Zoek.exe v5.0.0.0 Updated 06-September-2014 Tool run by Wilma on za 06-09-2014 at 22:27:16,61. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Wilma\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-08-29-200910.log 26365 bytes C:\zoek-results2014-09-04-202617.log 26649 bytes ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\EPSON\EPW3 SSRP\E_S50ST7.EXE C:\Program Files\Common Files\EPSON\EPW3 SSRP\E_S50RP7.EXE C:\Windows\system32\PSIService.exe C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe C:\Users\Wilma\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\DllHost.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Users\Wilma\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k SDRSVC ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== ==== System Specs ====================== Windows: Windows 7 Home Premium Edition Service Pack 1 (Build 7601) Memory (RAM): 3064 MB CPU Info: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz CPU Speed: 2979,9 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek HDMI Output (Realtek Hi | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce GT 330 | NVIDIA GeForce GT 330 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GH22NS50 Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 910,4GB | D: 20,0GB | I: 465,5GB Hard Disks - Free: C: 778,6GB | D: 10,9GB | I: 118,5GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 12/11/09 | MEDION - 20091211 Time Zone: West-Europa (standaardtijd) Motherboard *: MEDIONPC MS-7616 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Internet Explorer Version: 11.0.9600.17239 Mozilla Firefox version: 26.0 (x86 nl) Google Chrome version: 36.0.1985.143 Adobe Reader version: 11.0.8.4 Sun Java version: 1.7.0_67 (32-bit) Shockwave Player version: 12.1r150 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Wilma\AppData\Local\Temp ==== ====== Java Cache ===== 2014-09-05 18:41:03 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Wilma\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-40dde481 ====== C:\Windows\system32 ===== 2014-08-28 18:53:21 EC6E2DB67695966DF22CF5EBEFC1D305 2425856 ----a-w- C:\Windows\System32\wucltux.dll 2014-08-28 18:53:21 D9B0134913E5EF007AF82A418C503322 1973728 ----a-w- C:\Windows\System32\wuaueng.dll 2014-08-28 18:53:21 459E257F8915D44B23ACB46211FD45D0 45536 ----a-w- C:\Windows\System32\wups2.dll 2014-08-28 18:53:21 072678E0D68E9C3A7960328671134C7B 54240 ----a-w- C:\Windows\System32\wuauclt.exe 2014-08-28 18:53:09 867148EBF47E7E7E7B21C07B4A981929 581600 ----a-w- C:\Windows\System32\wuapi.dll 2014-08-28 18:53:09 372218B80DEF827063049EBEE76B7501 92672 ----a-w- C:\Windows\System32\wudriver.dll 2014-08-28 18:53:09 255F0417EC31C71585824269522EC8E9 36320 ----a-w- C:\Windows\System32\wups.dll 2014-08-28 18:52:57 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\System32\wuapp.exe 2014-08-28 18:52:57 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\System32\wuwebv.dll 2014-08-27 18:37:53 DBF9369D554A229DB0D554BB95A4B0AA 305152 ----a-w- C:\Windows\System32\gdi32.dll 2014-08-27 18:37:53 7DA17C38F8B8F2E89F52C1A08FD447EB 2352640 ----a-w- C:\Windows\System32\win32k.sys 2014-08-24 12:31:17 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\System32\sqlite3.dll ====== C:\Windows\system32\drivers ===== 2014-08-14 11:59:41 3583A5A8CC2E682BFFBD4630D0FEC08B 730048 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-08-14 11:59:41 0EC652D17AB4607745FB4E6958E8FAB6 219072 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-10 20:53:29 -------- d-----w- C:\Program Files\DVD Shrink 2014-08-09 20:21:58 -------- d-----w- C:\Program Files\iPod 2014-08-09 20:21:57 -------- d-----w- C:\Program Files\iTunes ======= C: ===== 2014-08-25 08:06:25 F7F0EABC6E9AFEB0946AFB75E2DF0B97 3826 ----a-w- C:\DelFix.txt ====== C:\Users\Wilma\AppData\Roaming ====== 2014-09-04 20:23:41 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-09-04 20:23:41 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-09-04 20:23:41 -------- d-----w- C:\Users\Wilma\AppData\Local\Temp 2014-09-04 20:23:41 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-09-04 20:23:41 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-08-19 20:17:35 -------- d-sh--w- C:\Users\Wilma\AppData\Locallow\EmieUserList 2014-08-19 20:17:35 -------- d-sh--w- C:\Users\Wilma\AppData\Locallow\EmieSiteList ====== C:\Users\Wilma ====== 2014-09-05 19:51:45 13EC9896CB74B8BD8F6C92135DFACD20 1370467 ----a-w- C:\Users\Wilma\Desktop\adwcleaner_3.309.exe 2014-08-19 20:19:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-08-14 12:56:43 -------- d--h--w- C:\ProgramData\CanonIJEGV 2014-08-14 12:53:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG4200 series Manual 2014-08-14 12:32:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG4200 series 2014-08-10 20:53:30 -------- d-----w- C:\ProgramData\DVD Shrink 2014-08-09 20:22:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes ====== C: exe-files == 2014-09-05 19:51:45 13EC9896CB74B8BD8F6C92135DFACD20 1370467 ----a-w- C:\Users\Wilma\Desktop\adwcleaner_3.309.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1758853393-2436170717-870028114-1000\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU C:\Windows\TEMP\E_S7F3D.tmp /EF HKCU" "Epson Stylus SX420W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU C:\Windows\TEMP\E_SB2FA.tmp /EF HKCU" "iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe" "uTorrent"="C:\Users\Wilma\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "IJNetworkScannerSelectorEX"="C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU C:\Windows\TEMP\E_S7F3D.tmp /EF HKCU" "Epson Stylus SX420W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU C:\Windows\TEMP\E_SB2FA.tmp /EF HKCU" "iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe" "uTorrent"="C:\Users\Wilma\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26-05-2013 17:44] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [26-05-2013 17:44] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{F0B974D7-9310-4C36-A787-1E8256832FD1}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\cccua7wj.default 14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67 0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1 5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin B5371D2C9017EEE216B5361D600B3543 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery 075394F75303286C2FA91908CB781609 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox ==== Chrome Look ====================== Google Docs - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Last updated at time on date - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Wilma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://google.nl/" ], ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {28D707D5-8C07-46AF-B9CE-546BC99D958C} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox" ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:37241" "ProxyOverride"="*origin.com;*ea.com;*akamaihd.net;" "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\Windows\TEMP\E_S7F3D.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Epson Stylus SX420W(Netwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\Windows\TEMP\E_SB2FA.tmp" /EF "HKCU" O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [uTorrent] "C:\Users\Wilma\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O9 - Extra button: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.nl - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1346-72745-17534-1/4 (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Direct3dIndexProcess.exe - Unknown owner - C:\Users\Wilma\AppData\Local\Direct3dIndexProcess\Direct3dIndexProcess.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technologie (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} EPSON SX420W Series = C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\Windows\TEMP\E_S7F3D.tmp" /EF "HKCU" [SEIKO EPSON CORPORATION] Epson Stylus SX420W(Netwerk) = C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE /FU "C:\Windows\TEMP\E_SB2FA.tmp" /EF "HKCU" [SEIKO EPSON CORPORATION] iCloudServices = C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [Apple Inc.] uTorrent = "C:\Users\Wilma\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED [BitTorrent Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} IAStorIcon = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [Intel Corporation] CLMLServer = "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" [CyberLink] RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [Realtek Semiconductor] GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [MS] MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS] APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] IJNetworkScannerSelectorEX = C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [CANON INC.] SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\Wilma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\Wilma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\Wilma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\ONFILTER.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\msohevi.dll [MS] {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper -> {HKLM...CLSID} = NVIDIA CPL Extension \InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler -> {HKLM...CLSID} = Microsoft Office Outlook \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL [MS] {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MICROS~4\shellext.dll [MS] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM...CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> grooveLocalGWS\CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD} -> {HKLM...CLSID} = Local Groove Web Services Protocol \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [MS] <> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS] <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> ms-itss\CLSID = {0A9007C0-4076-11D3-8789-0000F8105754} -> {HKLM...CLSID} = Microsoft Infotech Storage Protocol for IE 4.0 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [MS] <> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS] <> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -> {HKLM...CLSID} = IEProtocolHandler Class \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [Skype Technologies] <> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -> {HKLM...CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS] <> wlpg\CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -> {HKLM...CLSID} = Album Download IE Asynchronous Pluggable Protocol Interface \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Wilma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ ANotepad++\(Default) = {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} -> {HKLM...CLSID} = ANotepad++ \InProcServer32\(Default) = C:\Program Files\Notepad++\NppShell_05.dll [null data] EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MICROS~4\shellext.dll [MS] PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE} -> {HKLM...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Wilma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MICROS~4\shellext.dll [MS] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Wilma\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Wilma\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ Fotoimport25577-18\ Provider = CEWE FOTOIMPORTEERDER InvokeProgID = Fotoimport25577-18 InvokeVerb = play HKLM\SOFTWARE\Classes\Fotoimport25577-18\shell\play\command\(Default) = "C:\Program Files\CEWEFOTOBOEK\CEWE FOTOBOEK\CEWE FOTOIMPORTEERDER.exe" -startDirectory %1 [null data] Fotoschau25577-18\ Provider = CEWE FOTOSHOW InvokeProgID = Fotoschau25577-18 InvokeVerb = play HKLM\SOFTWARE\Classes\Fotoschau25577-18\shell\play\command\(Default) = "C:\Program Files\CEWEFOTOBOEK\CEWE FOTOBOEK\CEWE FOTOSHOW.exe" -d %1 [null data] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] MSLivePhotoAcqHWEventHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = Microsoft.LivePhotoAcqHWEventHandler HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveVideoCameraArrivalCaptureWizard\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = WLXAutoPlayMgr.WLXHWEventHandler InitCmdLine = WLXVideoAcquireWizard HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22} -> {HKLM...CLSID} = WLXWEventHandler Class \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS] P2GCDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankCD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] P2GDVDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankDVD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] Power2GoPlayCDAudioOnArrival\ Provider = Power2Go InvokeProgID = AudioCD InvokeVerb = PlayWithPower2Go HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.] WIA_{BE114C44-746D-4246-B711-40E90C0DF4FA}\ Provider = Microsoft Office Document Scanning CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Common Files\Microsoft Shared\MODI\12.0\MSPSCAN.EXE; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{C417E415-7ADB-47CD-8255-178053BA7A2C}\ Provider = EPSON Scan CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Windows\twain_32\escndv\escndv.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] User_Feed_Synchronization-{F0B974D7-9310-4C36-A787-1E8256832FD1} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS] {C5B81DC5-BF94-4233-975A-3F2F4F2ABDF2} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Wilma\Downloads\epson374999eu (1).exe" -d C:\Users\Wilma\Downloads [MS] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware Microsoft Antimalware Scheduled Scan -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS] MpIdleTask -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS] Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-1758853393-2436170717-870028114-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 30 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoeken Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {0B65DCC9-1740-43DC-B19C-4F309FB6A6CA}\ ButtonText = eBay.nl MenuText = eBay.nl Exec = http://rover.ebay.com/rover/1/1346-72745-17534-1/4 [file not found] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM...CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [MS] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = Verz&enden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...CLSID} = &Onderzoeken \InProcServer32\(Default) = C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] EPSON V3 Service4(04), EPSON_PM_RPCV4_04, C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [SEIKO EPSON CORPORATION] EPSON V5 Service4(04), EPSON_EB_RPCV4_04, C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [SEIKO EPSON CORPORATION] EpsonBidirectionalService, EpsonBidirectionalService, C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [SEIKO EPSON CORPORATION] Intel(R) Rapid Storage Technologie, IAStorDataMgrSvc, "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data] iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS] NVIDIA Display Driver Service, nvsvc, C:\Windows\system32\nvvsvc.exe [NVIDIA Corporation] Office Source Engine, ose, "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [MS] ProtexisLicensing, ProtexisLicensing, C:\Windows\system32\PSIService.exe [null data] TeamViewer 8, TeamViewer8, "C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" [TeamViewer GmbH] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> MsMpSvc, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> MsMpSvc, Service <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor MG4200 series\Driver = CNMLMB9.DLL [CANON INC.] Canon BJNP Port\Driver = CNMNPPM.DLL [CANON INC.] EPSON SX420W Series 32MonitorBE\Driver = E_FLBGCE.DLL [SEIKO EPSON CORPORATION] EpsonNet Print Port\Driver = enppmon.dll [SEIKO EPSON CORPORATION] Microsoft Document Imaging Writer Monitor\Driver = mdimon.dll [MS] Send To Microsoft OneNote Monitor\Driver = msonpmon.dll [MS] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z3UR33N will be deleted at reboot C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRDFASYE will be deleted at reboot C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8V6V7NT will be deleted at reboot C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S9PFQ62D will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Wilma\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3 folders=0 34780 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Wilma\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Wilma\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z3UR33N" not found "C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRDFASYE" not found "C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8V6V7NT" not found "C:\Users\Wilma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S9PFQ62D" not found ==== EOF on za 06-09-2014 at 22:42:18,93 ======================