Logfile of random's system information tool 1.10 (written by random/random) Run by Vince at 2015-06-13 18:55:27 Microsoft Windows 8.1 System drive C: has 67 GB (27%) free of 244 GB Total RAM: 6030 MB (56% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:55:33, on 13/06/2015 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17840) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Vince\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Users\Vince\AppData\Roaming\Spotify\Spotify.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Users\Vince\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Users\Vince\AppData\Roaming\Spotify\SpotifyCrashService.exe C:\Users\Vince\AppData\Roaming\Spotify\Spotify.exe C:\Users\Vince\AppData\Roaming\Spotify\Spotify.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files\trend micro\Vince.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: DeaLSPPacae - {CD1AA855-40B2-45C1-9BFB-E0D8027EFE14} - C:\Program Files (x86)\DeaLSPPacae\nS36R5euOEMbzJ.dll O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_D35B1BF4BD75BF2165A72410A77FFBF1] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Vince\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Vince\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - Startup: Dropbox.lnk = C:\Users\Vince\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Gta5Keygen.lnk = C:\ProgramData\{3d22c4da-d36c-bdf7-3d22-2c4dad36136b}\Gta5Keygen.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7859 bytes ======Listing Processes====== wininit.exe winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted "dwm.exe" C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k utcsvc "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" dashost.exe {173e1fdf-2f95-487f-a176b2a9f1549a87} "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" taskhostex.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\SysWOW64\svchost.exe -k LocalSystemNetworkRestricted "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-3687c602-4724-41fc-83ed-e24d610917f6 -SystemEventPortName:HostProcess-04a44750-9d30-46b0-87e8-31cf7a7c6433 -IoCancelEventPortName:HostProcess-03fe8c2a-8686-4cbe-86cd-d768daef8d8b -NonStateChangingEventPortName:HostProcess-1d69095e-9144-4651-a9c3-c0cbf44dc73f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:64228212-d2e4-4c22-bd66-86c7ce5a6f7d -DeviceGroupId:WpdFsGroup C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\System32\skydrive.exe -Embedding "C:\Windows\System32\igfxtray.exe" "C:\Windows\system32\igfxsrvc.exe" -Embedding "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window "C:\Users\Vince\AppData\Roaming\Spotify\SpotifyWebHelper.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4060.0.805590312\696093039" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,20,43 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3308 --ignored=" --type=renderer " /prefetch:822062411 "C:\Windows\system32\GWX\GWX.exe" "C:\Users\Vince\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true "C:\Users\Vince\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup "C:\Users\Vince\AppData\Roaming\Spotify\SpotifyCrashService.exe" "C:\Users\Vince\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --channel="3908.0.1650228220\160363085" --no-sandbox --disable-d3d11 --enable-crash-reporter --lang=en-US --log-severity=disable --product-version=Spotify/1.0.6.80 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,40 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3308 --enable-crash-reporter --lang=en-US --log-severity=disable --product-version=Spotify/1.0.6.80 /prefetch:822062411 "C:\Users\Vince\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --enable-deferred-image-decoding --lang=en-US --enable-crash-reporter --lang=en-US --log-severity=disable --product-version=Spotify/1.0.6.80 --disable-spell-checking --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=3908 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --disable-accelerated-video-decode --channel="3908.1.701687518\1647901648" /prefetch:673131151 "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan" "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe" "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=nl --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillFieldMetadata/Enabled/BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Control/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/IntelligentSessionRestore/FirstTabLoadTimeout40s/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevControlR5/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMaxBandwidthResumption/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/SRTCanary/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Disabled/SettingsEnforcement/enforce_always_with_extensions_and_dse/StackProfiling/Report profiles/SyncBackingDatabase32K/Enabled/ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_04/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Enabled/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-BitrateProbing/Control/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4060.2.1996776267\606691798" --font-cache-shared-handle=2188 /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=nl --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillFieldMetadata/Enabled/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Control/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/IntelligentSessionRestore/FirstTabLoadTimeout40s/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevControlR5/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMaxBandwidthResumption/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/SRTCanary/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Disabled/SettingsEnforcement/enforce_always_with_extensions_and_dse/StackProfiling/Report profiles/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_04/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Enabled/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-BitrateProbing/Control/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4060.3.1713999016\718958449" --font-cache-shared-handle=2352 /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=nl --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillFieldMetadata/Enabled/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Control/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/IntelligentSessionRestore/FirstTabLoadTimeout40s/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevControlR5/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMaxBandwidthResumption/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/SRTCanary/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Disabled/SettingsEnforcement/enforce_always_with_extensions_and_dse/StackProfiling/Report profiles/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_04/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Enabled/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-BitrateProbing/Control/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4060.4.517350826\415957850" --font-cache-shared-handle=2440 /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=nl --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillFieldMetadata/Enabled/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Control/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/IntelligentSessionRestore/FirstTabLoadTimeout40s/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevControlR5/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMaxBandwidthResumption/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/SRTCanary/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Disabled/SettingsEnforcement/enforce_always_with_extensions_and_dse/StackProfiling/Report profiles/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_04/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Enabled/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-BitrateProbing/Control/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4060.5.2109925332\575714930" --font-cache-shared-handle=2452 /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=nl --force-fieldtrials="*AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillFieldMetadata/Enabled/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Control/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/IntelligentSessionRestore/FirstTabLoadTimeout40s/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevControlR5/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMaxBandwidthResumption/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/SRTCanary/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Disabled/SettingsEnforcement/enforce_always_with_extensions_and_dse/StackProfiling/Report profiles/*SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_04/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Enabled/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-BitrateProbing/Control/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4060.6.90031079\375883970" --font-cache-shared-handle=4384 /prefetch:673131151 "C:\Windows\System32\SettingSyncHost.exe" -Embedding C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4060.9.1715156821\2036571830" --ppapi-flash-args=enable_hw_video_decode=1 --lang=nl --ignored=" --type=renderer " /prefetch:-632637702 "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe" --type=renderer --no-sandbox --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/537.36 CreativeCloud/1.9.1.474" --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable --channel="4900.0.1226250419\1417088726" /prefetch:673131151 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=nl --force-fieldtrials="*AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillFieldMetadata/Enabled/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Control/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/IntelligentSessionRestore/FirstTabLoadTimeout40s/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevControlR5/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMaxBandwidthResumption/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/SRTCanary/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Disabled/SettingsEnforcement/enforce_always_with_extensions_and_dse/StackProfiling/Report profiles/*SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_04/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Enabled/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-BitrateProbing/Control/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4060.10.1110480070\747439047" --font-cache-shared-handle=6904 /prefetch:673131151 C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=nl --force-fieldtrials="*AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillFieldMetadata/Enabled/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Control/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/IntelligentSessionRestore/FirstTabLoadTimeout40s/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/DevControlR5/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMaxBandwidthResumption/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/SRTCanary/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Disabled/SettingsEnforcement/enforce_always_with_extensions_and_dse/StackProfiling/Report profiles/*SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_04/*UMA-Uniformity-Trial-10-Percent/group_06/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-5-Percent/group_15/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Enabled/*V8VerifyHeap/Disabled/*VoiceTrigger/Install/*WebRTC-BitrateProbing/Control/*WebRTC-ScreencastTargetBitrateOvershoot/Default/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="4060.18.795274594\1242608282" --font-cache-shared-handle=5612 /prefetch:673131151 C:\Windows\System32\svchost.exe -k WerSvcGroup "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 564 568 576 65536 572 "C:\Users\Vince\Downloads\RSITx64.exe" "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server C:\Windows\System32\RuntimeBroker.exe -Embedding C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\DllHost.exe /Processid:{AD3EDBCA-0901-415B-82E9-C16D3B65E38C} ======Scheduled tasks folder====== C:\Windows\tasks\DataMarker.job - c:\programdata\{31f7d0b4-66f0-2a0c-31f7-7d0b466f42d1}\1774412226846802591b.exe --startup=1 --single C:\Windows\tasks\DriverNavigator Scheduled Scan.job - C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe --scan ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD1AA855-40B2-45C1-9BFB-E0D8027EFE14}] DeaLSPPacae - C:\Program Files (x86)\DeaLSPPacae\nS36R5euOEMbzJ.x64.dll [2015-06-13 891904] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD1AA855-40B2-45C1-9BFB-E0D8027EFE14}] DeaLSPPacae - C:\Program Files (x86)\DeaLSPPacae\nS36R5euOEMbzJ.dll [2015-06-13 822784] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-10-01 391128] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-10-01 771032] "Persistence"=C:\Windows\system32\igfxpers.exe [2013-10-01 769496] "AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03 557768] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_D35B1BF4BD75BF2165A72410A77FFBF1"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2015-05-25 863560] "Spotify Web Helper"=C:\Users\Vince\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-05-31 2021944] "Spotify"=C:\Users\Vince\AppData\Roaming\Spotify\Spotify.exe [2015-05-31 7323192] "CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-05-08 8322328] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2015-02-15 2694320] C:\Users\Vince\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\Vince\AppData\Roaming\Dropbox\bin\Dropbox.exe Gta5Keygen.lnk - C:\ProgramData\{3d22c4da-d36c-bdf7-3d22-2c4dad36136b}\Gta5Keygen.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2013-10-01 623104] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "VIDC.YUY2"=msyuv.dll "vidc.i420"=iyuv_32.dll "msacm.msgsm610"=msgsm32.acm "msacm.msg711"=msg711.acm "VIDC.YVYU"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "wavemapper"=msacm32.drv "midimapper"=midimap.dll "VIDC.UYVY"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "vidc.msvc"=msvidc32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "MSVideo8"=VfWWDM32.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2015-06-13 18:55:28 ----D---- C:\Program Files\trend micro 2015-06-13 18:55:27 ----D---- C:\rsit 2015-06-13 18:38:41 ----D---- C:\AdwCleaner 2015-06-13 18:31:51 ----A---- C:\scan1306.txt 2015-06-13 16:57:47 ----D---- C:\Program Files\CCleaner 2015-06-13 16:55:17 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys 2015-06-13 16:55:03 ----A---- C:\Windows\system32\drivers\mwac.sys 2015-06-13 16:55:03 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys 2015-06-13 16:55:03 ----A---- C:\Windows\system32\drivers\mbam.sys 2015-06-13 16:55:02 ----D---- C:\ProgramData\Malwarebytes 2015-06-13 16:55:02 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-06-13 13:00:15 ----D---- C:\Program Files (x86)\FRQc Flash Render Quality changer 2015-06-13 12:59:49 ----D---- C:\ProgramData\10603136380381423225 2015-06-13 12:59:42 ----D---- C:\Program Files (x86)\DeaLSPPacae 2015-06-13 12:58:58 ----A---- C:\Windows\SYSWOW64\ntwdblib.dll 2015-06-11 16:44:32 ----SHD---- C:\Config.Msi 2015-06-09 22:03:54 ----A---- C:\Windows\SYSWOW64\comctl32.dll 2015-06-09 22:03:54 ----A---- C:\Windows\system32\mshtml.dll 2015-06-09 22:03:54 ----A---- C:\Windows\system32\comctl32.dll 2015-06-09 22:03:53 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2015-06-09 22:03:52 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2015-06-09 22:03:52 ----A---- C:\Windows\system32\wininet.dll 2015-06-09 22:03:52 ----A---- C:\Windows\system32\jscript9.dll 2015-06-09 22:03:51 ----A---- C:\Windows\SYSWOW64\wininet.dll 2015-06-09 22:03:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2015-06-09 22:03:51 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2015-06-09 22:03:51 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2015-06-09 22:03:51 ----A---- C:\Windows\system32\urlmon.dll 2015-06-09 22:03:51 ----A---- C:\Windows\system32\iertutil.dll 2015-06-09 22:03:51 ----A---- C:\Windows\system32\ieframe.dll 2015-06-09 22:03:50 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2015-06-09 22:03:50 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2015-06-09 22:03:50 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2015-06-09 22:03:50 ----A---- C:\Windows\SYSWOW64\jscript.dll 2015-06-09 22:03:50 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2015-06-09 22:03:50 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2015-06-09 22:03:50 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2015-06-09 22:03:50 ----A---- C:\Windows\SYSWOW64\actxprxy.dll 2015-06-09 22:03:50 ----A---- C:\Windows\system32\webcheck.dll 2015-06-09 22:03:50 ----A---- C:\Windows\system32\vbscript.dll 2015-06-09 22:03:50 ----A---- C:\Windows\system32\msfeeds.dll 2015-06-09 22:03:50 ----A---- C:\Windows\system32\jscript9diag.dll 2015-06-09 22:03:50 ----A---- C:\Windows\system32\jscript.dll 2015-06-09 22:03:50 ----A---- C:\Windows\system32\ieapfltr.dll 2015-06-09 22:03:50 ----A---- C:\Windows\system32\dxtrans.dll 2015-06-09 22:03:50 ----A---- C:\Windows\system32\actxprxy.dll 2015-06-09 22:03:49 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2015-06-09 22:03:49 ----A---- C:\Windows\SYSWOW64\inetcomm.dll 2015-06-09 22:03:49 ----A---- C:\Windows\SYSWOW64\iepeers.dll 2015-06-09 22:03:49 ----A---- C:\Windows\system32\mshtmled.dll 2015-06-09 22:03:49 ----A---- C:\Windows\system32\inetcomm.dll 2015-06-09 22:03:49 ----A---- C:\Windows\system32\ieui.dll 2015-06-09 22:03:49 ----A---- C:\Windows\system32\iepeers.dll 2015-06-09 22:03:49 ----A---- C:\Windows\system32\iedkcs32.dll 2015-06-09 22:03:40 ----A---- C:\Windows\system32\win32k.sys 2015-06-05 00:26:53 ----D---- C:\Users\Vince\AppData\Roaming\dvdcss 2015-05-30 01:23:04 ----D---- C:\foto 2015-05-21 12:58:02 ----D---- C:\Windows\Migration 2015-05-17 23:21:45 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-17 23:21:45 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 10:29:47 ----D---- C:\14052015 ======List of files/folders modified in the last 1 month====== 2015-06-13 18:55:28 ----RD---- C:\Program Files 2015-06-13 18:55:26 ----D---- C:\Windows\Prefetch 2015-06-13 18:54:37 ----D---- C:\Windows\Temp 2015-06-13 18:46:41 ----RD---- C:\Windows\System32 2015-06-13 18:46:41 ----D---- C:\Windows\Inf 2015-06-13 18:46:41 ----A---- C:\Windows\system32\PerfStringBackup.INI 2015-06-13 18:45:49 ----D---- C:\Users\Vince\AppData\Roaming\Spotify 2015-06-13 18:42:26 ----D---- C:\Users\Vince\AppData\Roaming\Dropbox 2015-06-13 18:40:27 ----D---- C:\Windows 2015-06-13 18:39:59 ----RD---- C:\Program Files (x86) 2015-06-13 18:39:59 ----HD---- C:\ProgramData 2015-06-13 18:39:59 ----D---- C:\Windows\Tasks 2015-06-13 18:29:05 ----D---- C:\Users\Vince\AppData\Roaming\uTorrent 2015-06-13 18:29:04 ----D---- C:\Windows\system32\DriverStore 2015-06-13 18:28:59 ----D---- C:\Windows\Panther 2015-06-13 18:28:59 ----D---- C:\Windows\Minidump 2015-06-13 18:28:59 ----D---- C:\Windows\Logs 2015-06-13 18:28:59 ----D---- C:\Windows\debug 2015-06-13 18:27:12 ----D---- C:\Windows\system32\config 2015-06-13 18:27:11 ----D---- C:\Windows\WinSxS 2015-06-13 18:26:54 ----RD---- C:\Windows\assembly 2015-06-13 18:26:54 ----D---- C:\Windows\system32\drivers 2015-06-13 18:26:27 ----D---- C:\Windows\SYSWOW64\en-US 2015-06-13 18:26:27 ----D---- C:\Windows\SysWOW64 2015-06-13 18:26:27 ----D---- C:\Windows\system32\en-US 2015-06-13 18:26:27 ----D---- C:\Windows\PolicyDefinitions 2015-06-13 18:26:27 ----D---- C:\Program Files\Internet Explorer 2015-06-13 18:26:27 ----D---- C:\Program Files (x86)\Internet Explorer 2015-06-13 18:24:59 ----D---- C:\Windows\CbsTemp 2015-06-13 17:02:00 ----D---- C:\Windows\system32\sru 2015-06-13 16:57:56 ----D---- C:\Windows\system32\Tasks 2015-06-12 23:37:13 ----D---- C:\Windows\Microsoft.NET 2015-06-11 16:49:46 ----SHD---- C:\Windows\Installer 2015-06-11 16:49:08 ----D---- C:\ProgramData\Microsoft Help 2015-06-11 16:49:08 ----A---- C:\Windows\win.ini 2015-06-11 12:58:51 ----SHD---- C:\System Volume Information 2015-06-09 20:30:27 ----D---- C:\Windows\AppReadiness 2015-06-07 18:10:32 ----HD---- C:\Program Files\WindowsApps 2015-06-05 00:07:47 ----D---- C:\Windows\LiveKernelReports 2015-06-03 18:18:09 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2015-05-31 11:10:55 ----D---- C:\Windows\system32\catroot2 2015-05-30 01:22:34 ----D---- C:\146_FUJI 2015-05-30 01:22:16 ----D---- C:\145D7000 2015-05-30 01:15:03 ----D---- C:\142D7000 2015-05-30 01:13:19 ----D---- C:\139D7000 2015-05-30 01:13:08 ----D---- C:\137D7000 2015-05-30 01:12:47 ----D---- C:\143D7000 2015-05-30 01:11:46 ----D---- C:\107_FUJI1 2015-05-27 23:02:53 ----D---- C:\DCIM 2015-05-24 14:08:50 ----D---- C:\Users\Vince\AppData\Roaming\vlc 2015-05-21 12:59:38 ----D---- C:\Windows\apppatch 2015-05-21 12:58:02 ----SD---- C:\Windows\SYSWOW64\GWX 2015-05-21 12:58:02 ----SD---- C:\Windows\system32\GWX 2015-05-21 12:58:01 ----RSD---- C:\Windows\Fonts 2015-05-21 12:58:01 ----RD---- C:\Windows\ImmersiveControlPanel 2015-05-21 12:58:01 ----D---- C:\Windows\system32\AdvancedInstallers 2015-05-17 23:21:38 ----D---- C:\Windows\system32\MRT 2015-05-17 23:17:31 ----A---- C:\Windows\system32\MRT.exe 2015-05-17 23:09:50 ----D---- C:\Program Files\Windows Journal ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-11-21 157016] R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680] R3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athw8x.sys [2013-06-18 3680256] R3 HIDSwitch;@oem1.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\Windows\System32\drivers\AsHIDSwitch64.sys [2013-11-04 20280] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-10-01 4177920] R3 iwdbus;@oem5.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2013-08-23 26008] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-04-14 25816] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-06-13 136408] R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-04-14 64216] R3 MEIx64;@oem2.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-17 62784] R3 RSBASTOR;@oem9.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\Windows\system32\DRIVERS\RtsBaStor.sys [2014-11-06 313048] R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360] R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-11-21 212736] R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912] R3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304] R3 WUDFWpdMtp;WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304] S3 dg_ssudbus;@oem15.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800] S3 intaud_WaveExtensible;@oem4.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2013-08-23 39320] S3 ssudmdm;@oem16.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080] S3 WDC_SAM;@oem18.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam64.sys [2015-04-30 23200] S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2013-08-22 78848] S3 WSDPrintDevice;@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support; C:\Windows\System32\drivers\WSDPrint.sys [2013-08-22 20992] S3 WSDScan;@sti.inf,%WSDScan.SvcDesc%;WSD Scan Support; C:\Windows\system32\DRIVERS\WSDScan.sys [2014-11-21 23040] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-11-21 38792] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-14 1871160] R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120] S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-11-21 38792] S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-10-01 279000] S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696] S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 178760] -----------------EOF-----------------