D---- C:\Windows\inf 2014-03-24 07:10:21 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-03-24 07:07:15 ----D---- C:\Users\Gebruiker\AppData\Roaming\Dropbox 2014-03-24 07:06:11 ----D---- C:\Program Files (x86)\PC Tools Registry Mechanic 2014-03-24 07:06:07 ----D---- C:\ProgramData\NVIDIA 2014-03-23 23:00:34 ----D---- C:\Users\Gebruiker\AppData\Roaming\uTorrent 2014-03-23 18:06:55 ----RD---- C:\Program Files (x86) 2014-03-22 20:44:05 ----D---- C:\Windows\system32\catroot2 2014-03-21 18:06:32 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2014-03-18 22:52:06 ----D---- C:\Windows\system32\MRT 2014-03-18 22:52:03 ----A---- C:\Windows\system32\MRT.exe 2014-03-16 11:40:46 ----D---- C:\Windows\Prefetch 2014-03-13 19:06:50 ----D---- C:\Windows 2014-03-13 07:29:52 ----D---- C:\Windows\winsxs 2014-03-13 07:28:38 ----D---- C:\Program Files\Internet Explorer 2014-03-13 07:28:38 ----D---- C:\Program Files (x86)\Internet Explorer 2014-03-13 07:28:32 ----D---- C:\Program Files\Microsoft Silverlight 2014-03-13 07:28:31 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2014-03-12 23:03:33 ----D---- C:\ProgramData\Microsoft Help 2014-03-12 22:07:54 ----D---- C:\Windows\system32\Tasks 2014-03-12 22:07:53 ----D---- C:\Windows\Tasks 2014-03-12 07:02:52 ----D---- C:\Windows\system32\catroot 2014-03-01 10:03:06 ----D---- C:\Users\Gebruiker\AppData\Roaming\Belastingdienst 2014-02-28 07:36:05 ----D---- C:\Windows\Microsoft.NET 2014-02-27 23:10:49 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI 2014-02-26 23:11:27 ----RSD---- C:\Windows\assembly 2014-02-26 23:06:42 ----D---- C:\Windows\SYSWOW64\en-US 2014-02-26 23:06:42 ----D---- C:\Windows\system32\en-US 2014-02-26 23:06:38 ----SD---- C:\ProgramData\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R1 ALE_NF;Norman Network Filter ALE driver; \??\C:\Windows\system32\drivers\ale7_nf64.sys [2013-12-06 133152] R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2012-05-17 93272] R1 NGS;Norman General Security Driver; \??\c:\program files\norman\ngs\bin\ngs64.sys [2014-02-04 23488] R1 NPROSEC;Norman Security driver; \??\C:\Program Files\Norman\Ngs\Bin\nprosec64.sys [2013-08-16 41536] R2 nregsec;Norman Registry Security driver; \??\C:\Program Files\Norman\Ngs\Bin\nregsec64.sys [2013-08-13 68792] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-01-25 2727912] R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120] R3 MBfilt;MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [2009-11-18 32344] R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] R3 NvcMFlt;NvcMFlt; C:\Windows\system32\DRIVERS\nvcv64mf.sys [2013-09-16 59552] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-11-12 155752] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776] R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288] R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] S1 PCLEPCI;PCLEPCI; \??\C:\Windows\system32\drivers\pclepci.sys [] S3 61883;61883-eenheidsapparaat; C:\Windows\system32\DRIVERS\61883.sys [2009-07-14 60288] S3 ASAPIW2K;ASAPIW2K; C:\Windows\SysWOW64\ASAPI64.sys [2005-07-13 10752] S3 Avc;AVC-apparaat; C:\Windows\system32\DRIVERS\avc.sys [2009-07-14 48768] S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736] S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2009-07-14 61440] S3 MSICDSetup;MSICDSetup; \??\D:\CDriver64.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 19968] S3 WINUSB;WinUsb-stuurprogramma; C:\Windows\system32\DRIVERS\WinUSB.SYS [2010-11-20 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432] R2 eLoggerSvc6;Norman eLogger Service; C:\Program Files\Norman\Npm\Bin\elogsvc.exe [2013-03-04 104920] R2 MgAssistService;MgAssist Service; C:\Program Files (x86)\Mobogenie\MgAssist.exe [2014-03-13 70848] R2 NHS;Norman Hash Server; C:\Program Files\Norman\Nvc\bin\nhs.exe [2012-10-17 793520] R2 NNFSVC;Norman Network Filtering service; C:\Program Files\Norman\Ngs\Bin\Nnf.exe [2013-12-06 279592] R2 Norman ZANDA;Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [2013-03-20 433504] R2 NPFSvc32;Norman Personal Firewall Service; C:\Program Files\Norman\npf\bin\npfsvc32.exe [2013-12-06 407808] R2 NPROSECSVC;Norman Security service; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [2013-08-16 120456] R2 NVOY;Norman Resource Provider (NICCA); C:\Program Files\Norman\Npm\Bin\Nvoy.exe [2013-06-27 246560] R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-18 884512] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] R2 System Update kb77500;System Update kb77500; C:\Windows\Microsoft\System Update kb77500\WindowsUpdater.exe [2014-02-27 17920] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136] R3 BrYNSvc;BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] R3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\Bin\Njeeves.exe [2013-02-13 150120] R3 nsesvc;Norman Scanner Engine Service; C:\Program Files\Norman\Nse\Bin\NSESVC.EXE [2013-02-27 427288] R3 nvcoas;Norman Virus Control on-access component; C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [2013-01-21 320696] R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 Scheduler;Norman Scheduler Service; C:\Program Files\Norman\Npm\Bin\scheduler.exe [2013-03-13 402072] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088] S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176] S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-25 1260320] S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 111616] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 289256] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-06 1255736] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-21 257928] S4 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-24 194032] S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168] S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-22 118896] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040] S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272] -----------------EOF-----------------