Springen naar inhoud

geluid stopt met werken


  • Log in om te kunnen reageren

#1

In physics I trust

    In physics I trust


  • >5k berichten
  • 7384 berichten
  • Moderator

Geplaatst op 15 april 2013 - 07:50

Hey,


Ik heb mijn laptop intussen een dikke drie jaar, en aan de posts hier, zullen jullie wel al gemerkt hebben dat er af en toe eens iets met misloopt ;)

Wat ik tegenwoordig erg vaak heb (bijna dagelijks), is dat mijn geluid het ineens begeeft. Ik ben dus muziek aan het luisteren, en van het ene op het andere ogenblik is er geen geluid meer (als ik oortjes inheb, hoor je soms een metaalachtig trillen aan redelijk hoge frequentie, dit stopt na de oortjes te unpluggen en opnieuw in te pluggen, maar het geluid komt niet weer).

Enige oplossing is heropstarten.

Verdere info/opmerkingen:

* het is een legale Windows 7 64 bit (via universiteit)
* HP dv7 Pavilion 2200eb
* de 'troubleshooter vindt (uiteraard) geen problemen

Iemand een ideetje waar dit aan kan liggen?
Alvast bedankt!
"C++ : Where friends have access to your private members." — Gavin Russell Baker.

Dit forum kan gratis blijven vanwege banners als deze. Door te registeren zal de onderstaande banner overigens verdwijnen.

#2

Mako

    Mako


  • >1k berichten
  • 1146 berichten
  • VIP

Geplaatst op 15 april 2013 - 08:13

Hoi,

Dit ruikt een beetje naar hardwareproblematiek vrees ik :?. Je zou eens kunnen controleren als je de laatste audio driver hebt geïnstalleerd via de website van HP.
A word of encouragement during a failure is worth more than an hour of praise after success.
I hear, I know. I see, I remember. I do, I understand -Confucius-

#3

In physics I trust

    In physics I trust


  • >5k berichten
  • 7384 berichten
  • Moderator

Geplaatst op 15 april 2013 - 08:41

Ja, ik vrees ook zoiets. Vreemd dat het dan opgelost is met herstarten. Toch bedankt ;)
"C++ : Where friends have access to your private members." — Gavin Russell Baker.

#4

Michel Uphoff

    Michel Uphoff


  • >5k berichten
  • 5378 berichten
  • Moderator

Geplaatst op 15 april 2013 - 11:45

Als het geluid verdwenen is, is dan het luidsprekertje 'gedempt' ? (rechtsonder, speakertje met verbodsbordje erbij).

Het probleem treedt onder Windows 7 vaak op, en is meestal niet hardware gerelateerd. Een paar van de vele mogelijke oorzaken:
  • Sounddrivers met een defectje (zoek even op HP of je de nieuwste hebt)
  • Problemen met het powermanagement, en met name de slaapstand (kijk of er nog meer nieuwe drivers van HP, bijvoorbeeld voor de chipset, aanwezig zijn)
  • Codec's met een foutje, mogelijk later geïnstalleerd (met pakketten als Vlc, K-lite en andere codec pack's, maar ook QuickTime en iTunes)
Aangezien het probleem pas later op is gaan treden, zouden later geïnstalleerde codec's en multimedia tools de eerst aangewezen kandidaat zijn om in te zoeken. Check het apparaat ook terdege op malware dat ook wel eens tot dit probleem wil leiden.

Google eens naar "windows 7 audio stops working reboot". Helaas is de lijst van mogelijke oorzaken enorm (ik kreeg 20 miljoen hits met Google).

Je zou in de Windows logboeken kunnen kijken naar de meest recente foutmelding direct nadat het geluid is gestopt, mogelijk vind je daar een aanwijzing.

Veranderd door Michel Uphoff, 15 april 2013 - 12:00

Motus inter corpora relativus tantum est.

#5

Mako

    Mako


  • >1k berichten
  • 1146 berichten
  • VIP

Geplaatst op 16 april 2013 - 17:01

Michel haalt wel nog een aantal interessante punten aan waar het misschien wel de moeite loont om eens te kijken.

Wat het powermanagment betreft: verwijder ook eens de batterij en werk louter op netstroom.

Codecs lijken me eveneens de aangewezen kandidaat als het niet hardware gerelateerd is. Malware als specifieke oorzaak van geluidsproblemen heb ik nog niet meegemaakt, maar als je een malware controle wil roep je maar eens ;).

Voor de logboeken kan je dit eens doen:

Ga naar start - uitvoeren, typ eventvwr.msc en klik op OK.
Klik op windows logboeken
Open het logboek voor toepassingen.
In de rechterkolom bij acties klik je op huidig logboek filteren.
Bij geregistreerd selecteer je de afgelopen 24 uur en bij niveau vink je kritiek en fout aan. Klik op OK.
Selecteer alle gebeurtenissen
Klik nu onderaan in de kolom acties op geselecteerde gebeurtenissen opslaan.
Bepaal de locatie en noem het bestand AppLog om op te slaan.
Bij opslaan als selecteer je tekst (door tabs gescheiden) (.txt)

Herhaal bovenstaande voor het Windows Logboek Systeem en noem het bestand Syslog.

Plaats de inhoud van beide bestanden in je volgende bericht of voeg deze toe als bijlage.
A word of encouragement during a failure is worth more than an hour of praise after success.
I hear, I know. I see, I remember. I do, I understand -Confucius-

#6

In physics I trust

    In physics I trust


  • >5k berichten
  • 7384 berichten
  • Moderator

Geplaatst op 16 april 2013 - 18:13

Ik heb de drivers voor chipset en geluid van de site van hp gehaald. Het lijkt opgelost. Dacht nochtans dat het in orde was, aangezien ik ze recentelijk had geïnstalleerd.

Bedankt voor de andere nuttige inbreng!
"C++ : Where friends have access to your private members." — Gavin Russell Baker.

#7

Michel Uphoff

    Michel Uphoff


  • >5k berichten
  • 5378 berichten
  • Moderator

Geplaatst op 16 april 2013 - 18:28

Check zekerheidshalve de computer met een malware tool als Malwarebytes, die drivers raken niet vanzelf defect. Downloaden, updaten en een volledige scan laten doen. Na gebruik kan je het weer deïnstalleren.
Motus inter corpora relativus tantum est.

#8

In physics I trust

    In physics I trust


  • >5k berichten
  • 7384 berichten
  • Moderator

Geplaatst op 16 april 2013 - 19:29

Te vroeg gejuicht ook. Zelfde probleem. Ik ga een poging wagen.
"C++ : Where friends have access to your private members." — Gavin Russell Baker.

#9

Michel Uphoff

    Michel Uphoff


  • >5k berichten
  • 5378 berichten
  • Moderator

Geplaatst op 16 april 2013 - 23:23

Ok, ben benieuwd.

Vindt malwarebytes niets, dan wordt het tijd om in de logboeken te duiken naar aanwijzingen.

Ik weet niet welke AV software je gebruikt, het kan geen kwaad eens een grondige check te doen met een van de on-line scanners, bijvoorbeeld die van Eset Er zijn namelijk een aantal beestjes in de omloop die het speciaal op Codec's (zeg maar interfaces tussen het woud aan mediabestanden en Windows) hebben voorzien.

Daarnaast zijn er ook gebrekkig geschreven third party Codec's in de omloop die allerhande multimediale en Windows problemen kunnen veroorzaken.

Veranderd door Michel Uphoff, 16 april 2013 - 23:25

Motus inter corpora relativus tantum est.

#10

In physics I trust

    In physics I trust


  • >5k berichten
  • 7384 berichten
  • Moderator

Geplaatst op 17 april 2013 - 06:42

Ik ga er vanavond mee aan de slag, Malwarebytes vond in ieder wel al iets gisteren, al was het erg onduidelijk of het gerelateerd was aan deze issue.

Ik ga Comodo vanavond nog eens door de computer laten lopen ook. Ik hou jullie op de hoogte.
"C++ : Where friends have access to your private members." — Gavin Russell Baker.

#11

In physics I trust

    In physics I trust


  • >5k berichten
  • 7384 berichten
  • Moderator

Geplaatst op 17 april 2013 - 06:54

Uit de logboeken:


Log Name:	  System
Source:		Microsoft-Windows-WER-SystemErrorReporting
Date:		  16/04/2013 23:42:42
Event ID:	  1001
Task Category: None
Level:		 Error
Keywords:	  Classic
User:		  N/A
Computer:	  Glenn-PC
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000fe (0x0000000000000008, 0x0000000000000006, 0x0000000000000005, 0xfffffa8006239b20). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-34335-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
	<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
	<EventID Qualifiers="16384">1001</EventID>
	<Version>0</Version>
	<Level>2</Level>
	<Task>0</Task>
	<Opcode>0</Opcode>
	<Keywords>0x80000000000000</Keywords>
	<TimeCreated SystemTime="2013-04-16T21:42:42.000000000Z" />
	<EventRecordID>46246</EventRecordID>
	<Correlation />
	<Execution ProcessID="0" ThreadID="0" />
	<Channel>System</Channel>
	<Computer>Glenn-PC</Computer>
	<Security />
  </System>
  <EventData>
	<Data Name="param1">0x000000fe (0x0000000000000008, 0x0000000000000006, 0x0000000000000005, 0xfffffa8006239b20)</Data>
	<Data Name="param2">C:\Windows\MEMORY.DMP</Data>
	<Data Name="param3">041613-34335-01</Data>
  </EventData>
</Event>

en
Log Name:	  System
Source:		Microsoft-Windows-WER-SystemErrorReporting
Date:		  16/04/2013 23:42:42
Event ID:	  1001
Task Category: None
Level:		 Error
Keywords:	  Classic
User:		  N/A
Computer:	  Glenn-PC
Description:
The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000fe (0x0000000000000008, 0x0000000000000006, 0x0000000000000005, 0xfffffa8006239b20). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041613-34335-01.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
	<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
	<EventID Qualifiers="16384">1001</EventID>
	<Version>0</Version>
	<Level>2</Level>
	<Task>0</Task>
	<Opcode>0</Opcode>
	<Keywords>0x80000000000000</Keywords>
	<TimeCreated SystemTime="2013-04-16T21:42:42.000000000Z" />
	<EventRecordID>46246</EventRecordID>
	<Correlation />
	<Execution ProcessID="0" ThreadID="0" />
	<Channel>System</Channel>
	<Computer>Glenn-PC</Computer>
	<Security />
  </System>
  <EventData>
	<Data Name="param1">0x000000fe (0x0000000000000008, 0x0000000000000006, 0x0000000000000005, 0xfffffa8006239b20)</Data>
	<Data Name="param2">C:\Windows\MEMORY.DMP</Data>
	<Data Name="param3">041613-34335-01</Data>
  </EventData>
</Event>

en

Log Name:	  Microsoft-Windows-International/Operational
Source:		Microsoft-Windows-International
Date:		  12/04/2013 22:44:18
Event ID:	  1001
Task Category: NLS locale functions
Level:		 Critical
Keywords:	  
User:		  SYSTEM
Computer:	  Glenn-PC
Description:
The NLS operation failed because the registry key HKCU\Control Panel\International cannot be opened. Error code is 19. Error message: The media is write protected.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
	<Provider Name="Microsoft-Windows-International" Guid="{3AA52B8B-6357-4C18-A92E-B53FB177853B}" />
	<EventID>1001</EventID>
	<Version>0</Version>
	<Level>1</Level>
	<Task>35</Task>
	<Opcode>31</Opcode>
	<Keywords>0x8000000000000000</Keywords>
	<TimeCreated SystemTime="2013-04-12T20:44:18.057014600Z" />
	<EventRecordID>1</EventRecordID>
	<Correlation />
	<Execution ProcessID="4060" ThreadID="11132" />
	<Channel>Microsoft-Windows-International/Operational</Channel>
	<Computer>Glenn-PC</Computer>
	<Security UserID="S-1-5-18" />
  </System>
  <EventData>
	<Data Name="RegistryKey">HKCU\Control Panel\International</Data>
	<Data Name="ErrorCode">19</Data>
	<Data Name="Message">The media is write protected.
</Data>
  </EventData>
</Event>
"C++ : Where friends have access to your private members." — Gavin Russell Baker.

#12

Mako

    Mako


  • >1k berichten
  • 1146 berichten
  • VIP

Geplaatst op 17 april 2013 - 08:57

Hoi,

Even een controle voor wat de malware betreft. Hieronder gelijk de eerste test ;)

Download RSIT van de onderstaande locaties en sla deze op het bureablad op.
Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

Dubbelklik op RSIT.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  • Plaats de inhoud hiervan in het volgende bericht.
A word of encouragement during a failure is worth more than an hour of praise after success.
I hear, I know. I see, I remember. I do, I understand -Confucius-

#13

In physics I trust

    In physics I trust


  • >5k berichten
  • 7384 berichten
  • Moderator

Geplaatst op 17 april 2013 - 09:03

Logfile of random's system information tool 1.09 (written by random/random)
Run by Glenn at 2013-04-17 10:01:30
Microsoft Windows 7 Professional N Service Pack 1
System drive C: has 151 GB (35%) free of 429 GB
Total RAM: 4063 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:39, on 17/04/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe
C:\Users\Glenn\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Windows\SysWOW64\prevhost.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\trend micro\Glenn.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft.WebPageAdjuster - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O4 - HKCU\..\Run: [GmailNotifierPro] C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Glenn\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/...SetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lmadmin - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager (mitsijm2013) - - C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11210 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe"
"C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe" /minimized
"C:\Users\Glenn\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
taskeng.exe {D9C63632-9DEB-499A-8958-F0F0DA3495A6}
"C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3204.0.2033897581\1333270208" --supports-dual-gpus=false --reduce-gpu-sandbox --disable-image-transport-surface --gpu-vendor-id=0x1002 --gpu-device-id=0x9480 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.632.1.2000 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/12/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/ --extension-process --renderer-print-preview --enable-threaded-compositing --channel="3204.2.965430364\964810965" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/12/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/ --extension-process --renderer-print-preview --enable-threaded-compositing --channel="3204.3.513214404\903344665" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/12/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3204.4.2058247425\1788303201" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\np_dvs_plugin.dll" --lang=nl --channel="3204.5.1004685344\236586524" /prefetch:4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3204.6.1459333697\512113579" --lang=nl --ignored=" --type=renderer " /prefetch:13
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/12/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/SpdyCwnd/cwnd10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3204.11.97843723\1011068403" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/12/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/SpdyCwnd/cwnd10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3204.20.56503575\1060094464" /prefetch:3
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "C:\Users\Glenn\Downloads\veelhoeken.pdf"
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=4428.1.1189397831 --type=renderer "C:\Users\Glenn\Downloads\veelhoeken.pdf"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\prevhost.exe {914FEED8-267A-4BAA-B8AA-21E233792679} -Embedding
C:\Windows\SysWOW64\prevhost.exe {DC6EFB56-9CFA-464D-8880-44885D7DC193} -Embedding
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" /b /id 4248_3223 /if pdfshell_prevde700ce3-b91e-45b5-9de8-dc767cc5bf1d
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=4240.1.439610172 --type=renderer /b /id 4248_3223 /if pdfshell_prevde700ce3-b91e-45b5-9de8-dc767cc5bf1d
"taskhost.exe"
"C:\Program Files\Eclipse\eclipse\eclipse.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/12/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/SpdyCwnd/cwnd10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3204.28.509017633\453002508" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/12/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/SpdyCwnd/cwnd10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3204.34.1679553258\2146413487" /prefetch:3
SCIA -T Glenn-PC 11.10 -1 -c scia\SCIA_Software.lic -lmgrd_port 6978 -x lmremove --lmgrd_start 516e4db5 -l logs/SCIA.log
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/12/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/SpdyCwnd/cwnd10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3204.43.1438739559\819795848" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=nl --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/12/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/SpdyCwnd/cwnd10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_37/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3204.44.325991940\1293458860" /prefetch:3
"C:\Windows\system32\mspaint.exe"
"C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Glenn\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\rqrgh6qb.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.21.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
bing.xml
bolcom-nl.xml
google.xml
marktplaats-nl.xml
wikipedia-nl.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-16 553376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-16 211360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
DVDVideoSoft WebPageAdjuster Class - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2013-01-30 342176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-23 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-23 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
DVDVideoSoft WebPageAdjuster Class - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2013-01-30 281760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-24 1560872]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2009-08-12 456192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GmailNotifierPro"=C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe [2012-11-11 2371496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-10-01 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Users\Glenn\AppData\Local\Akamai\netsession_win.exe [2013-01-26 4480768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Sync]
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2012-07-25 418280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR11]
C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [2011-11-07 934152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
C:\Windows\system32\windows\winsvr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM]
C:\Windows\system32\windows\winsvr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivitizeVPN]
C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe [2013-02-04 196784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2013-03-26 1631144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voobly]
C:\Program Files (x86)\Voobly\voobly.exe [2013-04-14 139264]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []

C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Glenn\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-04-17 10:01:31 ----D---- C:\Program Files\trend micro
2013-04-17 10:01:30 ----D---- C:\rsit
2013-04-17 09:50:23 ----D---- C:\Program Files (x86)\Trend Micro
2013-04-17 08:17:06 ----D---- C:\Users\Glenn\AppData\Roaming\NetBeans
2013-04-16 23:15:59 ----D---- C:\Program Files\glassfish-3.1.2.2
2013-04-16 23:10:45 ----D---- C:\Program Files\NetBeans 7.3
2013-04-16 23:08:47 ----A---- C:\Windows\system32\javaws.exe
2013-04-16 23:08:38 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2013-04-16 23:08:38 ----A---- C:\Windows\system32\javaw.exe
2013-04-16 23:08:38 ----A---- C:\Windows\system32\java.exe
2013-04-16 23:03:46 ----D---- C:\Program Files\Sublime Text 2
2013-04-16 22:49:45 ----D---- C:\xampp
2013-04-16 22:27:38 ----D---- C:\Users\Glenn\AppData\Roaming\SWI-Prolog
2013-04-16 22:27:30 ----D---- C:\Program Files\swipl
2013-04-16 21:21:59 ----D---- C:\Program Files (x86)\Haskell Platform
2013-04-16 20:30:28 ----D---- C:\Users\Glenn\AppData\Roaming\Malwarebytes
2013-04-16 20:30:14 ----D---- C:\ProgramData\Malwarebytes
2013-04-16 20:30:13 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-16 20:30:13 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-04-15 21:29:54 ----D---- C:\Program Files (x86)\Intel
2013-04-15 21:29:54 ----A---- C:\Windows\SYSWOW64\CSVer.dll
2013-04-15 21:29:41 ----D---- C:\Intel
2013-04-15 21:28:45 ----N---- C:\Windows\system32\stapi64.dll
2013-04-15 21:28:07 ----A---- C:\Windows\system32\AESTEC64.dll
2013-04-15 21:28:07 ----A---- C:\Windows\system32\AESTAR64.dll
2013-04-15 21:28:07 ----A---- C:\Windows\system32\AESTAC64.dll
2013-04-15 21:28:06 ----A---- C:\Windows\system32\stlang64.dll
2013-04-15 21:28:06 ----A---- C:\Windows\system32\idt64mp1.exe
2013-04-15 21:28:06 ----A---- C:\Windows\system32\AESTCo64.dll
2013-04-15 21:28:06 ----A---- C:\Windows\sttray64.exe
2013-04-15 21:28:05 ----D---- C:\Windows\system32\SRSLabs
2013-04-15 21:27:29 ----A---- C:\Windows\system32\staco64.dll
2013-04-15 21:27:27 ----A---- C:\Windows\system32\stcplx64.dll
2013-04-15 21:27:27 ----A---- C:\Windows\system32\stapo64.dll
2013-04-15 21:27:27 ----A---- C:\Windows\system32\drivers\stwrt64.sys
2013-04-15 21:27:23 ----D---- C:\Program Files\IDT
2013-04-15 21:24:06 ----D---- C:\Program Files (x86)\HP
2013-04-13 17:09:03 ----D---- C:\ProgramData\Steam
2013-04-13 17:05:32 ----D---- C:\Program Files (x86)\Age of Empires II HD
2013-04-12 10:09:01 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-04-10 22:57:21 ----D---- C:\Program Files (x86)\Elaborate Bytes
2013-04-08 17:04:18 ----D---- C:\ProgramData\CyberLink
2013-04-08 17:04:03 ----D---- C:\Users\Glenn\AppData\Roaming\CyberLink
2013-04-08 16:56:27 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-04-08 16:55:06 ----D---- C:\Program Files (x86)\Hewlett-Packard
2013-04-08 16:54:09 ----D---- C:\ProgramData\Temp
2013-04-08 16:49:30 ----A---- C:\Windows\system32\HPMSWebcam.dll
2013-04-08 16:49:26 ----D---- C:\System.sav
2013-04-08 16:47:46 ----D---- C:\Program Files\DIFX
2013-04-05 11:17:18 ----A---- C:\Windows\system32\dsNcSmartCardProv.dll
2013-04-05 11:17:18 ----A---- C:\Windows\system32\dsNcCredProv.dll
2013-04-05 11:17:06 ----D---- C:\Program Files (x86)\Juniper Networks
2013-04-05 11:15:58 ----D---- C:\Users\Glenn\AppData\Roaming\Juniper Networks
2013-04-05 00:35:33 ----D---- C:\Users\Glenn\AppData\Roaming\F-Secure SSH
2013-04-05 00:34:25 ----D---- C:\Program Files (x86)\F-Secure
2013-04-05 00:32:16 ----A---- C:\Windows\IsUninst.exe
2013-04-02 16:25:55 ----D---- C:\RecoveryCD
2013-04-01 18:12:31 ----D---- C:\Program Files (x86)\Voobly
2013-04-01 17:58:09 ----D---- C:\Program Files (x86)\dumps
2013-04-01 17:57:41 ----D---- C:\Program Files (x86)\Steam
2013-03-23 15:43:25 ----A---- C:\Windows\SYSWOW64\javaws.exe
2013-03-23 15:43:14 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-03-23 15:43:14 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-03-23 15:43:14 ----A---- C:\Windows\SYSWOW64\java.exe
2013-03-19 16:33:28 ----N---- C:\Windows\Setup1.exe
2013-03-19 16:33:24 ----A---- C:\Windows\ST6UNST.EXE

======List of files/folders modified in the last 1 month======

2013-04-17 10:01:39 ----D---- C:\Windows\Temp
2013-04-17 10:01:31 ----RD---- C:\Program Files
2013-04-17 10:00:42 ----D---- C:\Users\Glenn\AppData\Roaming\Skype
2013-04-17 09:50:26 ----SHD---- C:\Windows\Installer
2013-04-17 09:50:23 ----RD---- C:\Program Files (x86)
2013-04-17 09:50:09 ----SHD---- C:\System Volume Information
2013-04-17 09:46:48 ----D---- C:\Users\Glenn\AppData\Roaming\Dropbox
2013-04-17 07:42:47 ----SD---- C:\ProgramData\Microsoft
2013-04-16 23:48:29 ----D---- C:\Windows\System32
2013-04-16 23:48:29 ----D---- C:\Windows\inf
2013-04-16 23:48:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-16 23:43:25 ----D---- C:\Program Files (x86)\Gmail Notifier Pro
2013-04-16 23:42:34 ----D---- C:\Windows\Minidump
2013-04-16 23:42:21 ----D---- C:\Windows
2013-04-16 23:39:41 ----D---- C:\Users\Glenn\AppData\Roaming\FileZilla
2013-04-16 23:08:26 ----A---- C:\Windows\system32\npDeployJava1.dll
2013-04-16 23:08:26 ----A---- C:\Windows\system32\deployJava1.dll
2013-04-16 23:08:22 ----D---- C:\Program Files\Java
2013-04-16 21:51:41 ----D---- C:\Windows\SysWOW64
2013-04-16 20:40:41 ----D---- C:\Windows\SYSWOW64\windows
2013-04-16 20:30:14 ----HD---- C:\ProgramData
2013-04-16 20:30:13 ----D---- C:\Windows\system32\drivers
2013-04-16 13:26:08 ----D---- C:\Program Files (x86)\BabasChess
2013-04-15 21:29:58 ----D---- C:\Windows\system32\catroot
2013-04-15 21:29:56 ----D---- C:\Windows\system32\DriverStore
2013-04-15 21:29:40 ----D---- C:\swsetup
2013-04-15 21:24:11 ----RSD---- C:\Windows\assembly
2013-04-15 20:06:48 ----D---- C:\Users\Glenn\AppData\Roaming\Azureus
2013-04-15 13:07:19 ----D---- C:\Windows\system32\NDF
2013-04-14 23:28:04 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-12 22:51:44 ----D---- C:\ProgramData\Adobe
2013-04-12 22:48:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-04-12 13:10:22 ----D---- C:\Users\Glenn\AppData\Roaming\vlc
2013-04-10 22:59:14 ----D---- C:\Windows\system32\Tasks
2013-04-10 22:54:39 ----D---- C:\Windows\Resources
2013-04-08 16:57:52 ----D---- C:\Windows\system32\config
2013-04-08 16:52:51 ----D---- C:\Windows\system32\catroot2
2013-04-05 11:16:00 ----D---- C:\Windows\Downloaded Program Files
2013-04-02 12:52:43 ----D---- C:\Windows\Prefetch
2013-04-01 17:57:45 ----D---- C:\Program Files (x86)\Common Files
2013-03-27 16:05:55 ----SD---- C:\Users\Glenn\AppData\Roaming\Microsoft
2013-03-23 15:43:09 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2013-03-23 15:43:09 ----A---- C:\Windows\SYSWOW64\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2013-02-20 237840]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2013-02-20 120080]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-21 80384]
R3 clwvd;HP Webcam Splitter; C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-30 32880]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\Windows\system32\DRIVERS\dsNcAdpt.sys [2013-02-20 32768]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-28 70656]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2009-08-12 487936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-07-24 250928]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2013-02-20 131856]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2013-02-20 146704]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2010-11-21 552448]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-10-22 128352]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe [2009-03-01 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 lmadmin;lmadmin; C:\Program Files (x86)\Common Files\Scia\LicenceServer\FlexnetServer\lmadmin.exe [2011-08-05 6587728]
R2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-01-31 339776]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe [2009-08-12 240640]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-02-12 1044816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-04 116648]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-12 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 dsNcService;Juniper Network Connect Service; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [2013-02-20 692328]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-02-06 1432400]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-04 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-12 115608]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
"C++ : Where friends have access to your private members." — Gavin Russell Baker.

#14

Mako

    Mako


  • >1k berichten
  • 1146 berichten
  • VIP

Geplaatst op 17 april 2013 - 10:27

Dat ziet er op het eerste zicht vrij goed uit. Echter is er 1 iets waar ik mijn bedenkingen bij heb: in het logje zie ik sporen terug van Privitize VPN, deze heeft een bedenkelijke reputatie en zou je dus beter kunnen verwijderen. Tenzij je een goede reden hebt om dat niet te doen? ;)

Onderstaande fix verwerkt het verwijderen van Privitize VPN! Indien je deze toch niet verwijderd wil voer je onderstaande NIET uit.

  • Ga naar Start - Configuratiescherm - Programma's
    Verwijder (indien aanwezig) volgende programma's:
    • Privitize VPN
    • Zoomex
  • Download zoek.exe naar het bureaublad.
    • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
      (hier of hier) kan je lezen hoe je dat doet.
    • Dubbelklik op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
      startupall;
      filesrcm;
      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU];r
      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM];r
      C:\Windows\system32\windows\winsvr.exe;f
      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivitizeVPN];r
      autoclean;
      uninstall-list;
      
    • Klik daarna op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
    • Post nu de inhoud van het geopende logje in het volgende bericht.
A word of encouragement during a failure is worth more than an hour of praise after success.
I hear, I know. I see, I remember. I do, I understand -Confucius-

#15

Michel Uphoff

    Michel Uphoff


  • >5k berichten
  • 5378 berichten
  • Moderator

Geplaatst op 17 april 2013 - 13:02

De logboekmeldingen beschrijven 2 keer eenzelfde event: Herstart na problemen met USB (de parameters fe,08,06,05 wijzen hier op).

Heb je regelmatig een spontane reboot? Zo ja, mogelijk heb je een USB driver geïnstalleerd die tot deze problemen leidt, met een tooltje als UsbDview van Nir Sofer is snel te achterhalen welke usb devices er geïnstalleerd zijn en is het verwijderen erg eenvoudig. Was het echter een eenmalig probleem, dan zou ik er geen aandacht aan schenken.

Hiernaast wordt er melding gemaakt van een write protected registry key. Maar die melding is van een paar dagen terug. Mogelijk conflicteert hier iets met een firewall, wellicht die VPN die Mako meldde.
Motus inter corpora relativus tantum est.





0 gebruiker(s) lezen dit onderwerp

0 leden, 0 bezoekers, 0 anonieme gebruikers

Ook adverteren op onze website? Lees hier meer!

Gesponsorde vacatures

Vacatures