Zoek.exe v5.0.0.0 Updated 24-12-2014 Tool run by Mark on vr 26/12/2014 at 13:49:38,66. Microsoft® Windows Vista™ Home Premium 6.0.6000 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Mark\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Google\Update\GoogleUpdate.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Acer\Mobility Center\MobilityService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Users\Mark\AppData\Local\Temp\RtkBtMnt.exe C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\IncrediMail\Bin\IncMail.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\IncrediMail\Bin\ImApp.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Mark\Desktop\zoek.exe ==== System Restore Info ====================== 26/12/2014 13:53:00 Zoek.exe System Restore Point Created Succesfully. ==== Windows Installer Info ====================== Acer eDataSecurity Management [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\310EAEEA1F2951542B8731F9A196A263]C:\Windows\Installer\3c086.msi Adobe Reader 8.1.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B7448A0100000030]C:\Windows\Installer\398a6.msi Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0]C:\Windows\Installer\1196197e.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\7a8b2.msi IncrediMail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\60CC09FEA49F65443B449754D2F0154F]C:\Windows\Installer\e3190.msi LightScribe 1.4.142.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E4A683ECAD0D80242853CB4E23576C49]C:\Windows\Installer\23abdd.msi Microsoft .NET Framework 3.5 Language Pack SP1 - nld [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D837101508D9A73BB19F1C2537128FB]C:\Windows\Installer\caab5.msi Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26DDC2EC4210AC63483DF9D4FCC5B59D]C:\Windows\Installer\16239b.msi Microsoft Office Excel MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109610031400000000000F01FEC]C:\Windows\Installer\39834.msi Microsoft Office Home and Student 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119F20000000000000000F01FEC]C:\Windows\Installer\39870.msi Microsoft Office OneNote MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021091A0031400000000000F01FEC]C:\Windows\Installer\3983a.msi Microsoft Office PowerPoint MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109810031400000000000F01FEC]C:\Windows\Installer\39841.msi Microsoft Office Proof (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10031400000000000F01FEC]C:\Windows\Installer\39847.msi Microsoft Office Proof (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10090400000000000F01FEC]C:\Windows\Installer\3985c.msi Microsoft Office Proof (French) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F100C0400000000000F01FEC]C:\Windows\Installer\39855.msi Microsoft Office Proof (German) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10070400000000000F01FEC]C:\Windows\Installer\3984d.msi Microsoft Office Proofing (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109C20031400000000000F01FEC]C:\Windows\Installer\39862.msi Microsoft Office Shared MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109E60031400000000000F01FEC]C:\Windows\Installer\3982e.msi Microsoft Office Word MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109B10031400000000000F01FEC]C:\Windows\Installer\39869.msi Microsoft Security Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B72F7014EE8A3B4C95E94B7213096CD]C:\Windows\Installer\ea970.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\ddb89.msi Microsoft Works [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F28A0A2AF520d8540ADCB92B2380405B]C:\Windows\Installer\3989a.msi MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217]c:\Windows\Installer\4aecac.msi MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE]c:\Windows\Installer\4aeca6.msi NTI CD & DVD-Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B50A775126EECBB4D97BEF47F84AE42C]C:\Windows\Installer\23abd7.msi Photo Notifier and Animation Creator [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\899358D8550154E49BE95F30C9058213]C:\Windows\Installer\6a96df.msi Security Update for CAPICOM (KB931906) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9F2FDFE0D6387BE43AD230B83D1FBFA2]C:\Windows\Installer\ddbb9.msi ==== Empty Folders Check ====================== C:\Program Files\GUMA87E.tmp deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Users\Mark\AppData\Roaming\Lite deleted successfully ==== Checking Systemdrive for Symlinks ====================== De volumenaam van station C is ACER Het volumenummer is 78E7-7161 Map van C:\ 02/11/2006 14:02 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Customizations\Cyberlink 27/07/2007 23:35 Media [\??\C:\Program Files\Acer Arcade Deluxe\PluginsMedia\5.x\Media] 0 bestand(en) 0 bytes Map van C:\Program Files\Acer Arcade Deluxe\DV Wizard\Customizations\Cyberlink\Style\Standard 27/07/2007 23:36 Media [\??\C:\Program Files\Acer Arcade Deluxe\PluginsMedia\5.x\Media] 0 bestand(en) 0 bytes Map van C:\Program Files\Acer Arcade Deluxe\DVDivine\Customizations\Cyberlink\Style\Standard 28/06/2012 20:21 Media [\??\C:\Program Files\Acer Arcade Deluxe\PluginsMedia\5.x\Media] 0 bestand(en) 0 bytes Map van C:\Program Files\Acer Arcade Deluxe\HomeMedia\Customizations\Cyberlink 27/07/2007 23:36 Media [\??\C:\Program Files\Acer Arcade Deluxe\PluginsMedia\5.x\Media] 0 bestand(en) 0 bytes Map van C:\Program Files\Acer Arcade Deluxe\Play Movie\Customizations\Cyberlink\Style\Standard 28/06/2012 20:21 Media [\??\C:\Program Files\Acer Arcade Deluxe\PluginsMedia\5.x\Media] 0 bestand(en) 0 bytes Map van C:\Program Files\Acer Arcade Deluxe\VideoMagician\Customizations\Cyberlink 27/07/2007 23:36 Media [\??\C:\Program Files\Acer Arcade Deluxe\PluginsMedia\5.x\Media] 0 bestand(en) 0 bytes Map van C:\Program Files\Windows NT 28/06/2012 20:15 Bureau-accessoires [C:\Program Files\Windows NT\Accessories] 0 bestand(en) 0 bytes Map van C:\ProgramData 02/11/2006 14:02 Application Data [C:\ProgramData] 28/06/2012 20:15 Bureaublad [C:\Users\Public\Desktop] 02/11/2006 14:02 Desktop [C:\Users\Public\Desktop] 28/06/2012 20:15 Documenten [C:\Users\Public\Documents] 02/11/2006 14:02 Documents [C:\Users\Public\Documents] 28/06/2012 20:15 Favorieten [C:\Users\Public\Favorites] 02/11/2006 14:02 Favorites [C:\Users\Public\Favorites] 28/06/2012 20:15 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 28/06/2012 20:15 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 02/11/2006 14:02 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 02/11/2006 14:02 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\ProgramData\Microsoft\Windows\Start Menu 28/06/2012 20:15 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users 02/11/2006 14:02 All Users [C:\ProgramData] 02/11/2006 14:02 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 02/11/2006 14:02 Application Data [C:\ProgramData] 28/06/2012 20:15 Bureaublad [C:\Users\Public\Desktop] 02/11/2006 14:02 Desktop [C:\Users\Public\Desktop] 28/06/2012 20:15 Documenten [C:\Users\Public\Documents] 02/11/2006 14:02 Documents [C:\Users\Public\Documents] 28/06/2012 20:15 Favorieten [C:\Users\Public\Favorites] 02/11/2006 14:02 Favorites [C:\Users\Public\Favorites] 28/06/2012 20:15 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 28/06/2012 20:15 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 02/11/2006 14:02 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 02/11/2006 14:02 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Microsoft\Windows\Start Menu 28/06/2012 20:15 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default 02/11/2006 14:02 Application Data [C:\Users\Default\AppData\Roaming] 02/11/2006 14:02 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 02/11/2006 14:02 Local Settings [C:\Users\Default\AppData\Local] 28/06/2012 20:15 Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 28/06/2012 20:15 Mijn documenten [C:\Users\Default\Documents] 02/11/2006 14:02 My Documents [C:\Users\Default\Documents] 02/11/2006 14:02 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 28/06/2012 20:15 Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 02/11/2006 14:02 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 02/11/2006 14:02 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 02/11/2006 14:02 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 28/06/2012 20:15 Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 02/11/2006 14:02 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 02/11/2006 14:02 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 02/11/2006 14:02 Application Data [C:\Users\Default\AppData\Local] 28/06/2012 20:15 Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 02/11/2006 14:02 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 02/11/2006 14:02 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 28/06/2012 20:15 Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 28/06/2012 20:15 Mijn afbeeldingen [C:\Users\Default\Pictures] 28/06/2012 20:15 Mijn muziek [C:\Users\Default\Music] 28/06/2012 20:15 Mijn video's [C:\Users\Default\Videos] 02/11/2006 14:02 My Music [C:\Users\Default\Music] 02/11/2006 14:02 My Pictures [C:\Users\Default\Pictures] 02/11/2006 14:02 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Mark 28/06/2012 20:16 Application Data [C:\Users\Mark\AppData\Roaming] 28/06/2012 20:16 Cookies [C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Cookies] 28/06/2012 20:16 Local Settings [C:\Users\Mark\AppData\Local] 28/06/2012 20:16 Menu Start [C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu] 28/06/2012 20:16 Mijn documenten [C:\Users\Mark\Documents] 28/06/2012 20:16 NetHood [C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 28/06/2012 20:16 Netwerkprinteromgeving [C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 28/06/2012 20:16 Recent [C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Recent] 28/06/2012 20:16 SendTo [C:\Users\Mark\AppData\Roaming\Microsoft\Windows\SendTo] 28/06/2012 20:16 Sjablonen [C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Mark\AppData\Local 28/06/2012 20:16 Application Data [C:\Users\Mark\AppData\Local] 28/06/2012 20:16 Geschiedenis [C:\Users\Mark\AppData\Local\Microsoft\Windows\History] 28/06/2012 20:16 Temporary Internet Files [C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu 28/06/2012 20:16 Programma's [C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Mark\Documents 28/06/2012 20:16 Mijn afbeeldingen [C:\Users\Mark\Pictures] 28/06/2012 20:16 Mijn muziek [C:\Users\Mark\Music] 28/06/2012 20:16 Mijn video's [C:\Users\Mark\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 28/06/2012 20:15 Mijn afbeeldingen [C:\Users\Public\Pictures] 28/06/2012 20:15 Mijn muziek [C:\Users\Public\Music] 28/06/2012 20:15 Mijn video's [C:\Users\Public\Videos] 02/11/2006 14:02 My Music [C:\Users\Public\Music] 02/11/2006 14:02 My Pictures [C:\Users\Public\Pictures] 02/11/2006 14:02 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 0 bestand(en) 0 bytes 82 map(pen) 1.068.425.216 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70BA625B-7438-468B-8FF2-CC25941B5D20} deleted successfully HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Acer Arcade Deluxe Acer Crystal Eye webcam Acer Crystal Eye Webcam Video Class Camera Acer eAudio Management Acer eDataSecurity Management Acer eLock Management Acer Empowering Technology Acer eNet Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer GridVista Acer Mobility Center Plug-In Acer ScreenSaver Adobe Flash Player 15 ActiveX Adobe Reader 8.1.0 ALPS Touch Pad Driver Cake Mania Dynasty Galapago Google Chrome Google Toolbar for Internet Explorer Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) IncrediMail IncrediMail 2.0 IncrediMail MediaBar Nederlands 2 Toolbar Launch Manager LightScribe 1.4.142.1 Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 Redistributable Microsoft Works MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NTI Backup NOW 4.7 NTI CD & DVD-Maker NVIDIA Drivers Photo Notifier and Animation Creator PowerProducer 3.72 Realtek High Definition Audio Driver RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Security Update for CAPICOM (KB931906) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920790) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920792) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2984942) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2920793) 32-Bit Edition Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Yahoo Toolbar Zuma Deluxe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Program Files\IncrediMail_MediaBar_Nederlands_2 deleted C:\Users\Mark\appdata\locallow\IncrediMail_MediaBar_Nederlands_2 deleted C:\Users\Mark\AppData\LocalLow\Conduit deleted C:\Program Files\Photo Notifier and Animation Creator deleted C:\Program Files\Conduit deleted C:\Program Files\Yahoo! deleted C:\junction.exe deleted C:\Users\Mark\AppData\Roaming\Tuneup Pro deleted C:\Users\Mark\AppData\Local\Conduit deleted C:\Users\Mark\AppData\LocalLow\PriceGong deleted C:\Users\Mark\AppData\Roaming\wlsidten.exe deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition (Build 6000) Memory (RAM): 1791 MB CPU Info: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-55 CPU Speed: 1849,7 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce 7000M / nForce 610M | NVIDIA GeForce 7000M / nForce 610M | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: NVIDIA nForce Networking Controller | Atheros AR5007EG Wireless Network Adapter CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GSA-T20N Ports: COM3 LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 51,1GB | D: 50,9GB Hard Disks - Free: C: 893,4MB | D: 26,9GB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 10/12/07 | ACRSYS - 6040000 Time Zone: Romance (standaardtijd) Motherboard *: Acer Fuquene Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Default Browser: Google Chrome 39.0.2171.95 Internet Explorer version: 7.0.6000.16982 Google Chrome version: 39.0.2171.95 Adobe Reader version: 8.0.0.2006102300 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Mark\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-26 11:14:04 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\Mark\AppData\Roaming ====== ====== C:\Users\Mark ====== 2014-12-26 11:13:41 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Mark\Downloads\RSIT.exe ====== C: exe-files == 2014-12-26 11:14:04 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Mark.exe 2014-12-26 11:13:41 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Mark\Downloads\RSIT.exe 2014-12-26 11:13:36 35CFD3F973B266C6F07F45BBDA8C7056 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2369020405-371442288-1956090671-1000\$IFTSWSR.exe 2014-12-26 11:12:54 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2369020405-371442288-1956090671-1000\$RFTSWSR.exe 2014-12-25 10:14:01 EC8C07B47B177F7D7FB0A79FC1A9C693 1256752 ----a-w- C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TCFCSZY8\IE9-WindowsVista-x64-NLD[1].exe === C: other files == ======== System Restore Points ======== RP514: 26/12/2014 12:22:26 - Windows Update RP515: 26/12/2014 13:52:34 - zoek.exe restore point ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" "Skytel"="Skytel.exe" "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" "PLFSetL"="C:\Windows\PLFSetL.exe" "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==== Startup Folders ====================== 2013-04-22 16:41:49 1119 ----a-w- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2007-07-27 22:08:44 1671 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [14/02/2013 20:01] ==== Chromium Look ====================== Google Wallet - Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://mystart.incredimail.com/?a=19en4j0IgVN" "SEARCH PAGE"="http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com" "SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://nl.intl.acer.yahoo.com" "Default_Page_URL"="http://nl.intl.acer.yahoo.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "SEARCH PAGE"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchMigratedDefaultURL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_nlBE493" ==== Reset Google Chrome ====================== C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} deleted successfully HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D945C368-FC5D-42F1-96D9-4EFE13E5F89E} deleted successfully HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5D16FDD-B01F-45F9-926C-D36B575D8548} deleted successfully HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D945C368-FC5D-42F1-96D9-4EFE13E5F89E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5D16FDD-B01F-45F9-926C-D36B575D8548} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_USERS\S-1-5-21-2369020405-371442288-1956090671-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95324e44-4b0a-47a9-8f77-9c6415e51c29} deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Mark\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Mark\Desktop\Handleiding.lnk - C:\Book\Guide.pdf C:\Users\Mark\Desktop\IncrediMail.lnk - C:\Program Files\IncrediMail\Bin\IncMail.exe C:\Users\Mark\Desktop\Internet Explorer - Snelkoppeling.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Acer Arcade Deluxe.lnk - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe C:\Users\Public\Desktop\Acer Crystal Eye webcam.lnk - C:\Program Files\ACER Crystal Eye webcam\Acer Crystal Eye webcam.exe C:\Users\Public\Desktop\Adobe Reader 8.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\CyberLink PowerProducer.lnk - C:\Program Files\CyberLink\PowerProducer\Producer.exe C:\Users\Public\Desktop\Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe C:\Users\Public\Desktop\NTI CD & DVD-Maker 7.lnk - C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Cdmkr32.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk - C:\Program Files\IncrediMail\Bin\IncMail.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== Uninstall List x86 ====================== Acer Arcade Deluxe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}] Acer Crystal Eye webcam [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AA047D7C-5E7C-4878-B75C-77589151B563}] Acer Crystal Eye Webcam Video Class Camera [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}] Acer eAudio Management [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{57265292-228A-41FA-9AEC-4620CBCC2739}] Acer eDataSecurity Management [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AEEAE013-92F1-4515-B278-139F1A692A36}] Acer eLock Management [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}] Acer Empowering Technology [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB6097D9-D722-4987-BD9E-A076E2848EE2}] Acer eNet Management [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C06554A1-2C1E-4D20-B613-EE62C79927CC}] Acer ePower Management [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{58E5844B-7CE2-413D-83D1-99294BF6C74F}] Acer ePresentation Management [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BF839132-BD43-4056-ACBF-4377F4A88E2A}] Acer eSettings Management [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE65A9A0-9686-45C6-9098-3C9543A412F0}] Acer GridVista [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\GridVista] Acer Mobility Center Plug-In [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{11316260-6666-467B-AC34-183FCB5D4335}] Acer ScreenSaver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}] Adobe Flash Player 15 ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Reader 8.1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A81000000003}] ALPS Touch Pad Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}] Cake Mania [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}] Dynasty [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}] Galapago [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}] Google Chrome [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] HDAUDIO Soft Data Fax Modem with SmartCP [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118] IncrediMail [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EF90CC06-F94A-4456-B344-79452D0F51F4}] IncrediMail 2.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail] IncrediMail MediaBar Nederlands 2 Toolbar [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_Nederlands_2 Toolbar] Launch Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\LManager] LightScribe 1.4.142.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE386A4E-D0DA-4208-8235-BCE43275C694}] Microsoft .NET Framework 3.5 Language Pack SP1 - nld [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{101738D7-D805-37A9-BB91-1F2C351782BF}] Microsoft .NET Framework 3.5 SP1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}] Microsoft Office Home and Student 2007 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR] Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{107F27B7-8EE4-4B3A-9CE5-497B120369DC}] Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Works [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2A0A82F-025F-458d-A0CD-9BB2320804B5}] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] NTI Backup NOW 4.7 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{67ADE9AF-5CD9-4089-8825-55DE4B366799}] NTI CD & DVD-Maker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}] NTI CD & DVD-Maker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}] NVIDIA Drivers [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers] Photo Notifier and Animation Creator [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8D853998-1055-4E45-B99E-F5039C502831}] Photo Notifier and Animation Creator [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Photo Notifier and Animation Creator] PowerProducer 3.72 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B7A0CE06-068E-11D6-97FD-0050BACBF861}] Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{59F6A514-9813-47A3-948C-8A155460CC2A}] Security Update for CAPICOM (KB931906) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}] Zuma Deluxe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}] ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_Nederlands_2 Toolbar deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS] IncrediMail = C:\Program Files\IncrediMail\bin\IncMail.exe /c [IncrediMail, Ltd.] ehTray.exe = C:\Windows\ehome\ehTray.exe [MS] swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} Windows Defender = C:\Program Files\Windows Defender\MSASCui.exe -hide RtHDVCpl = RtHDVCpl.exe [Realtek Semiconductor] eDataSecurity Loader = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [HiTRUST] eAudio = "C:\Acer\Empowering Technology\eAudio\eAudio.exe" [CyberLink] Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [Adobe Systems Incorporated] SetPanel = C:\Acer\APanel\APanel.cmd [file not found] LManager = C:\PROGRA~1\LAUNCH~1\LManager.exe [Dritek System Inc.] PlayMovie = "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [CyberLink Corp.] Skytel = Skytel.exe [Realtek Semiconductor Corp.] WarReg_PopUp = C:\Acer\WR_PopUp\WarReg_PopUp.exe [null data] PLFSetL = C:\Windows\PLFSetL.exe [sonix] Apoint = C:\Program Files\Apoint2K\Apoint.exe [Alps Electric Co., Ltd.] eRecoveryService = (empty string) [file not found] Acer Tour Reminder = C:\Acer\AcerTour\Reminder.exe [file not found] MSC = "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS] NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [MS] NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = Adobe PDF Reader Link Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated] {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\(Default) = (no title provided) -> {HKLM...CLSID} = ShowBarObj Class \InProcServer32\(Default) = C:\Windows\system32\ActiveToolBand.dll [HiTRUST] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Notifier BHO \InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [Google Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation] {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} = EPM-PO Shell Extension -> {HKLM...CLSID} = EPM-PO Shell Extensions \InProcServer32\(Default) = epm-po.dll [file not found] {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~4\shellext.dll [MS] {FFB699E0-306A-11d3-8BD1-00104B6F7516} = Play on my TV helper -> {HKLM...CLSID} = NVIDIA CPL Extension \InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> ms-itss\CLSID = {0A9007C0-4076-11D3-8789-0000F8105754} -> {HKLM...CLSID} = Microsoft Infotech Storage Protocol for IE 4.0 \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ EDSshellExt\(Default) = {29FF7AB0-BE34-4992-A30B-53A9D86EE239} -> {HKLM...CLSID} = eDSshlExt Class \InProcServer32\(Default) = C:\Windows\system32\eDSshellExt.dll [HiTRUST] EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~4\shellext.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ EDSshellExt\(Default) = {29FF7AB0-BE34-4992-A30B-53A9D86EE239} -> {HKLM...CLSID} = eDSshlExt Class \InProcServer32\(Default) = C:\Windows\system32\eDSshellExt.dll [HiTRUST] EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~4\shellext.dll [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {A70C977A-BF00-412C-90B7-034C51DA2439} -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Windows\system32\nvcpl.dll [NVIDIA Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ Wallpaper = C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\system32\Acer.scr [null data] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ LightScribeOnArrivalAP\ Provider = LightScribe Direct Disc Labeling InvokeProgID = LightScribe.AutoPlayHandler InvokeVerb = LabelLightScribeDisc HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = C:\Program Files\Common Files\LightScribe\LsLauncher.exe [Hewlett-Packard Company] MDCBlankCDArrival\ Provider = DVDivine InvokeProgID = BlankCD InvokeVerb = OpenWithMakeDisc HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithMakeDisc\Command\(Default) = "C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe" [Acer Incorporated] MDCDVDBurningOnArrival\ Provider = DVDivine InvokeProgID = BlankDVD InvokeVerb = OpenWithMakeDisc HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithMakeDisc\Command\(Default) = "C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe" [Acer Incorporated] NTIBurner\ Provider = NTI CD-Maker InvokeProgID = NTIBurnerOpen InvokeVerb = open HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Cdmkr32.exe" [NewTech Infosystems, Inc.] PlayMoviePlayDVDMovieOnArrival\ Provider = Play Movie InvokeProgID = DVD InvokeVerb = PlayWithPlayMovie HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPlayMovie\Command\(Default) = "C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe" "%L" [CyberLink Corp.] PPCDBurningOnArrival\ Provider = PowerProducer InvokeProgID = Picture InvokeVerb = OpenWithPowerProducer HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = "C:\Program Files\CyberLink\PowerProducer\Producer.exe" [CyberLink] PPDCameraArrival\ Provider = PowerProducer InvokeProgID = Picture InvokeVerb = OpenWithPowerProducer HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = "C:\Program Files\CyberLink\PowerProducer\Producer.exe" [CyberLink] PPDVArrival\ Provider = PowerProducer ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files\CyberLink\PowerProducer\Producer.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] Startup items in "Mark" & "All Users" startup folders: ------------------------------------------------------ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} OneNote 2007 Schermopname en Snel starten -> shortcut to: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [MS] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++} Empowering Technology Launcher -> shortcut to: C:\Acer\Empowering Technology\eAPLauncher.exe 9999 [Acer Inc.] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\Mark\AppData\Local\Microsoft\Windows Sidebar\Settings.ini C:%5CProgram%20Files%5Cwindows%20sidebar%5Cgadgets%5CClock.Gadget C:%5CProgram%20Files%5CWindows%20Sidebar%5Cgadgets%5CSlideShow.gadget "C:%5CProgram%20Files%5CWindows%20Sidebar%5CGadgets%5CWeather.Gadget" Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware Microsoft Antimalware Scheduled Scan -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask-Roam -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] OptinNotification -> launches: %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -i [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic Microsoft-Windows-DiskDiagnosticDataCollector -> (HIDDEN!) launches: %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) -gc [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] TMM -> launches: {35EF4182-F900-4632-B072-8639E4478A61} -> {HKLM...CLSID} = Transient Multi-Monitor Manager \InProcServer32\(Default) = C:\Windows\System32\TMM.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection NAPStatus UI -> launches: {f09878a1-4652-4292-aa63-8c7d4fd7648f} -> {HKLM...CLSID} = Nap ITask Handler Implementation \InProcServer32\(Default) = C:\Windows\System32\QAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System ConvertLogEntries -> (HIDDEN!) launches: %windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RACAgent -> (HIDDEN!) launches: %windir%\system32\RacAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CrawlStartPages -> launches: {51653423-e62d-4ff7-894a-dabb2b8e21e2} -> {HKLM...CLSID} = CrawlStartPages Task Handler \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wired GatherWiredInfo -> launches: %windir%\system32\gatherWiredInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Wireless GatherWirelessInfo -> launches: %windir%\system32\gatherWirelessInfo.vbs [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000003\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000006\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 18 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} -> {HKLM...CLSID} = Acer eDataSecurity Management \InProcServer32\(Default) = C:\Windows\system32\eDStoolbar.dll [HiTRUST] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} = (no title provided) -> {HKLM...CLSID} = Acer eDataSecurity Management \InProcServer32\(Default) = C:\Windows\system32\eDStoolbar.dll [HiTRUST] {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{88065DE8-5D19-42A8-899A-86F4F114D568}\(Default) = IncrediMail MediaBar Nederlands 2 Findbar Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = C:\Program Files\IncrediMail_MediaBar_Nederlands_2\prxtbIncr.dll [file not found] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoeken Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = Verz&enden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...CLSID} = &Onderzoeken \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Cyberlink RichVideo Service(CRVS), RichVideo, "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [empty string] eDSService.exe, eDataSecurity Service, "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [HiTRSUT] eLock Service, eLockService, C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [null data] eNet Service, eNet Service, C:\Acer\Empowering Technology\eNet\eNet Service.exe [Acer Inc.] ePower Service, WMIService, C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [acer] eRecovery Service, eRecoveryService, C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [null data] eSettings Service, eSettingsService, C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [null data] LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" [Hewlett-Packard Company] Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS] MobilityService, MobilityService, C:\Acer\Mobility Center\MobilityService.exe -p [null data] NVIDIA Display Driver Service, nvsvc, C:\Windows\system32\nvvsvc.exe [NVIDIA Corporation] XAudioService, XAudioService, C:\Windows\system32\DRIVERS\xaudio.exe [Conexant Systems, Inc.] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> MsMpSvc, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> MsMpSvc, Service <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Send To Microsoft OneNote Monitor\Driver = msonpmon.dll [MS] ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=387 folders=54 40161251 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Mark\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Mark\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found ==== EOF on vr 26/12/2014 at 14:19:03,67 ======================