Zoek.exe Version 4.0.0.4 Updated 07-September-2013 Tool run by nanda on zo 08-09-2013 at 11:15:37,73. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\zoek\zoek.exe [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 8-9-2013 11:19:52 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3o45w215.default\prefs.js: Added to D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3o45w215.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from D:\Documents and Settings\aziz.049763920274\Application Data\Mozilla\Firefox\Profiles\mt4z2d76.default\prefs.js: user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.defaultenginename", "Ask.com"); user_pref("browser.search.selectedEngine", "Ask.com"); user_pref("browser.search.order.1", "Ask.com"); user_pref("extensions.asktb.ff-original-keyword-url", ""); user_pref("keyword.URL", "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=D8E3671A-91F1-4135-A351-1F7C6A02E72C&apn_ptnrs=U3&apn_sauid=BDFA6F9E-C108-41ED-97E7-08861A618238&apn_dtid=OSJ000YYNL&&q="); Added to D:\Documents and Settings\aziz.049763920274\Application Data\Mozilla\Firefox\Profiles\mt4z2d76.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("extensions.asktb.ff-original-keyword-url", ""); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from D:\Documents and Settings\nanda.049763920274\Application Data\Mozilla\Firefox\Profiles\34p9bvug.default\prefs.js: user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Ask.com"); user_pref("browser.search.order.1", "Ask.com"); Added to D:\Documents and Settings\nanda.049763920274\Application Data\Mozilla\Firefox\Profiles\34p9bvug.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from D:\Documents and Settings\shahin.049763920274\Application Data\Mozilla\Firefox\Profiles\kamvp5el.default\prefs.js: user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Ask.com"); user_pref("extensions.asktb.ff-original-keyword-url", ""); user_pref("keyword.URL", "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=D8E3671A-91F1-4135-A351-1F7C6A02E72C&apn_ptnrs=U3&apn_sauid=BDFA6F9E-C108-41ED-97E7-08861A618238&apn_dtid=OSJ000YYNL&&q="); Added to D:\Documents and Settings\shahin.049763920274\Application Data\Mozilla\Firefox\Profiles\kamvp5el.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("extensions.asktb.ff-original-keyword-url", ""); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3o45w215.default user.js not found ---- Lines WebSearch removed from prefs.js ---- ---- Lines WebSearch modified from prefs.js ---- ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- ---- Lines asktb removed from prefs.js ---- ---- Lines asktb modified from prefs.js ---- ---- Lines 14323AEE-F6B8-4DC8-BCE3-E62645830585 removed from prefs.js ---- ---- Lines 14323AEE-F6B8-4DC8-BCE3-E62645830585 modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_08-09-2013_1126_.backup ProfilePath: D:\Documents and Settings\aziz.049763920274\Application Data\Mozilla\Firefox\Profiles\mt4z2d76.default user.js not found ---- Lines WebSearch removed from prefs.js ---- ---- Lines WebSearch modified from prefs.js ---- ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- ---- Lines asktb removed from prefs.js ---- user_pref("extensions.asktb.ff-original-keyword-url", ""); ---- Lines asktb modified from prefs.js ---- ---- Lines 14323AEE-F6B8-4DC8-BCE3-E62645830585 removed from prefs.js ---- ---- Lines 14323AEE-F6B8-4DC8-BCE3-E62645830585 modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_08-09-2013_1126_.backup ProfilePath: D:\Documents and Settings\nanda.049763920274\Application Data\Mozilla\Firefox\Profiles\34p9bvug.default user.js not found ---- Lines WebSearch removed from prefs.js ---- ---- Lines WebSearch modified from prefs.js ---- ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- ---- Lines asktb removed from prefs.js ---- ---- Lines asktb modified from prefs.js ---- ---- Lines 14323AEE-F6B8-4DC8-BCE3-E62645830585 removed from prefs.js ---- ---- Lines 14323AEE-F6B8-4DC8-BCE3-E62645830585 modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1251913496281,\"rdfTime\":1232707720000},\"{ABDE892B-13A8-4d1b-88E6-365A6E755758}\":{\"descriptor\":\"D:\\\\Documents and Settings\\\\All Users\\\\Application Data\\\\Real\\\\RealPlayer\\\\BrowserRecordPlugin\\\\Firefox\\\\Ext\",\"mtime\":1323536969750,\"rdfTime\":1323536969750},\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF\",\"mtime\":1369047597203,\"rdfTime\":1368089726000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1376723618625,\"rdfTime\":1376723618390}}},{\"name\":\"app-profile\",\"addons\":{\"{14323AEE-F6B8-4DC8-BCE3-E62645830585}\":{\"descriptor\":\"D:\\\\Documents and Settings\\\\nanda.049763920274\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\34p9bvug.default\\\\extensions\\\\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi\",\"mtime\":1360999395125}}}]"); ---- FireFox user.js and prefs.js backups ---- prefs_08-09-2013_1126_.backup ProfilePath: D:\Documents and Settings\shahin.049763920274\Application Data\Mozilla\Firefox\Profiles\kamvp5el.default user.js not found ---- Lines WebSearch removed from prefs.js ---- ---- Lines WebSearch modified from prefs.js ---- ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- ---- Lines asktb removed from prefs.js ---- user_pref("extensions.asktb.ff-original-keyword-url", ""); ---- Lines asktb modified from prefs.js ---- ---- Lines 14323AEE-F6B8-4DC8-BCE3-E62645830585 removed from prefs.js ---- ---- Lines 14323AEE-F6B8-4DC8-BCE3-E62645830585 modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_08-09-2013_1126_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"=- ==== Deleting Files \ Folders ====================== "D:\Documents and Settings\nanda.049763920274\Application Data\Mozilla\Firefox\Profiles\34p9bvug.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi" deleted "D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\22find.lnk" deleted "C:\WINDOWS\002766_.tmp" deleted "C:\WINDOWS\~DF44EC.tmp" deleted "C:\WINDOWS\~DF7FB5.tmp" deleted "C:\WINDOWS\System32\SETA2A.tmp" deleted "C:\WINDOWS\System32\SETA2B.tmp" deleted "C:\WINDOWS\System32\SETA30.tmp" deleted "C:\WINDOWS\System32\SETA31.tmp" deleted "C:\WINDOWS\System32\SETA33.tmp" deleted "C:\WINDOWS\System32\SETA3E.tmp" deleted "C:\WINDOWS\System32\SETA40.tmp" deleted "C:\WINDOWS\System32\SETA41.tmp" deleted "C:\WINDOWS\System32\SETA42.tmp" deleted "C:\WINDOWS\System32\SETA43.tmp" deleted "C:\WINDOWS\System32\SETA48.tmp" deleted "C:\WINDOWS\System32\SETA50.tmp" deleted "C:\WINDOWS\System32\SETA52.tmp" deleted "C:\WINDOWS\System32\SETA7C.tmp" deleted "C:\WINDOWS\System32\SETA85.tmp" deleted "C:\WINDOWS\System32\SETA8A.tmp" deleted "C:\WINDOWS\System32\SETA8B.tmp" deleted "C:\WINDOWS\System32\SETA8C.tmp" deleted "C:\WINDOWS\System32\SETA8D.tmp" deleted "C:\WINDOWS\System32\SETA8E.tmp" deleted "C:\WINDOWS\System32\SETA92.tmp" deleted "C:\WINDOWS\System32\SETA9F.tmp" deleted "C:\WINDOWS\System32\SETAA3.tmp" deleted "C:\WINDOWS\System32\SETAA8.tmp" deleted "C:\WINDOWS\System32\SETAB1.tmp" deleted "C:\WINDOWS\System32\SETABC.tmp" deleted "C:\WINDOWS\System32\SETAC3.tmp" deleted "C:\WINDOWS\System32\SETAC4.tmp" deleted "C:\WINDOWS\System32\SETACB.tmp" deleted "C:\WINDOWS\System32\SETACC.tmp" deleted "C:\WINDOWS\System32\SETAE2.tmp" deleted "C:\WINDOWS\System32\SETAE3.tmp" deleted "C:\WINDOWS\System32\SETAEA.tmp" deleted "C:\WINDOWS\System32\SETAEB.tmp" deleted "C:\WINDOWS\System32\SETBEC.tmp" deleted "C:\WINDOWS\System32\SETBF1.tmp" deleted "C:\WINDOWS\System32\SETBF3.tmp" deleted "C:\WINDOWS\System32\SETBF6.tmp" deleted "C:\WINDOWS\System32\SETBFA.tmp" deleted "C:\WINDOWS\System32\SETC01.tmp" deleted "C:\WINDOWS\System32\SETCEF.tmp" deleted "C:\WINDOWS\System32\SETCF2.tmp" deleted "C:\WINDOWS\System32\SETD02.tmp" deleted "C:\WINDOWS\System32\SETD05.tmp" deleted "C:\WINDOWS\System32\SETD07.tmp" deleted "C:\WINDOWS\System32\SETD0A.tmp" deleted "C:\WINDOWS\System32\SETD11.tmp" deleted "C:\WINDOWS\System32\SETD16.tmp" deleted "C:\WINDOWS\System32\SETD18.tmp" deleted "C:\WINDOWS\System32\SETD1B.tmp" deleted "D:\Documents and Settings\shahin.049763920274\Application Data\Mozilla\Firefox\Profiles\kamvp5el.default\searchplugins\askcom.xml" deleted "D:\Documents and Settings\nanda.049763920274\Application Data\AVG8" deleted "C:\Program Files\Common Files\337" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2013-09-05 10:21:54 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe 2013-09-05 10:21:54 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe 2013-09-05 10:21:54 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe 2013-09-05 10:21:54 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe 2013-09-05 10:21:54 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe ====== D:\DOCUME~1\NANDA~1.049\LOCALS~1\Temp ==== ====== C:\WINDOWS\system32 ===== 2013-09-02 15:41:58 1D9B3568CFDB55316985A053D6D96030 94632 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= D: ===== ====== D:\Documents and Settings\nanda.049763920274\Application Data ====== ====== D:\Documents and Settings\nanda.049763920274 ====== 2013-08-19 14:53:12 B2943B580DFABBC9588A700A349FC846 11 ----a-w- D:\Documents and Settings\aziz.049763920274\usb001 2013-08-19 14:52:31 B2944A4AC5289FF45105BFD9395FBC27 17 ----a-w- D:\Documents and Settings\aziz.049763920274\usb 2013-08-19 14:51:21 94260D40F25C108E7515036CFF35792C 10 ----a-w- D:\Documents and Settings\aziz.049763920274\usboo1 ====== C: exe-files == 2013-09-07 10:42:01 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\nanda.exe 2013-09-07 10:41:37 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\RSIT.exe 2013-09-05 10:21:54 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe 2013-09-05 10:21:54 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe 2013-09-05 10:21:54 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe 2013-09-05 10:21:54 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe 2013-09-05 10:21:54 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe === C: other files == 2013-09-05 10:26:58 E2853CFC026C755827660141E5872D01 16362 ----a-w- C:\Qoobox\BackEnv\SetPath.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" [HKEY_USERS\S-1-5-21-1627227090-3052154592-1259039538-1006\Software\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="C:\APPS\SMP\SmpSys.exe" "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe boot" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" "High Definition Audio Property Page Shortcut"="HDAShCut.exe" "ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay" "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" "PCMService"="c:\apps\Powercinema\PCMService.exe" "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" "WiPen"="C:\Program Files\WiPen\wpmanage.exe" "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" "RTHDCPL"="RTHDCPL.EXE" "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe " "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui" "TkBellExe"="C:\program files\real\realplayer\update\realsched.exe -osboot" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="C:\APPS\SMP\SmpSys.exe" "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe boot" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" ==== Startup Folders ====================== 2013-06-03 05:30:08 1681 ----a-w- D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk 2013-06-03 05:30:08 1720 ----a-w- D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe [] C:\WINDOWS\tasks\AutoKMS.job --a------ C:\AutoKMS_Dylan\AutoKMS.exe [19-02-2012 15:22] C:\WINDOWS\tasks\avast\Undetermined Task.exe [] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1627227090-3052154592-1259039538-1008Core.job --a------ C:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1627227090-3052154592-1259039538-1008UA.job --a------ C:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03-01-2011 09:10] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03-01-2011 09:10] C:\WINDOWS\tasks\MP Scheduled Scan.job --ah----- [Undetermined Task] C:\WINDOWS\tasks\PC instellen.job --a------ C:\Apps\SMP\PC:SETUP.exe [] C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1627227090-3052154592-1259039538-1006.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [08-11-2011 17:14] C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1627227090-3052154592-1259039538-1007.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [08-11-2011 17:14] C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1627227090-3052154592-1259039538-1008.job --a------ [Undetermined Task] C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1627227090-3052154592-1259039538-1006.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [08-11-2011 17:14] C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1627227090-3052154592-1259039538-1007.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [08-11-2011 17:14] C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1627227090-3052154592-1259039538-1008.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [08-11-2011 17:14] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: D:\Documents and Settings\nanda.049763920274\Application Data\Mozilla\Firefox\Profiles\34p9bvug.default ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25 D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 0C8597DBC74AAF5179471BA013E3C6B4 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash 101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update F045DF7AF127DC4BCC53421850114E15 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In F833DD5D8F959819F44BC98F47B1B6BB - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 65D09D8BC91D74C8800725EB33D1EE1B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 0132218093298D7F72A40222F4FBF04F - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2 A7DA4A3F6E86E55E25F60D2BA46B24D0 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2 CE1411064661AFB6DC4E18BACB50BF61 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2 052575195474BA9646272680BF993D64 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2 A8CD2D78D83C1466BB81BBC94A6C96A3 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2 136ECFCBEA4FBFF8918D3B4AE2729C7F - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2 1E17EB861D4EAD9CAC51C246B5E3426A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2 F7B9148F6E0DB4F722634452DFF578E0 - c:\program files\real\realplayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin 3170FDFA0CCE1D9133B6546315D11983 - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) 76C5ADFE97A6960D0851522EA7AA5AF4 - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) 879AAD363252B682EF9550428E8C1FEA - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) 692C1CC6A09FDE9F356524DD0D0391B8 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll - RealPlayer Version Plugin 41250B1A04941764C2FB253DBBEB882B - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 3CB231F12674D3CB0AC1F5EDE9578E85 - C:\WINDOWS\system32\npwmsdrm.dll - Microsoft® Windows Media Services 7A75CCAA7E3CE0B14F7428F1731CF4C9 - C:\WINDOWS\system32\Npindeo.dll - Intel Indeo® video 5.1 PD Plug-In 3EA079023D32054BFD73D08E77C72609 - C:\WINDOWS\system32\npptools.dll - Besturingssysteem Microsoft® Windows® 7D28153B7D586330678AD522B71D89CB - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jfmjfhklogoienhpfnppmbcbjfjnkonk - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[10-12-2011 19:09] YouTube - nanda.049763920274 - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - nanda.049763920274 - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf avast WebRep - nanda.049763920274 - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda RealPlayer HTML5Video Downloader Extension - nanda.049763920274 - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk Gmail - nanda.049763920274 - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia avast WebRep - shahin.049763920274 - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda RealPlayer HTML5Video Downloader Extension - shahin.049763920274 - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.startpagina.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.startpagina.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully D:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully D:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Excel.lnk - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\Find Drivers with DriverAgent.lnk - D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\eSupport.com\driveragent_492[1].exe D:\Documents and Settings\nanda.049763920274\Bureaublad\HiJackThis.lnk - D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Live Messenger .lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Bureaublad\Word.lnk - C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Documents and Settings\nanda.049763920274\Bureaublad\µTorrent.lnk - C:\Program Files\utorrent\utorrent.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Adobe Reader 7.0.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Gebruikershandleiding (Packard Bell InfoCentre).lnk - C:\DIVTOOLS\SETORUN.EXE mypcdoc\setup.ini D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Packard Bell Demo.lnk - C:\Program Files\ShowTime\bin\showtime.scr /s D:\Documents and Settings\nanda.049763920274\Bureaublad\Ongebruikte bureaubladpictogrammen\Video Tool Box 2.0 SE.lnk - C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe ==== shortcuts on All Users Desktop ====================== D:\Documents and Settings\All Users\Bureaublad\Adobe Reader X .lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe D:\Documents and Settings\All Users\Bureaublad\avast Free Antivirus.lnk - D:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe D:\Documents and Settings\All Users\Bureaublad\CyberLink PowerDirector Express.lnk - C:\Program Files\CyberLink\PowerDirector Express\PowerDirector.exe D:\Documents and Settings\All Users\Bureaublad\CyberLink PowerProducer.lnk - C:\Program Files\CyberLink\PowerProducer\Producer.exe D:\Documents and Settings\All Users\Bureaublad\HP Photosmart Essential.lnk - C:\Program Files\HP\Photosmart Essential\HP_IZE.exe D:\Documents and Settings\All Users\Bureaublad\HP Solution Center.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe D:\Documents and Settings\All Users\Bureaublad\Internetbrowser selecteren.lnk - C:\WINDOWS\system32\browserchoice.exe /launch D:\Documents and Settings\All Users\Bureaublad\Logitech QuickCam.lnk - C:\Program Files\Logitech\Video\Launcher.exe D:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe D:\Documents and Settings\All Users\Bureaublad\Mijn Logitech-foto's.lnk - C:\WINDOWS\explorer.exe ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{400CFEE2-39D0-46dc-96DF-E0BB5A4324B3} D:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\All Users\Bureaublad\Photo Impact 10.lnk - C:\APPS\upi10\Ulead Systems\Ulead PhotoImpact 10 SE\Iedit.exe D:\Documents and Settings\All Users\Bureaublad\PowerDVD.lnk - C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe D:\Documents and Settings\All Users\Bureaublad\RealPlayer.lnk - C:\Program Files\real\realplayer\realplay.exe /launch:desktop D:\Documents and Settings\All Users\Bureaublad\Skype.lnk - C:\WINDOWS\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe D:\Documents and Settings\All Users\Bureaublad\Speccy.lnk - C:\Program Files\Speccy\Speccy.exe D:\Documents and Settings\All Users\Bureaublad\Video Studio 8 SE.lnk - C:\APPS\UVS8_NL\vstudio.exe ==== shortcuts in All Users Start Menu ====================== D:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Access 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe D:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe D:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Office Word 2003.lnk - C:\WINDOWS\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe D:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office\Microsoft Word 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe ==== shortcuts in Quick Launch ====================== D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Watch SE Plus.lnk - C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Watch.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\McAfee EasyNetwork.lnk - C:\Program Files\McAfee\MHN\McENUI.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.22find.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST3300831AS_4NF0T9SEXXXX4NF0T9SE&ts=1360999381 D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\nanda.049763920274\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} SmpcSys = C:\APPS\SMP\SmpSys.exe [Packard Bell BV] MsnMsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [file not found] LogitechSoftwareUpdate = "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot [Logitech Inc.] ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [MS] PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [MS] PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [MS] High Definition Audio Property Page Shortcut = HDAShCut.exe [Windows (R) Server 2003 DDK provider] ATICCC = "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [null data] Ulead AutoDetector v2 = C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [Ulead Systems, Inc.] PCMService = "c:\apps\Powercinema\PCMService.exe" [CyberLink Corp.] ACTIVBOARD = c:\apps\ABoard\ABoard.exe [NEC Computers International] WiPen = C:\Program Files\WiPen\wpmanage.exe [Packard Bell Services] HP Software Update = c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard Co.] RTHDCPL = RTHDCPL.EXE [Realtek Semiconductor Corp.] LVCOMSX = C:\WINDOWS\system32\LVCOMSX.EXE [Logitech Inc.] LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe [Logitech Inc.] LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe [Logitech Inc.] Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software] TkBellExe = "C:\program files\real\realplayer\update\realsched.exe" -osboot [RealNetworks, Inc.] APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime [Apple Inc.] BCSSync = "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS] SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM...CLSID} = RealPlayer Download and Record Plugin for Internet Explorer \InProcServer32\(Default) = D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided) -> {HKLM...CLSID} = avast! WebRep \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live Aanmelden - Help \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Notifier BHO \InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [Google Inc.] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal-pictogramuitbreiding -> {HKLM...CLSID} = HyperTerminal Icon Ext \InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.] {5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = c:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll [empty string] {DEE12703-6333-4D4E-8F34-738C4DCC2E04} = RecordNow! SendToExt -> {HKLM...CLSID} = RecordNow! SendToExt \InProcServer32\(Default) = C:\Apps\RecordNow\shlext.dll [null data] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS] {400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} = My Logitech Pictures -> {HKLM...CLSID} = My Logitech Pictures \InProcServer32\(Default) = C:\Program Files\Logitech\Video\Namespc2.dll [Logitech Inc.] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {472083B0-C522-11CF-8763-00608CC02F24} = avast -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player -> {HKLM...CLSID} = RealOne Player Context Menu Class \InProcServer32\(Default) = c:\program files\real\realplayer\rpshell.dll [RealNetworks, Inc.] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...CLSID} = Werkruimten \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM...CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = Microsoft AntiMalware ShellExecuteHook -> {HKLM...CLSID} = Microsoft AntiMalware ShellExecuteHook \InProcServer32\(Default) = C:\PROGRA~1\WIFD1F~1\MpShHook.dll [MS] <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = Ati2evxx.dll [ATI Technologies Inc.] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> application/x-internet-signup\CLSID = {A173B69A-1F9B-4823-9FDA-412F641E65D6} -> {HKLM...CLSID} = INSMimeFilterPP Class \InProcServer32\(Default) = C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll [null data] <> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [file not found] <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [file not found] <> mso-offdap11\CLSID = {32505114-5902-49B2-880A-1F7738E5A384} -> {HKLM...CLSID} = Data Page Plugable Protocal mso-offdap11 Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL [MS] <> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -> {HKLM...CLSID} = IEProtocolHandler Class \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [Skype Technologies] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000} -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = c:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll [empty string] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\ NoChangingWallpaper = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Prevent changing wallpaper} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ disableregistrytools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ disablecmd = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Disable the command prompt} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\WINDOWS\system32\ssstars.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ HPGGPhotoEventHandler\ Provider = HP Photosmart Essential InvokeProgID = HP.acquireautoplayG InvokeVerb = open HKLM\SOFTWARE\Classes\HP.acquireautoplayG\shell\open\DropTarget\CLSID = {F3A39B00-BE67-4d7d-BED7-53E9C510EC5B} -> {HKLM...CLSID} = HP AcquireAutoPlay2 Class \InProcServer32\(Default) = C:\Program Files\HP\Photosmart Essential\AcquireAutoPlay.dll [empty string] HPUnloadAutoplay\ Provider = HP Transfer en Quick Print InvokeProgID = HpqUnApl.Autoplay InvokeVerb = Play HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = {E1A1C814-FD09-4c9d-BB4A-0394B836A1F0} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = c:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe [Hewlett-Packard] LogitechQuickSync\ Provider = Logitech QuickSync InvokeProgID = Applications\QSync.exe InvokeVerb = open HKLM\SOFTWARE\Classes\Applications\QSync.exe\shell\open\command\(Default) = "C:\Program Files\Logitech\Video\QSync.exe" [Logitech Inc.] MSWMEncVCArrival\ Provider = Windows Media Encoder 9 Series ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Program Files\Windows Media Components\Encoder\WMEnc.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] MSWPDShellNamespaceHandler\ Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] PCinemaDCameraArrival\ Provider = PowerCinema InvokeProgID = Picture InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\Picture\shell\PlayWithPowerCinema\Command\(Default) = "c:\apps\Powercinema\PowerCinema.exe" AUTOPLAY DSC "%L" [CyberLink Corp.] PCinemaDVArrival\ Provider = PowerCinema ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "c:\apps\Powercinema\PowerCinema.exe" DV "%L" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] PCinemaMusicFilesArrival\ Provider = PowerCinema InvokeProgID = MusicFiles InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithPowerCinema\Command\(Default) = "c:\apps\Powercinema\PowerCinema.exe" AUTOPLAY MUSIC "%L" [CyberLink Corp.] PCinemaPlayCDAudioOnArrival\ Provider = PowerCinema InvokeProgID = AudioCD InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\Command\(Default) = "c:\apps\Powercinema\PowerCinema.exe" AUTOPLAY CD "%L" [CyberLink Corp.] PCinemaPlayDVDMovieOnArrival\ Provider = PowerCinema InvokeProgID = DVD InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerCinema\Command\(Default) = "c:\apps\Powercinema\PowerCinema.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.] PCinemaVideoFilesArrival\ Provider = PowerCinema InvokeProgID = VideoFiles InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithPowerCinema\Command\(Default) = "c:\apps\Powercinema\PowerCinema.exe" AUTOPLAY VIDEO "%L" [CyberLink Corp.] PDirXDVArrival\ Provider = PowerDirector Express ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files\CyberLink\PowerDirector Express\PowerDirector.exe" /DV HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] PDVDPlayDVDMovieOnArrival\ Provider = PowerDVD InvokeProgID = DVD InvokeVerb = PlayWithPowerDVD HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l" [CyberLink Corp.] PPCDBurningOnArrival\ Provider = PowerProducer InvokeProgID = Picture InvokeVerb = OpenWithPowerProducer HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = "C:\Program Files\CyberLink\PowerProducer\Producer.exe" [CyberLink] PPDCameraArrival\ Provider = PowerProducer InvokeProgID = Picture InvokeVerb = OpenWithPowerProducer HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = "C:\Program Files\CyberLink\PowerProducer\Producer.exe" [CyberLink] PPDVArrival\ Provider = PowerProducer ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files\CyberLink\PowerProducer\Producer.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] RPCDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.CDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /burn "%1" [RealNetworks, Inc.] RPDeviceOnArrival\ Provider = RealPlayer ProgID = RealPlayer.HWEventHandler HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = {67E76F1D-BDE2-4052-913C-2752366192D2} -> {HKLM...CLSID} = RealNetworks Scheduler \LocalServer32\(Default) = "c:\program files\real\realplayer\Update\realsched.exe" -autoplay [RealNetworks, Inc.] RPDVDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /burndvd "%1" [RealNetworks, Inc.] RPPlayCDAudioOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AudioCD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /play %1 [RealNetworks, Inc.] RPPlayDVDMovieOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /dvd %1 [RealNetworks, Inc.] RPPlayMediaOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AutoPlay.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /autoplay "%1" [RealNetworks, Inc.] SonicRnAudioCD\ Provider = Sonic RecordNow! InvokeProgID = Sonic.RecordNow InvokeVerb = AudioCDJob HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\AudioCDJob\Command\(Default) = "C:\Apps\RecordNow\RecordNow.exe" /AudioCDJob %L [null data] SonicRnBurnAudioCD\ Provider = Sonic RecordNow! InvokeProgID = Sonic.RecordNow InvokeVerb = AudioCDTarget HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\AudioCDTarget\Command\(Default) = "C:\Apps\RecordNow\RecordNow.exe" /AudioCDTarget %L [null data] SonicRnBurnDataDisc\ Provider = Sonic RecordNow! InvokeProgID = Sonic.RecordNow InvokeVerb = DataDiscTarget HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\DataDiscTarget\Command\(Default) = "C:\Apps\RecordNow\RecordNow.exe" /DataDiscTarget %L [null data] SonicRnCopyCD\ Provider = Sonic RecordNow! InvokeProgID = Sonic.RecordNow InvokeVerb = CopyDiscJob HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\CopyDiscJob\Command\(Default) = "C:\Apps\RecordNow\RecordNow.exe" /CopyDiscJob %L [null data] SonicRnCopyDisc\ Provider = Sonic RecordNow! InvokeProgID = Sonic.RecordNow InvokeVerb = CopyDiscJob HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\CopyDiscJob\Command\(Default) = "C:\Apps\RecordNow\RecordNow.exe" /CopyDiscJob %L [null data] SonicVideoCameraArrival\ Provider = Sonic Solutions ProgID = MyDVD.MyDVDAPHandler InitCmdLine = new HKLM\SOFTWARE\Classes\MyDVD.MyDVDAPHandler\CLSID\(Default) = {3D5EF619-F606-4FAA-97C0-222B7DCA05EC} -> {HKLM...CLSID} = MyDVDAPHandler Class \LocalServer32\(Default) = C:\Program Files\Sonic\MyDVD\MyDVD.exe -autoplay [Sonic Solutions] SonicVideoCameraArrivalDirect\ Provider = Sonic Solutions ProgID = MyDVD.MyDVDAPHandler InitCmdLine = direct HKLM\SOFTWARE\Classes\MyDVD.MyDVDAPHandler\CLSID\(Default) = {3D5EF619-F606-4FAA-97C0-222B7DCA05EC} -> {HKLM...CLSID} = MyDVDAPHandler Class \LocalServer32\(Default) = C:\Program Files\Sonic\MyDVD\MyDVD.exe -autoplay [Sonic Solutions] UVSFolder\ Provider = Ulead VideoStudio 8.0 SE DVD ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\APPS\UVS8_NL\vstudio.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] VTBFolder\ Provider = Ulead ToolBox 2.0 ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] Startup items in "nanda" & "All Users" startup folders: ------------------------------------------------------- D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten {++} HP Digital Imaging Monitor -> shortcut to: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Co.] Logitech Desktop Messenger -> shortcut to: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start [Logitech] Enabled Scheduled Tasks: {++} ------------------------ Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] AutoKMS -> launches: C:\AutoKMS_Dylan\AutoKMS.exe [null data] avast! Emergency Update -> launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software] FacebookUpdateTaskUserS-1-5-21-1627227090-3052154592-1259039538-1008Core -> launches: D:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe /c /nocrashserver [Facebook Inc.] FacebookUpdateTaskUserS-1-5-21-1627227090-3052154592-1259039538-1008UA -> launches: D:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler [Facebook Inc.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] MP Scheduled Scan -> launches: C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges [MS] PC instellen -> launches: C:\Apps\SMP\PCSETUP.EXE /REM [Packard Bell BV] RealUpgradeLogonTaskS-1-5-21-1627227090-3052154592-1259039538-1006 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck [RealNetworks, Inc.] RealUpgradeLogonTaskS-1-5-21-1627227090-3052154592-1259039538-1007 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck [RealNetworks, Inc.] RealUpgradeLogonTaskS-1-5-21-1627227090-3052154592-1259039538-1008 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck [RealNetworks, Inc.] RealUpgradeScheduledTaskS-1-5-21-1627227090-3052154592-1259039538-1006 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck [RealNetworks, Inc.] RealUpgradeScheduledTaskS-1-5-21-1627227090-3052154592-1259039538-1007 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck [RealNetworks, Inc.] RealUpgradeScheduledTaskS-1-5-21-1627227090-3052154592-1259039538-1008 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck [RealNetworks, Inc.] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000004\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided) -> {HKLM...CLSID} = avast! WebRep \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software] {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoek Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Onderzoek BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...CLSID} = &Onderzoek \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [MS] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ MenuText = @xpsp3res.dll,-20001 Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, C:\WINDOWS\system32\Ati2evxx.exe [ATI Technologies Inc.] avast! Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [AVAST Software] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] CyberLink Background Capture Service (CBCS), CLCapSvc, "c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe" [empty string] CyberLink Media Library Service, CyberLink Media Library Service, "c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe" [Cyberlink] CyberLink Task Scheduler (CTS), CLSched, "c:\apps\Powercinema\Kernel\TV\CLSched.exe" [empty string] Java Quick Starter, JavaQuickStarterService, "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation] LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [Hewlett-Packard Company] LiveUpdate Notice Service, LiveUpdate Notice Service, "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /m PifEng.dll [Symantec Corporation] Mobiel Apple apparaat, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] Office Software Protection Platform, osppsvc, "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [MS] Pml Driver HPZ12, Pml Driver HPZ12, C:\WINDOWS\system32\HPZipm12.exe [HP] PnkBstrA, PnkBstrA, C:\WINDOWS\system32\PnkBstrA.exe [null data] Ulead Burning Helper, UleadBurningHelper, C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [Ulead Systems, Inc.] Windows Defender, WinDefend, "C:\Program Files\Windows Defender\MsMpEng.exe" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> MCODS, <> PEVSystemStart, Service <> procexp90.Sys, Driver HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> MCODS, <> PEVSystemStart, Service <> procexp90.Sys, Driver Keyboard Driver Filters: ------------------------ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ <> UpperFilters = <> aswKbd [AVAST Software],kbdclass [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ hpzsnt12\Driver = hpzsnt12.dll [HP] Microsoft Document Imaging Writer Monitor\Driver = mdimon.dll [MS] ==== Empty IE Cache ====================== D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\aziz.049763920274\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\aziz.049763920274\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService.NT AUTHORITY.001\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService.NT AUTHORITY.003\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService.NT AUTHORITY.003\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService.NT AUTHORITY.004\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\nanda.049763920274\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\NetworkService.NT AUTHORITY.003\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\NetworkService.NT AUTHORITY.004\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\shahin.049763920274\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\shahin.049763920274\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService.NT AUTHORITY.004\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot D:\Documents and Settings\nanda.049763920274\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== D:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3o45w215.default\Cache emptied successfully D:\Documents and Settings\aziz.049763920274\Local Settings\Application Data\Mozilla\Firefox\Profiles\mt4z2d76.default\Cache emptied successfully D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\Mozilla\Firefox\Profiles\34p9bvug.default\Cache emptied successfully D:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Mozilla\Firefox\Profiles\kamvp5el.default\Cache emptied successfully ==== Empty Chrome Cache ====================== D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully D:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "D:\Documents and Settings\LocalService.NT AUTHORITY.004\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "D:\Documents and Settings\nanda.049763920274\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on zo 08-09-2013 at 11:47:33,98 ====================== Zoek.exe Version 4.0.0.4 Updated 07-September-2013 Tool run by nanda on zo 08-09-2013 at 12:01:47,85. Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\zoek\zoek.exe [Script inserted] [Checkboxes used] ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3o45w215.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Added to D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3o45w215.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from D:\Documents and Settings\aziz.049763920274\Application Data\Mozilla\Firefox\Profiles\mt4z2d76.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Added to D:\Documents and Settings\aziz.049763920274\Application Data\Mozilla\Firefox\Profiles\mt4z2d76.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from D:\Documents and Settings\nanda.049763920274\Application Data\Mozilla\Firefox\Profiles\34p9bvug.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Added to D:\Documents and Settings\nanda.049763920274\Application Data\Mozilla\Firefox\Profiles\34p9bvug.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from D:\Documents and Settings\shahin.049763920274\Application Data\Mozilla\Firefox\Profiles\kamvp5el.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Added to D:\Documents and Settings\shahin.049763920274\Application Data\Mozilla\Firefox\Profiles\kamvp5el.default\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"=- ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2013-09-05 10:21:54 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe 2013-09-05 10:21:54 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe 2013-09-05 10:21:54 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe 2013-09-05 10:21:54 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe 2013-09-05 10:21:54 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe ====== D:\DOCUME~1\NANDA~1.049\LOCALS~1\Temp ==== ====== C:\WINDOWS\system32 ===== 2013-09-02 15:41:58 1D9B3568CFDB55316985A053D6D96030 94632 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge.dll ====== C:\WINDOWS\system32\drivers ===== ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= D: ===== ====== D:\Documents and Settings\nanda.049763920274\Application Data ====== ====== D:\Documents and Settings\nanda.049763920274 ====== 2013-08-19 14:53:12 B2943B580DFABBC9588A700A349FC846 11 ----a-w- D:\Documents and Settings\aziz.049763920274\usb001 2013-08-19 14:52:31 B2944A4AC5289FF45105BFD9395FBC27 17 ----a-w- D:\Documents and Settings\aziz.049763920274\usb 2013-08-19 14:51:21 94260D40F25C108E7515036CFF35792C 10 ----a-w- D:\Documents and Settings\aziz.049763920274\usboo1 ====== C: exe-files == 2013-09-07 10:42:01 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\Trend Micro\nanda.exe 2013-09-07 10:41:37 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\RSIT.exe 2013-09-05 10:21:54 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe 2013-09-05 10:21:54 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe 2013-09-05 10:21:54 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe 2013-09-05 10:21:54 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe 2013-09-05 10:21:54 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe === C: other files == 2013-09-05 10:26:58 E2853CFC026C755827660141E5872D01 16362 ----a-w- C:\Qoobox\BackEnv\SetPath.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" [HKEY_USERS\S-1-5-21-1627227090-3052154592-1259039538-1006\Software\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="C:\APPS\SMP\SmpSys.exe" "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe boot" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" "High Definition Audio Property Page Shortcut"="HDAShCut.exe" "ATICCC"="c:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay" "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" "PCMService"="c:\apps\Powercinema\PCMService.exe" "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" "WiPen"="C:\Program Files\WiPen\wpmanage.exe" "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" "RTHDCPL"="RTHDCPL.EXE" "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe " "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui" "TkBellExe"="C:\program files\real\realplayer\update\realsched.exe -osboot" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe -atboottime" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="C:\APPS\SMP\SmpSys.exe" "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe boot" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" ==== Startup Folders ====================== 2013-06-03 05:30:08 1681 ----a-w- D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk 2013-06-03 05:30:08 1720 ----a-w- D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe [] C:\WINDOWS\tasks\AutoKMS.job --a------ C:\AutoKMS_Dylan\AutoKMS.exe [19-02-2012 15:22] C:\WINDOWS\tasks\avast\Undetermined Task.exe [] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1627227090-3052154592-1259039538-1008Core.job --a------ C:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1627227090-3052154592-1259039538-1008UA.job --a------ C:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03-01-2011 09:10] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03-01-2011 09:10] C:\WINDOWS\tasks\MP Scheduled Scan.job --ah----- C:\Program Files\Windows Defender\MpCmdRun.exe [03-11-2006 18:20] C:\WINDOWS\tasks\PC instellen.job --a------ C:\Apps\SMP\PC:SETUP.exe [] C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1627227090-3052154592-1259039538-1006.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [08-11-2011 17:14] C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1627227090-3052154592-1259039538-1007.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [08-11-2011 17:14] C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1627227090-3052154592-1259039538-1008.job --a------ [Undetermined Task] C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1627227090-3052154592-1259039538-1006.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [08-11-2011 17:14] C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1627227090-3052154592-1259039538-1007.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [08-11-2011 17:14] C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1627227090-3052154592-1259039538-1008.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [08-11-2011 17:14] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: D:\Documents and Settings\nanda.049763920274\Application Data\Mozilla\Firefox\Profiles\34p9bvug.default ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25 D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 0C8597DBC74AAF5179471BA013E3C6B4 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash 101700E93EB905992B518256CB441829 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google Update F045DF7AF127DC4BCC53421850114E15 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In F833DD5D8F959819F44BC98F47B1B6BB - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 65D09D8BC91D74C8800725EB33D1EE1B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 0132218093298D7F72A40222F4FBF04F - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2 A7DA4A3F6E86E55E25F60D2BA46B24D0 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2 CE1411064661AFB6DC4E18BACB50BF61 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2 052575195474BA9646272680BF993D64 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2 A8CD2D78D83C1466BB81BBC94A6C96A3 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2 136ECFCBEA4FBFF8918D3B4AE2729C7F - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2 1E17EB861D4EAD9CAC51C246B5E3426A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2 F7B9148F6E0DB4F722634452DFF578E0 - c:\program files\real\realplayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin 3170FDFA0CCE1D9133B6546315D11983 - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) 76C5ADFE97A6960D0851522EA7AA5AF4 - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) 879AAD363252B682EF9550428E8C1FEA - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) 692C1CC6A09FDE9F356524DD0D0391B8 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll - RealPlayer Version Plugin 41250B1A04941764C2FB253DBBEB882B - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM 0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM 3CB231F12674D3CB0AC1F5EDE9578E85 - C:\WINDOWS\system32\npwmsdrm.dll - Microsoft® Windows Media Services 7A75CCAA7E3CE0B14F7428F1731CF4C9 - C:\WINDOWS\system32\Npindeo.dll - Intel Indeo® video 5.1 PD Plug-In 3EA079023D32054BFD73D08E77C72609 - C:\WINDOWS\system32\npptools.dll - Besturingssysteem Microsoft® Windows® 7D28153B7D586330678AD522B71D89CB - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jfmjfhklogoienhpfnppmbcbjfjnkonk - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[10-12-2011 19:09] YouTube - nanda.049763920274 - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - nanda.049763920274 - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf avast WebRep - nanda.049763920274 - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda RealPlayer HTML5Video Downloader Extension - nanda.049763920274 - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk Gmail - nanda.049763920274 - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia avast WebRep - shahin.049763920274 - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda RealPlayer HTML5Video Downloader Extension - shahin.049763920274 - Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.startpagina.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.startpagina.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== Nothing found to reset ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} SmpcSys = C:\APPS\SMP\SmpSys.exe [Packard Bell BV] MsnMsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [file not found] LogitechSoftwareUpdate = "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot [Logitech Inc.] ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [MS] PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [MS] PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [MS] High Definition Audio Property Page Shortcut = HDAShCut.exe [Windows (R) Server 2003 DDK provider] ATICCC = "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [null data] Ulead AutoDetector v2 = C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [Ulead Systems, Inc.] PCMService = "c:\apps\Powercinema\PCMService.exe" [CyberLink Corp.] ACTIVBOARD = c:\apps\ABoard\ABoard.exe [NEC Computers International] WiPen = C:\Program Files\WiPen\wpmanage.exe [Packard Bell Services] HP Software Update = c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard Co.] RTHDCPL = RTHDCPL.EXE [Realtek Semiconductor Corp.] LVCOMSX = C:\WINDOWS\system32\LVCOMSX.EXE [Logitech Inc.] LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe [Logitech Inc.] LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe [Logitech Inc.] Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software] TkBellExe = "C:\program files\real\realplayer\update\realsched.exe" -osboot [RealNetworks, Inc.] APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime [Apple Inc.] BCSSync = "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS] SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM...CLSID} = RealPlayer Download and Record Plugin for Internet Explorer \InProcServer32\(Default) = D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided) -> {HKLM...CLSID} = avast! WebRep \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live Aanmelden - Help \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Notifier BHO \InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [Google Inc.] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal-pictogramuitbreiding -> {HKLM...CLSID} = HyperTerminal Icon Ext \InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.] {5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = c:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll [empty string] {DEE12703-6333-4D4E-8F34-738C4DCC2E04} = RecordNow! SendToExt -> {HKLM...CLSID} = RecordNow! SendToExt \InProcServer32\(Default) = C:\Apps\RecordNow\shlext.dll [null data] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS] {400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} = My Logitech Pictures -> {HKLM...CLSID} = My Logitech Pictures \InProcServer32\(Default) = C:\Program Files\Logitech\Video\Namespc2.dll [Logitech Inc.] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {472083B0-C522-11CF-8763-00608CC02F24} = avast -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = Shell Extensions for RealOne Player -> {HKLM...CLSID} = RealOne Player Context Menu Class \InProcServer32\(Default) = c:\program files\real\realplayer\rpshell.dll [RealNetworks, Inc.] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...CLSID} = Werkruimten \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM...CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = Microsoft AntiMalware ShellExecuteHook -> {HKLM...CLSID} = Microsoft AntiMalware ShellExecuteHook \InProcServer32\(Default) = C:\PROGRA~1\WIFD1F~1\MpShHook.dll [MS] <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = Ati2evxx.dll [ATI Technologies Inc.] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> application/x-internet-signup\CLSID = {A173B69A-1F9B-4823-9FDA-412F641E65D6} -> {HKLM...CLSID} = INSMimeFilterPP Class \InProcServer32\(Default) = C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll [null data] <> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [file not found] <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [file not found] <> mso-offdap11\CLSID = {32505114-5902-49B2-880A-1F7738E5A384} -> {HKLM...CLSID} = Data Page Plugable Protocal mso-offdap11 Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL [MS] <> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -> {HKLM...CLSID} = IEProtocolHandler Class \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [Skype Technologies] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000} -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = c:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll [empty string] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\ NoChangingWallpaper = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Control Panel|Display| Prevent changing wallpaper} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ disableregistrytools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ disablecmd = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Disable the command prompt} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\WINDOWS\system32\ssstars.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ HPGGPhotoEventHandler\ Provider = HP Photosmart Essential InvokeProgID = HP.acquireautoplayG InvokeVerb = open HKLM\SOFTWARE\Classes\HP.acquireautoplayG\shell\open\DropTarget\CLSID = {F3A39B00-BE67-4d7d-BED7-53E9C510EC5B} -> {HKLM...CLSID} = HP AcquireAutoPlay2 Class \InProcServer32\(Default) = C:\Program Files\HP\Photosmart Essential\AcquireAutoPlay.dll [empty string] HPUnloadAutoplay\ Provider = HP Transfer en Quick Print InvokeProgID = HpqUnApl.Autoplay InvokeVerb = Play HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = {E1A1C814-FD09-4c9d-BB4A-0394B836A1F0} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = c:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe [Hewlett-Packard] LogitechQuickSync\ Provider = Logitech QuickSync InvokeProgID = Applications\QSync.exe InvokeVerb = open HKLM\SOFTWARE\Classes\Applications\QSync.exe\shell\open\command\(Default) = "C:\Program Files\Logitech\Video\QSync.exe" [Logitech Inc.] MSWMEncVCArrival\ Provider = Windows Media Encoder 9 Series ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Program Files\Windows Media Components\Encoder\WMEnc.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] MSWPDShellNamespaceHandler\ Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS] PCinemaDCameraArrival\ Provider = PowerCinema InvokeProgID = Picture InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\Picture\shell\PlayWithPowerCinema\Command\(Default) = "c:\apps\Powercinema\PowerCinema.exe" AUTOPLAY DSC "%L" [CyberLink Corp.] PCinemaDVArrival\ Provider = PowerCinema ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "c:\apps\Powercinema\PowerCinema.exe" DV "%L" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] PCinemaMusicFilesArrival\ Provider = PowerCinema InvokeProgID = MusicFiles InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithPowerCinema\Command\(Default) = "c:\apps\Powercinema\PowerCinema.exe" AUTOPLAY MUSIC "%L" [CyberLink Corp.] PCinemaPlayCDAudioOnArrival\ Provider = PowerCinema InvokeProgID = AudioCD InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\Command\(Default) = "c:\apps\Powercinema\PowerCinema.exe" AUTOPLAY CD "%L" [CyberLink Corp.] PCinemaPlayDVDMovieOnArrival\ Provider = PowerCinema InvokeProgID = DVD InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerCinema\Command\(Default) = "c:\apps\Powercinema\PowerCinema.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.] PCinemaVideoFilesArrival\ Provider = PowerCinema InvokeProgID = VideoFiles InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithPowerCinema\Command\(Default) = "c:\apps\Powercinema\PowerCinema.exe" AUTOPLAY VIDEO "%L" [CyberLink Corp.] PDirXDVArrival\ Provider = PowerDirector Express ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files\CyberLink\PowerDirector Express\PowerDirector.exe" /DV HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] PDVDPlayDVDMovieOnArrival\ Provider = PowerDVD InvokeProgID = DVD InvokeVerb = PlayWithPowerDVD HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l" [CyberLink Corp.] PPCDBurningOnArrival\ Provider = PowerProducer InvokeProgID = Picture InvokeVerb = OpenWithPowerProducer HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = "C:\Program Files\CyberLink\PowerProducer\Producer.exe" [CyberLink] PPDCameraArrival\ Provider = PowerProducer InvokeProgID = Picture InvokeVerb = OpenWithPowerProducer HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = "C:\Program Files\CyberLink\PowerProducer\Producer.exe" [CyberLink] PPDVArrival\ Provider = PowerProducer ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files\CyberLink\PowerProducer\Producer.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] RPCDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.CDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /burn "%1" [RealNetworks, Inc.] RPDeviceOnArrival\ Provider = RealPlayer ProgID = RealPlayer.HWEventHandler HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = {67E76F1D-BDE2-4052-913C-2752366192D2} -> {HKLM...CLSID} = RealNetworks Scheduler \LocalServer32\(Default) = "c:\program files\real\realplayer\Update\realsched.exe" -autoplay [RealNetworks, Inc.] RPDVDBurningOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVDBurn.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /burndvd "%1" [RealNetworks, Inc.] RPPlayCDAudioOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AudioCD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /play %1 [RealNetworks, Inc.] RPPlayDVDMovieOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.DVD.6 InvokeVerb = play HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /dvd %1 [RealNetworks, Inc.] RPPlayMediaOnArrival\ Provider = RealPlayer InvokeProgID = RealPlayer.AutoPlay.6 InvokeVerb = open HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "c:\program files\real\realplayer\\RealPlay.exe" /autoplay "%1" [RealNetworks, Inc.] SonicRnAudioCD\ Provider = Sonic RecordNow! InvokeProgID = Sonic.RecordNow InvokeVerb = AudioCDJob HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\AudioCDJob\Command\(Default) = "C:\Apps\RecordNow\RecordNow.exe" /AudioCDJob %L [null data] SonicRnBurnAudioCD\ Provider = Sonic RecordNow! InvokeProgID = Sonic.RecordNow InvokeVerb = AudioCDTarget HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\AudioCDTarget\Command\(Default) = "C:\Apps\RecordNow\RecordNow.exe" /AudioCDTarget %L [null data] SonicRnBurnDataDisc\ Provider = Sonic RecordNow! InvokeProgID = Sonic.RecordNow InvokeVerb = DataDiscTarget HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\DataDiscTarget\Command\(Default) = "C:\Apps\RecordNow\RecordNow.exe" /DataDiscTarget %L [null data] SonicRnCopyCD\ Provider = Sonic RecordNow! InvokeProgID = Sonic.RecordNow InvokeVerb = CopyDiscJob HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\CopyDiscJob\Command\(Default) = "C:\Apps\RecordNow\RecordNow.exe" /CopyDiscJob %L [null data] SonicRnCopyDisc\ Provider = Sonic RecordNow! InvokeProgID = Sonic.RecordNow InvokeVerb = CopyDiscJob HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\CopyDiscJob\Command\(Default) = "C:\Apps\RecordNow\RecordNow.exe" /CopyDiscJob %L [null data] SonicVideoCameraArrival\ Provider = Sonic Solutions ProgID = MyDVD.MyDVDAPHandler InitCmdLine = new HKLM\SOFTWARE\Classes\MyDVD.MyDVDAPHandler\CLSID\(Default) = {3D5EF619-F606-4FAA-97C0-222B7DCA05EC} -> {HKLM...CLSID} = MyDVDAPHandler Class \LocalServer32\(Default) = C:\Program Files\Sonic\MyDVD\MyDVD.exe -autoplay [Sonic Solutions] SonicVideoCameraArrivalDirect\ Provider = Sonic Solutions ProgID = MyDVD.MyDVDAPHandler InitCmdLine = direct HKLM\SOFTWARE\Classes\MyDVD.MyDVDAPHandler\CLSID\(Default) = {3D5EF619-F606-4FAA-97C0-222B7DCA05EC} -> {HKLM...CLSID} = MyDVDAPHandler Class \LocalServer32\(Default) = C:\Program Files\Sonic\MyDVD\MyDVD.exe -autoplay [Sonic Solutions] UVSFolder\ Provider = Ulead VideoStudio 8.0 SE DVD ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\APPS\UVS8_NL\vstudio.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] VTBFolder\ Provider = Ulead ToolBox 2.0 ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Program Files\Ulead Systems\Ulead Video ToolBox 2.0 SE\VToolBox.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = ShellExecute HW Event Handler \LocalServer32\(Default) = rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] Startup items in "nanda" & "All Users" startup folders: ------------------------------------------------------- D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten {++} HP Digital Imaging Monitor -> shortcut to: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Co.] Logitech Desktop Messenger -> shortcut to: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start [Logitech] Enabled Scheduled Tasks: {++} ------------------------ Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] AutoKMS -> launches: C:\AutoKMS_Dylan\AutoKMS.exe [null data] avast! Emergency Update -> launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software] FacebookUpdateTaskUserS-1-5-21-1627227090-3052154592-1259039538-1008Core -> launches: D:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe /c /nocrashserver [Facebook Inc.] FacebookUpdateTaskUserS-1-5-21-1627227090-3052154592-1259039538-1008UA -> launches: D:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler [Facebook Inc.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] MP Scheduled Scan -> launches: C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges [MS] PC instellen -> launches: C:\Apps\SMP\PCSETUP.EXE /REM [Packard Bell BV] RealUpgradeLogonTaskS-1-5-21-1627227090-3052154592-1259039538-1006 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck [RealNetworks, Inc.] RealUpgradeLogonTaskS-1-5-21-1627227090-3052154592-1259039538-1007 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck [RealNetworks, Inc.] RealUpgradeLogonTaskS-1-5-21-1627227090-3052154592-1259039538-1008 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck [RealNetworks, Inc.] RealUpgradeScheduledTaskS-1-5-21-1627227090-3052154592-1259039538-1006 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck [RealNetworks, Inc.] RealUpgradeScheduledTaskS-1-5-21-1627227090-3052154592-1259039538-1007 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck [RealNetworks, Inc.] RealUpgradeScheduledTaskS-1-5-21-1627227090-3052154592-1259039538-1008 -> launches: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck [RealNetworks, Inc.] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000004\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided) -> {HKLM...CLSID} = avast! WebRep \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software] {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoek Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Onderzoek BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...CLSID} = &Onderzoek \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [MS] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ MenuText = @xpsp3res.dll,-20001 Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, C:\WINDOWS\system32\Ati2evxx.exe [ATI Technologies Inc.] avast! Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [AVAST Software] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] CyberLink Background Capture Service (CBCS), CLCapSvc, "c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe" [empty string] CyberLink Media Library Service, CyberLink Media Library Service, "c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe" [Cyberlink] CyberLink Task Scheduler (CTS), CLSched, "c:\apps\Powercinema\Kernel\TV\CLSched.exe" [empty string] Java Quick Starter, JavaQuickStarterService, "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation] LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [Hewlett-Packard Company] LiveUpdate Notice Service, LiveUpdate Notice Service, "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /m PifEng.dll [Symantec Corporation] Mobiel Apple apparaat, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] Office Software Protection Platform, osppsvc, "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [MS] Pml Driver HPZ12, Pml Driver HPZ12, C:\WINDOWS\system32\HPZipm12.exe [HP] PnkBstrA, PnkBstrA, C:\WINDOWS\system32\PnkBstrA.exe [null data] Ulead Burning Helper, UleadBurningHelper, C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [Ulead Systems, Inc.] Windows Defender, WinDefend, "C:\Program Files\Windows Defender\MsMpEng.exe" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> MCODS, <> PEVSystemStart, Service <> procexp90.Sys, Driver HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> MCODS, <> PEVSystemStart, Service <> procexp90.Sys, Driver Keyboard Driver Filters: ------------------------ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ <> UpperFilters = <> aswKbd [AVAST Software],kbdclass [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ hpzsnt12\Driver = hpzsnt12.dll [HP] Microsoft Document Imaging Writer Monitor\Driver = mdimon.dll [MS] ==== Empty IE Cache ====================== D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\Aziz\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\aziz.049763920274\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\aziz.049763920274\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService.NT AUTHORITY.001\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService.NT AUTHORITY.003\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService.NT AUTHORITY.003\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService.NT AUTHORITY.004\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\nanda.049763920274\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\NetworkService.NT AUTHORITY.001\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\NetworkService.NT AUTHORITY.003\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\NetworkService.NT AUTHORITY.004\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\shahin.049763920274\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\shahin.049763920274\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully D:\Documents and Settings\LocalService.NT AUTHORITY.004\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot D:\Documents and Settings\nanda.049763920274\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== D:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\3o45w215.default\Cache emptied successfully D:\Documents and Settings\aziz.049763920274\Local Settings\Application Data\Mozilla\Firefox\Profiles\mt4z2d76.default\Cache emptied successfully D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\Mozilla\Firefox\Profiles\34p9bvug.default\Cache emptied successfully D:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Mozilla\Firefox\Profiles\kamvp5el.default\Cache emptied successfully ==== Empty Chrome Cache ====================== D:\Documents and Settings\nanda.049763920274\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully D:\Documents and Settings\shahin.049763920274\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied ==== Deleting Files / Folders ====================== "D:\Documents and Settings\LocalService.NT AUTHORITY.004\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "D:\Documents and Settings\nanda.049763920274\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted ==== EOF on zo 08-09-2013 at 12:58:32,60 ======================