Zoek.exe v5.0.0.0 Updated 27-01-2015 Tool run by hfm on ma 02-02-2015 at 11:38:24,62. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\hfm\Downloads\zoek(1).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== c:\PROGRA~2\AVG\AVG2015\avgrsa.exe C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe C:\WINDOWS\system32\wininit.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\WINDOWS\system32\dwm.exe C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskhostex.exe C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe C:\Program Files (x86)\AVG\AVG2015\avgfws.exe C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe C:\WINDOWS\system32\dashost.exe C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe C:\Program Files (x86)\AVG\AVG2015\avgemca.exe C:\Program Files\Acer\Acer Power Management\ePowerTray.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Windows\RfBtnSvc64.exe C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\SettingSyncHost.exe C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\skydrive.exe C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\conhost.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe C:\WINDOWS\system32\DllHost.exe C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe C:\WINDOWS\system32\conhost.exe C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe C:\Program Files\CCleaner\CCleaner64.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe C:\WINDOWS\System32\svchost.exe -k swprv C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\Users\hfm\Downloads\zoek(1).exe C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k WerSvcGroup C:\WINDOWS\system32\RunDll32.exe ==== System Restore Info ====================== 2-2-2015 11:40:51 Zoek.exe System Restore Point Created Succesfully. ==== Windows Installer Info ====================== abDocs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0B8EF4ACC892D5E44A683FB321D6A6A0]C:\WINDOWS\Installer\2a8eb.msi abDocs Office AddIn [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9733FBCDB6421E74183736B936498083]C:\WINDOWS\Installer\2a91b.msi abMedia [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7071FA9EA3F32E943854F4D226D98067]C:\WINDOWS\Installer\4ea96.msi abPhoto [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2F98DA5B3D306024487810288900D70D]C:\WINDOWS\Installer\2d91f.msi Acer Device Fast-lane [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF2D26F31C312A94B8D57426D349067D]C:\windows\Installer\3fe65.msi Acer Instant Update Service [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\813A512872CCE5343BAEE243348C99C8]C:\windows\Installer\3fe8f.msi Acer Power Management [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4ED25F19987B0B2439113A941FE04597]C:\Windows\Installer\94a00.msi AcerCloud [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71B0DA5AD43FEB941A758C3B5DA2DC31]C:\Windows\Installer\94a35.msi Adobe Reader XI (11.0.10) - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73401B744BA0000000010]C:\WINDOWS\Installer\3efe31d.msi Adobe Refresh Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008120111403]C:\WINDOWS\Installer\3cf3e.msi ANT Drivers Installer x64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0B600BBA01E258B4E8B66A9C01B98039]C:\WINDOWS\Installer\d27b4.msi AOP Framework [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\411A73A4F20755044A6B6175D1A43535]C:\WINDOWS\Installer\2a907.msi AVG 2015 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B700F669A8D06A446A3C355989C353D6]C:\WINDOWS\Installer\176095.msi AVG 2015 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D3BD46C4B2B82D94899A7174A23B68A4]C:\WINDOWS\Installer\1e59e.msi Backup Manager v4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E02FDDD91DF943444AE37E88D9CB4902]C:\windows\Installer\3fe7e.msi clear.fi SDK- Movie [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D724AD5332BB8B94A9DFFCCFEFB307D8]C:\Windows\Installer\94a2d.msi clear.fi SDK - Video [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DAC33ABE170E5d841A86BF4AEE4BE239]C:\Windows\Installer\94a29.msi Dolby Home Theater v4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4B83462B15FB3C945976F7415A4EC09B]C:\Windows\Installer\112f2e.msi eBay Worldwide [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75FA496A198926D428C4E7551A63A141]c:\WINDOWS\Installer\33abb.msi Elevated Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1655DE0C376F4B743BA1D70C67157BDF]C:\WINDOWS\Installer\d27b0.msi Garmin Express [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6C7E2FF0F08DA9E4AA7995E9C12AB6DE]C:\WINDOWS\Installer\d27a8.msi Garmin Express Tray [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2D90D7EA69AFECC4C8470F0ABD5D75BE]C:\WINDOWS\Installer\d27ac.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\WINDOWS\Installer\1f1a6c.msi Identity Card [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\456BC9D3DA991034986CD0217A0967C7]C:\windows\Installer\3fe5d.msi Intel© Trusted Connect Service Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DFA4044F3FE21C04C890925E3F6B79B2]C:\Windows\Installer\90798.msi MediaEspresso [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8489373E92353E84D882B5DBE6B83E48]C:\windows\Installer\3fe88.msi Microsoft Office [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109831090400000000000F01FEC]C:\Windows\Installer\94a04.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\WINDOWS\Installer\6344f9.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3e43b73803c7c394f8a6b2f0402e19c2]C:\Windows\Installer\94a08.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\112f39.msi Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC]c:\Windows\Installer\112f3d.msi Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D]c:\WINDOWS\Installer\e33880f.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181]C:\WINDOWS\Installer\9c9bf.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]c:\Windows\Installer\112f32.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98]c:\Windows\Installer\94a25.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\WINDOWS\Installer\9f91b7e.msi Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1926E8D15D0BCE53481466615F760A7F]c:\Windows\Installer\8c7c4.msi Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]c:\Windows\Installer\880d8.msi Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58]C:\WINDOWS\Installer\d27a4.msi Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\21EE4A31AE32173319EEFE3BD6FDFFE3]C:\WINDOWS\Installer\d27a0.msi Microsoft Visual Studio 2005 Tools for Office Runtime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90B4E88317E3946498124FA4A392457A]c:\Windows\Installer\94a70.msi MyWinLocker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BCE87B0B6A1D6E4987DE0C77EF74072]C:\windows\Installer\3fe6d.msi MyWinLocker 4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\05B51F93779A6AC41B3CA67842DC0A52]C:\windows\Installer\3fe71.msi MyWinLocker Suite [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4179FD719C069C349A2C23CBEA4DC4EB]C:\windows\Installer\3fe69.msi NTI Media Maker 9 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8E4C5D3DF040F6C41850144DC39FF444]C:\Windows\Installer\94a13.msi Qualcomm Atheros Bluetooth Suite (64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1BF4A48A307DBD84980E866B94D98210]C:\Windows\Installer\112f45.msi Rapport [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7E18DD182D0BEC4782B0C144ACF2B51]C:\WINDOWS\Installer\1bc54.msi Recovery Management [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A5002F70CAC8B4A4382AAD897A22AC16]C:\Windows\Installer\94a1c.msi Shredder [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\38E5962CD1FC1D3448EF3BEB5C1610A2]C:\windows\Installer\3fe75.msi Shredder [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\613755F10CFCDB14FA7FB84CC94E447D]C:\windows\Installer\3fe7a.msi SkypeT 7.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0AB19942EE0FDA44C98CE55CA0CE6F7B]C:\WINDOWS\Installer\43652ea.msi SNS Upload for Easy Document Creator [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C70F5B6B5D883D941A7A6A4DCB73CDCC]C:\WINDOWS\Installer\17a811.msi Visual Studio 2012 x64 Redistributables [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07E577C8197A8AD4CB3CA67B31F64448]C:\WINDOWS\Installer\215cec.msi Visual Studio 2012 x86 Redistributables [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A91FFE89BA03B4E49B340FB6C136BE8F]C:\WINDOWS\Installer\215ce8.msi Visual Studio Tools for the Office system 3.0 Runtime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\05835BF8A6427053A8ED000690F3EF6A]c:\Windows\Installer\94a3f.msi ==== Empty Folders Check ====================== C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully C:\Users\hfm\AppData\Local\CrashDumps deleted successfully ==== Checking Systemdrive for Symlinks ====================== Volume in drive C is Acer Volume Serial Number is ECB6-1DF3 Directory of C:\ 22-08-2013 15:45 Documents and Settings [C:\Users] 0 File(s) 0 bytes Directory of C:\Program Files\Windows NT 15-10-2014 20:56 Bureau-accessoires [C:\Program Files\Windows NT\Accessories] 0 File(s) 0 bytes Directory of C:\ProgramData 22-08-2013 15:45 Application Data [C:\ProgramData] 15-10-2014 20:56 Bureaublad [C:\Users\Public\Desktop] 22-08-2013 15:45 Desktop [C:\Users\Public\Desktop] 15-10-2014 20:56 Documenten [C:\Users\Public\Documents] 22-08-2013 15:45 Documents [C:\Users\Public\Documents] 15-10-2014 20:56 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 15-10-2014 20:56 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 22-08-2013 15:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 22-08-2013 15:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\ProgramData\Microsoft\Windows\Start Menu 15-10-2014 20:56 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 File(s) 0 bytes Directory of C:\Users 22-08-2013 15:45 All Users [C:\ProgramData] 22-08-2013 15:45 Default User [C:\Users\Default] 0 File(s) 0 bytes Directory of C:\Users\All Users 22-08-2013 15:45 Application Data [C:\ProgramData] 15-10-2014 20:56 Bureaublad [C:\Users\Public\Desktop] 22-08-2013 15:45 Desktop [C:\Users\Public\Desktop] 15-10-2014 20:56 Documenten [C:\Users\Public\Documents] 22-08-2013 15:45 Documents [C:\Users\Public\Documents] 15-10-2014 20:56 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 15-10-2014 20:56 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 22-08-2013 15:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 22-08-2013 15:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\All Users\Microsoft\Windows\Start Menu 15-10-2014 20:56 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 File(s) 0 bytes Directory of C:\Users\Default 22-08-2013 15:45 Application Data [C:\Users\Default\AppData\Roaming] 22-08-2013 15:45 Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies] 22-08-2013 15:45 Local Settings [C:\Users\Default\AppData\Local] 15-10-2014 20:56 Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 15-10-2014 20:56 Mijn documenten [C:\Users\Default\Documents] 22-08-2013 15:45 My Documents [C:\Users\Default\Documents] 22-08-2013 15:45 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 15-10-2014 20:56 Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 22-08-2013 15:45 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 22-08-2013 15:45 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 22-08-2013 15:45 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 15-10-2014 20:56 Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 22-08-2013 15:45 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 22-08-2013 15:45 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local 22-08-2013 15:45 Application Data [C:\Users\Default\AppData\Local] 15-10-2014 20:56 Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 22-08-2013 15:45 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 22-08-2013 15:45 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local\Microsoft\Windows 22-08-2013 15:45 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 15-10-2014 20:56 Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 File(s) 0 bytes Directory of C:\Users\Default\Documents 15-10-2014 20:56 Mijn afbeeldingen [C:\Users\Default\Pictures] 15-10-2014 20:56 Mijn muziek [C:\Users\Default\Music] 15-10-2014 20:56 Mijn video's [C:\Users\Default\Videos] 22-08-2013 15:45 My Music [C:\Users\Default\Music] 22-08-2013 15:45 My Pictures [C:\Users\Default\Pictures] 22-08-2013 15:45 My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\Default.migrated\Documents 26-07-2012 08:22 My Music [C:\Users\Default\Music] 26-07-2012 08:22 My Pictures [C:\Users\Default\Pictures] 26-07-2012 08:22 My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\hfm 15-10-2014 20:32 Application Data [C:\Users\hfm\AppData\Roaming] 15-10-2014 20:32 Cookies [C:\Users\hfm\AppData\Local\Microsoft\Windows\INetCookies] 15-10-2014 20:32 Local Settings [C:\Users\hfm\AppData\Local] 15-10-2014 20:32 Menu Start [C:\Users\hfm\AppData\Roaming\Microsoft\Windows\Start Menu] 15-10-2014 20:32 Mijn documenten [C:\Users\hfm\Documents] 15-10-2014 20:32 NetHood [C:\Users\hfm\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 15-10-2014 20:32 Netwerkprinteromgeving [C:\Users\hfm\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 15-10-2014 20:32 Recent [C:\Users\hfm\AppData\Roaming\Microsoft\Windows\Recent] 15-10-2014 20:32 SendTo [C:\Users\hfm\AppData\Roaming\Microsoft\Windows\SendTo] 15-10-2014 20:32 Sjablonen [C:\Users\hfm\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\hfm\AppData\Local 15-10-2014 20:32 Application Data [C:\Users\hfm\AppData\Local] 15-10-2014 20:32 Geschiedenis [C:\Users\hfm\AppData\Local\Microsoft\Windows\History] 15-10-2014 20:32 Temporary Internet Files [C:\Users\hfm\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\hfm\AppData\Local\Microsoft\Windows 15-10-2014 20:32 Temporary Internet Files [C:\Users\hfm\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\hfm\AppData\Roaming\Microsoft\Windows\Start Menu 15-10-2014 20:32 Programma's [C:\Users\hfm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 File(s) 0 bytes Directory of C:\Users\hfm\Documents 15-10-2014 20:32 Mijn afbeeldingen [C:\Users\hfm\Pictures] 15-10-2014 20:32 Mijn muziek [C:\Users\hfm\Music] 15-10-2014 20:32 Mijn video's [C:\Users\hfm\Videos] 0 File(s) 0 bytes Directory of C:\Users\Public\Documents 15-10-2014 20:56 Mijn afbeeldingen [C:\Users\Public\Pictures] 15-10-2014 20:56 Mijn muziek [C:\Users\Public\Music] 15-10-2014 20:56 Mijn video's [C:\Users\Public\Videos] 22-08-2013 15:45 My Music [C:\Users\Public\Music] 22-08-2013 15:45 My Pictures [C:\Users\Public\Pictures] 22-08-2013 15:45 My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Directory of C:\Users\Riekie 01-02-2015 09:39 Application Data [C:\Users\Riekie\AppData\Roaming] 01-02-2015 09:39 Cookies [C:\Users\Riekie\AppData\Local\Microsoft\Windows\INetCookies] 01-02-2015 09:39 Local Settings [C:\Users\Riekie\AppData\Local] 01-02-2015 09:39 Menu Start [C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\Start Menu] 01-02-2015 09:39 Mijn documenten [C:\Users\Riekie\Documents] 01-02-2015 09:39 NetHood [C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 01-02-2015 09:39 Netwerkprinteromgeving [C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 01-02-2015 09:39 Recent [C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\Recent] 01-02-2015 09:39 SendTo [C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\SendTo] 01-02-2015 09:39 Sjablonen [C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Riekie\AppData\Local 01-02-2015 09:39 Application Data [C:\Users\Riekie\AppData\Local] 01-02-2015 09:39 Geschiedenis [C:\Users\Riekie\AppData\Local\Microsoft\Windows\History] 01-02-2015 09:39 Temporary Internet Files [C:\Users\Riekie\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Riekie\AppData\Local\Microsoft\Windows 01-02-2015 09:39 Temporary Internet Files [C:\Users\Riekie\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\Start Menu 01-02-2015 09:39 Programma's [C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 File(s) 0 bytes Directory of C:\Users\Riekie\Documents 01-02-2015 09:39 Mijn afbeeldingen [C:\Users\Riekie\Pictures] 01-02-2015 09:39 Mijn muziek [C:\Users\Riekie\Music] 01-02-2015 09:39 Mijn video's [C:\Users\Riekie\Videos] 0 File(s) 0 bytes Total Files Listed: 0 File(s) 0 bytes 95 Dir(s) 417.015.091.200 bytes free ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== clear.fi SDK- Movie 2 clear.fi SDK - Video 2 abDocs abDocs Office AddIn abMedia abPhoto Acer Backup Manager Acer Device Fast-lane Acer Instant Update Service Acer Power Management Acer Recovery Management Adobe Flash Player 16 NPAPI Adobe Reader XI (11.0.10) - Nederlands Adobe Refresh Manager Advanced SystemCare 8 Agatha Christie - Death on the Nile Aloha TriPeaks ALPS Touch Pad Driver ANT Drivers Installer x64 AOP Framework AVG 2015 Backup Manager v4 Bejeweled 3 CCleaner Common Desktop Agent CyberLink MediaEspresso 6.5 Delicious: Emily's True Love Premium Edition Dolby Home Theater v4 eBay Worldwide Elevated Installer Garmin Express Garmin Express Tray Google Chrome Google Update Helper Governor of Poker 2 Premium Edition Identity Card Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) Rapid Storage Technology Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel© Trusted Connect Service Client IObit Uninstaller Island Tribe Jewel Match 3 John Deere Drive Green Launch Manager Magic Academy Malwarebytes Anti-Malware versie 2.0.4.1028 Microsoft Office Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Visual Studio 2005 Tools for Office Runtime More Games from WildTangent Games Mozilla Firefox 35.0.1 (x86 nl) Mozilla Maintenance Service MyWinLocker MyWinLocker 4 MyWinLocker Suite NTI Media Maker 9 Office Addin OpenOffice 4.1.1 Penguins Plants vs. Zombies - Game of the Year Polar Bowler Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Qualcomm Atheros WLAN and Bluetooth Client Installation Program Rapport Realtek High Definition Audio Driver Realtek PCIE Card Reader Samsung Easy Deployment Manager Samsung Easy Document Creator Samsung Easy Printer Manager Samsung Printer Diagnostics Samsung Scan Process Machine Samsung SCX-3400 Series Samsung Universal Scan Driver Shredder SkypeT 7.0 SNS Upload for Easy Document Creator Speccy Start Menu 8 Surfing Protection Tales of Lagoona Trusteer Eindpuntbeveiliging Update Installer for WildTangent Games App Visual Studio 2005 Tools for Office Second Edition Runtime Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) Watchtower Library 2013 - Nederlands ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found C:\PROGRA~3\boost_interprocess deleted C:\PROGRA~3\ProductData deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3913 MB CPU Info: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz CPU Speed: 2315,5 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics 3000 | Intel(R) HD Graphics 3000 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Bluetooth-apparaat (Personal Area Network) | Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet-controller (NDIS 6.30) | Qualcomm Atheros AR5BWB222 Wireless-netwerkadapter CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8E1 Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 443,5GB Hard Disks - Free: C: 388,3GB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer VA70_HC Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: McAfee Antivirus en antispyware On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Virus: AVG Internet Security 2015 On-access scanning disabled (Outdated) Anti-Spyware: McAfee Antivirus en antispyware disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG Internet Security 2015 disabled (Outdated) Firewall: AVG Internet Security 2015 disabled Firewall: McAfee Firewall disabled Default Browser: Firefox 35.0.1 Internet Explorer Version: 11.0.9600.17498 Mozilla Firefox version: 35.0.1 (x86 nl) Google Chrome version: 40.0.2214.93 Adobe Reader version: 11.0.10.32 Flash Player version: 16.0.0.296 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\hfm\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2015-01-14 08:44:31 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\WINDOWS\Sysnative\drivers\ahcache.sys 2015-01-14 08:44:29 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys ====== C:\WINDOWS\Tasks ====== 2015-01-23 14:41:44 69EFC3FBAAFC1A8AA3CF6F0782CB1A61 3162 ----a-w- C:\WINDOWS\Sysnative\Tasks\ASC8_PerformanceMonitor 2015-01-23 14:41:33 E12B4600735C3E63689FEF880907D11B 2348 ----a-w- C:\WINDOWS\Sysnative\Tasks\ASC8_SkipUac_hfm 2015-01-23 14:41:33 6F02D34566C06C307147EB8D67D2EC4A 252 ----a-w- C:\WINDOWS\Tasks\ASC8_SkipUac_hfm.job 2015-01-20 07:45:29 498792B29471E48786FBDF5A36BF54F4 3156 ----a-w- C:\WINDOWS\Sysnative\Tasks\StartMenuAutoupdate ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-01-15 07:29:47 -------- d-----w- C:\Program Files\Speccy 2015-01-13 07:31:28 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-01-18 13:32:59 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2015-01-15 15:33:22 -------- d-----w- C:\PROGRA~2\COMMON~1\IObit 2015-01-10 08:02:26 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2015-01-10 08:02:26 -------- d-----r- C:\PROGRA~2\Skype ======= C: ===== ====== C:\Users\hfm\AppData\Roaming ====== 2015-02-01 08:39:05 -------- d-s---w- C:\Users\Riekie\AppData\Locallow\Microsoft 2015-02-01 08:39:00 -------- d-s---w- C:\Users\Riekie\AppData\Roaming\Microsoft 2015-02-01 08:39:00 -------- d-----w- C:\Users\Riekie\AppData\Roaming\TuneUp Software 2015-02-01 08:39:00 -------- d-----w- C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-01 08:39:00 -------- d-----w- C:\Users\Riekie\AppData\Local\Trusteer 2015-02-01 08:39:00 -------- d-----w- C:\Users\Riekie\AppData\Local\Temp 2015-02-01 08:39:00 -------- d-----w- C:\Users\Riekie\AppData\Local\Microsoft 2015-02-01 08:39:00 -------- d-----r- C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-01 08:39:00 -------- d-----r- C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-01 08:39:00 -------- d-----r- C:\Users\Riekie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-27 07:33:26 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft 2015-01-23 19:44:17 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\IObit 2015-01-17 12:11:59 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\CrashDumps 2015-01-15 15:33:28 -------- d-----w- C:\Users\hfm\AppData\Roaming\Apple Computer 2015-01-13 11:46:56 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp 2015-01-13 11:46:56 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp 2015-01-13 11:46:55 -------- d-----w- C:\Users\hfm\AppData\Local\Temp 2015-01-13 11:46:55 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-01-13 11:46:55 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-01-10 08:02:48 -------- d-----w- C:\Users\hfm\AppData\Local\Skype 2015-01-10 08:02:38 -------- d-----w- C:\Users\hfm\AppData\Roaming\Skype ====== C:\Users\hfm ====== 2015-02-01 21:16:22 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\hfm\Downloads\RSITx64.exe 2015-02-01 08:39:02 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\Riekie\ntuser.ini 2015-02-01 08:39:00 -------- d--h--w- C:\Users\Riekie\AppData 2015-02-01 08:39:00 -------- d-----w- C:\Users\Riekie\Saved Games 2015-02-01 08:39:00 -------- d-----r- C:\Users\Riekie\Videos 2015-02-01 08:39:00 -------- d-----r- C:\Users\Riekie\Pictures 2015-02-01 08:39:00 -------- d-----r- C:\Users\Riekie\Music 2015-02-01 08:39:00 -------- d-----r- C:\Users\Riekie\Links 2015-02-01 08:39:00 -------- d-----r- C:\Users\Riekie\Favorites 2015-02-01 08:39:00 -------- d-----r- C:\Users\Riekie\Downloads 2015-02-01 08:39:00 -------- d-----r- C:\Users\Riekie\Documents 2015-02-01 08:39:00 -------- d-----r- C:\Users\Riekie\Desktop 2015-01-28 12:22:50 45D44A7710432FB898BED8EE8CBA10B8 5325208 ----a-w- C:\Users\hfm\Downloads\ccsetup502.exe 2015-01-23 14:41:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2015-01-23 14:41:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 2015-01-23 14:41:10 4ED31A4D9F0E034F49700EC14188F398 9344920 ----a-w- C:\Users\hfm\Downloads\startmenu-setup.exe 2015-01-20 07:45:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8 2015-01-20 07:21:12 -------- d-----w- C:\Users\hfm\PicStream 2015-01-20 07:20:12 -------- d-----r- C:\Users\hfm\Searches 2015-01-10 08:02:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-10 08:02:20 -------- d-----w- C:\ProgramData\Skype ====== C: exe-files == 2015-02-01 21:16:22 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\hfm\Downloads\RSITx64.exe 2015-01-28 12:22:50 45D44A7710432FB898BED8EE8CBA10B8 5325208 ----a-w- C:\Users\hfm\Downloads\ccsetup502.exe 2015-01-27 12:25:17 220A0B7B557EFEF7C399CDC1E9DBDA2D 875088 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.93\40.0.2214.93_40.0.2214.91_chrome_updater.exe === C: other files == ======== System Restore Points ======== RP27: 20-1-2015 08:28:26 - End of disinfection RP28: 23-1-2015 13:26:38 - Windows Update RP29: 24-1-2015 14:23:19 - Installed AVG 2015 RP30: 28-1-2015 13:49:57 - Windows Update RP31: 2-2-2015 11:40:11 - zoek.exe restore point ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2871391618-1465616402-3070090435-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dolby Home Theater v4"="C:\Dolby PCEE4\pcee4.exe -autostart" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY" "BacKGround Agent"="C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe" "abDocsDllLoader"="C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "BtPreLoad"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe" "CDAServer"="C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe" ==== Startup Folders ====================== 2012-12-20 04:31:29 2171 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- [Undetermined Task] C:\WINDOWS\tasks\ASC8_SkipUac_hfm.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [30-12-2014 15:03] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04-10-2014 18:01] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04-10-2014 18:01] C:\WINDOWS\tasks\Uninstaller_SkipUac_hfm.job --a-------- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [09-12-2014 17:35] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\Adobe Reader and Acrobat Manager" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe] "C:\WINDOWS\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe] "C:\WINDOWS\SysNative\tasks\ASC8_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe] "C:\WINDOWS\SysNative\tasks\ASC8_SkipUac_hfm" [C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /SkipUac] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\WINDOWS\SysNative\tasks\EgisUpdate" ["C:\Program Files\EgisTec IPS\EgisUpdate.exe"] "C:\WINDOWS\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\iuBrowserIEAgent" ["C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe"] "C:\WINDOWS\SysNative\tasks\iuEmailOutlookAgent" ["C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe"] "C:\WINDOWS\SysNative\tasks\PMMUpdate" ["C:\Program Files\EgisTec IPS\PMMUpdate.exe"] "C:\WINDOWS\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"] "C:\WINDOWS\SysNative\tasks\StartMenuAutoupdate" [C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe] "C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_hfm" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{921FB239-8D9D-46A9-B3F3-6A3143384C50}" [C:\WINDOWS\system32\msfeedssync.exe] ==== Firefox Extensions ====================== ProfilePath: C:\Users\hfm\AppData\Roaming\Mozilla\Firefox\Profiles\3dszcye3.default - Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\iobitascsurfingprotection@iobit.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\hfm\AppData\Roaming\Mozilla\Firefox\Profiles\3dszcye3.default 0FC325593893749364EC4A733E7D9100 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.93 (Up to date, latest Stable version: 40.0.2214.93) Google Slides - hfm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - hfm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - hfm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - hfm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - hfm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - hfm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Allin1Convert - hfm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl Google Wallet - hfm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - hfm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\hfm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl deleted successfully C:\Users\hfm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gcncagkkhfoombgbihckkccmkjemhohl_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{8C8BDECA-373C-43B4-B852-B148C64FFFF7}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFF_nlNL608" {8C8BDECA-373C-43B4-B852-B148C64FFFF7} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== C:\Users\hfm\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\hfm\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\hfm\Desktop\OpenOffice 4.1.1.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe C:\Users\hfm\Desktop\Samsung Easy Document Creator (2).lnk - C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe C:\Users\hfm\Desktop\Watchtower Library 2013 - Nederlands.lnk - C:\Program Files (x86)\Watchtower\Watchtower Library 2013\O\WTLibrary.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Acer Backup Manager.lnk - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\AVG 2015.lnk - C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Garmin Express.lnk - C:\Program Files (x86)\Garmin\Express\Express.exe C:\Users\Public\Desktop\Help and Support.lnk - C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Skype.lnk - C:\WINDOWS\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\Start Menu 8.lnk - C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abDocs.lnk - C:\Program Files (x86)\Acer\abDocs\abDocs.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abMedia.lnk - C:\Program Files (x86)\Acer\abMedia\abMedia.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abPhoto.lnk - C:\Program Files (x86)\Acer\abPhoto\abPhoto.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Advanced SystemCare 8.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /manual C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Protect.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /Protect C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Toolbox.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /toolbox C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Turbo Boost.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /turboboost C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Verwijder Advanced SystemCare.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2015.lnk - C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\Garmin Express.lnk - C:\Program Files (x86)\Garmin\Express\Express.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Help.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\help.html C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallDisplay.exe uninstall_start C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Easy Document Creator (2).lnk - C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype voor bureaublad.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8\Start Menu 8.lnk - C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8\Verwijder Start Menu 8.lnk - C:\Program Files (x86)\IObit\Start Menu 8\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Eindpuntbeveiliging\Trusteer Eindpuntbeveiliging Console.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -config C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Eindpuntbeveiliging\Trusteer Eindpuntbeveiliging starten.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -userstart C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Eindpuntbeveiliging\Trusteer Eindpuntbeveiliging stoppen.lnk - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -shutdown ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\hfm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\hfm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\hfm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\hfm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\hfm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Device Fast-lane.lnk - C:\Program Files (x86)\Acer\Acer Device Fast-lane\DeviceFastLaneUI.exe C:\Users\hfm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 8.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /manual C:\Users\hfm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\hfm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\hfm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Riekie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Riekie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Uninstall List x64 ====================== abDocs [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}] abDocs Office AddIn [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DCBF3379-246B-47E1-8173-639B63940838}] abMedia [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}] abPhoto [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B5AD89F2-03D3-4206-8487-018298007DD0}] Acer Backup Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}] Acer Device Fast-lane [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}] Acer Instant Update Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8215A318-CC27-435E-B3EA-2E3443C8998C}] Acer Power Management [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{91F52DE4-B789-42B0-9311-A349F10E5479}] Acer Recovery Management [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}] Adobe Flash Player 16 NPAPI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] Adobe Reader XI (11.0.10) - Nederlands [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1043-7B44-AB0000000001}] Adobe Refresh Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001802114130}] Advanced SystemCare 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare 8_is1] Agatha Christie - Death on the Nile [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b5d4f3f8-e15d-45a3-b411-26bdee860d78] Aloha TriPeaks [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-8bb196cb-811e-45f1-8a05-40d21acb5875] ALPS Touch Pad Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}] ANT Drivers Installer x64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ABB006B0-2E10-4B85-8E6B-A6C9109B0893}] AOP Framework [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A37A114-702F-4055-A4B6-16571D4A5353}] AVG 2015 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4C64DB3D-8B2B-49D2-98A9-17472AB3864A}] AVG 2015 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{966F007B-0D8A-44A6-A6C3-5395983C356D}] AVG 2015 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG] Backup Manager v4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}] Bejeweled 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-ce53cf6d-7dde-4e27-a1c9-94bcb088699d] CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner] clear.fi SDK- Movie 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}] clear.fi SDK - Video 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}] Common Desktop Agent [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{031A0E14-0413-4C97-9772-2639B782F46F}] CyberLink MediaEspresso 6.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3739848-5329-48E3-8D28-5BBD6E8BE384}] CyberLink MediaEspresso 6.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}] Delicious: Emily's True Love Premium Edition [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-6d428485-e7dc-4da7-bc09-8f82440b665a] Dolby Home Theater v4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}] eBay Worldwide [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A694AF57-9891-4D62-824C-7E55A1361A14}] Elevated Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C0ED5561-F673-47B4-B31A-7DC07651B7FD}] Garmin Express [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{045320b6-c340-4960-aefd-57bf08a9b425}] Garmin Express [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0FF2E7C6-D80F-4E9A-AA97-599E1CA26BED}] Garmin Express Tray [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AE7D09D2-FA96-4CCE-8C74-F0A0DBD557EB}] Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] Governor of Poker 2 Premium Edition [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-8ab19552-f4e2-4759-a656-f0f303337e35] Identity Card [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D9CB654-99AD-4301-89C6-0D12A790767C}] Intel(R) Management Engine Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}] Intel(R) Processor Graphics [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] Intel(R) Rapid Storage Technology [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}] Intel(R) SDK for OpenCL - CPU Only Runtime Package [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}] Intel© Trusted Connect Service Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}] IObit Uninstaller [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IObitUninstall] Island Tribe [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b7b4acc2-36b1-4445-b7fd-b23f1102f1c6] Jewel Match 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-92811e0a-6697-4252-9df1-609d0aa82924] John Deere Drive Green [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-30929979-475b-4a24-8c60-9183876bd07d] Launch Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LManager] Magic Academy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-6d88c81d-573f-4c4e-af60-8d7d0c7b0c56] Malwarebytes Anti-Malware versie 2.0.4.1028 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}] Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ce085a78-074e-4823-8dc1-8a721b94b76d}] Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}] Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}] Microsoft Visual Studio 2005 Tools for Office Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{388E4B09-3E71-4649-8921-F44A3A2954A7}] Mozilla Firefox 35.0.1 (x86 nl) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 35.0.1 (x86 nl)] Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService] MyWinLocker [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}] MyWinLocker 4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}] MyWinLocker Suite [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}] MyWinLocker Suite [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}] NTI Media Maker 9 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}] NTI Media Maker 9 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}] Office Addin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}] OpenOffice 4.1.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{89FD914D-4472-4E4F-8638-69E857E82DC9}] Penguins [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-3f4ca42b-7330-4c96-ba76-41c6ac3955cb] Plants vs. Zombies - Game of the Year [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-774cc6dc-30b0-49aa-a849-cfec0b8f31f7] Polar Bowler [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-71745360-d024-4479-aa57-05c65e283038] Qualcomm Atheros Bluetooth Suite (64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A84A4FB1-D703-48DB-89E0-68B6499D2801}] Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3108C217-BE83-42E4-AE9E-A56A2A92E549}] Qualcomm Atheros WLAN and Bluetooth Client Installation Program [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28006915-2739-4EBE-B5E8-49B25D32EB33}] Rapport [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}] Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] Realtek PCIE Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1594429-8296-4652-BF54-9DBE4932A44C}] Samsung Easy Deployment Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Easy Deployment Manager] Samsung Easy Document Creator [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Easy Document Creator] Samsung Easy Printer Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Easy Printer Manager] Samsung Printer Diagnostics [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Printer Diagnostics] Samsung Scan Process Machine [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Scan Process Machine] Samsung SCX-3400 Series [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Samsung SCX-3400 Series] Samsung Universal Scan Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Universal Scan Driver] Shredder [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}] Shredder [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}] SkypeT 7.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] SNS Upload for Easy Document Creator [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}] Speccy [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Speccy] Start Menu 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IObit_StartMenu8_is1] Surfing Protection [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IObit Surfing Protection_is1] Tales of Lagoona [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WTA-06164f83-600f-43b3-a6f0-2bdd1c098dd9] Trusteer Eindpuntbeveiliging [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Rapport_msi] Update Installer for WildTangent Games App [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App] Visual Studio 2005 Tools for Office Second Edition Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2005 Tools for Office Runtime] Visual Studio 2012 x64 Redistributables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}] Visual Studio 2012 x86 Redistributables [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}] Visual Studio Tools for the Office system 3.0 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8FB53850-246A-3507-8ADE-0060093FFEA6}] Visual Studio Tools for the Office system 3.0 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Visual Studio Tools for the Office system 3.0 Runtime] Watchtower Library 2013 - Nederlands [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F4FF38F2-B9F9-4C40-B4C8-589F65ACFD3D}] WildTangent Games [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall] WildTangent Games App [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer] ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [BacKGround Agent] C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe O4 - HKLM\..\Run: [abDocsDllLoader] C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: StartMenu8 Service (StartMenuService) - IObit - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Ltd] swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.] GarminExpressTrayApp = "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [null data] Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [Skype Technologies S.A.] Advanced SystemCare 8 = "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto [IObit] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} IgfxTray = "C:\WINDOWS\system32\igfxtray.exe" [Intel Corporation] HotKeysCmds = "C:\WINDOWS\system32\hkcmd.exe" [Intel Corporation] Persistence = "C:\WINDOWS\system32\igfxpers.exe" [Intel Corporation] Apoint = C:\Program Files\Apoint2K\Apoint.exe [Alps Electric Co., Ltd.] RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor] RtHDVBg_Dolby = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [Realtek Semiconductor] BtPreLoad = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe" [null data] CDAServer = C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [null data] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} Dolby Home Theater v4 = "C:\Dolby PCEE4\pcee4.exe" -autostart [null data] AVG_UI = "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.] BacKGround Agent = C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [Acer Incorporated] abDocsDllLoader = C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {10921475-03CE-4E04-90CE-E2E7EF20C814}\(Default) = ExplorerWnd Helper -> {HKLM...CLSID} = ExplorerWnd Helper \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [IObit] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] -> {HKLM...Wow...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] -> {HKLM...Wow...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Advanced SystemCare Surfing Protection \InProcServer32\(Default) = C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL [IObit] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension -> {HKLM...CLSID} = AppShellPage Class \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [Qualcomm Atheros Commnucations] {C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu -> {HKLM...CLSID} = ContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtContextMenu.dll [Qualcomm Atheros Commnucations] {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgsea.dll [AVG Technologies CZ, s.r.o.] {B19ED566-D419-470b-B111-3C89040BC027} = IObitUnstaler -> {HKLM...CLSID} = IObitUnstaler Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [IObit] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM...Wow...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgse.dll [AVG Technologies CZ, s.r.o.] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice Column Handler -> {HKCU...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation] {087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice Infotip Handler -> {HKCU...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation] {63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice Property Sheet Handler -> {HKCU...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation] {3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice Thumbnail Viewer -> {HKCU...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\ {ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider -> {HKLM...CLSID} = AthCredentialProvider \InProcServer32\(Default) = AthCredentialProvider.dll [Qualcomm Atheros Commnucations] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {1ee7337f-85ac-45e2-a23c-37c753209769}\(Default) = Smartcard WinRT Provider -> {HKLM...CLSID} = Smartcard WinRT Provider \InProcServer32\(Default) = C:\WINDOWS\system32\SmartcardCredentialProvider.dll [MS] {ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider -> {HKLM...CLSID} = AthCredentialProvider \InProcServer32\(Default) = AthCredentialProvider.dll [Qualcomm Atheros Commnucations] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Advanced SystemCare\(Default) = {2803063F-4B8D-4dc6-8874-D1802487FE2D} -> {HKLM...CLSID} = CExtMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll [IObit] Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F} -> {HKLM...CLSID} = AppShellPage Class \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [Qualcomm Atheros Commnucations] AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgsea.dll [AVG Technologies CZ, s.r.o.] -> {HKLM...Wow...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgse.dll [AVG Technologies CZ, s.r.o.] IObitUnstaler\(Default) = {B19ED566-D419-470b-B111-3C89040BC027} -> {HKLM...CLSID} = IObitUnstaler Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [IObit] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} -> {HKLM...CLSID} = FTShellContext Class \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [Qualcomm Atheros Commnucations] MWLIVShellExt\(Default) = {B1B294FE-EC1E-4fef-AF68-D34CE3E38157} -> {HKLM...CLSID} = MWLIVShell Class \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll [Egis Technology Inc. ] -> {HKLM...Wow...CLSID} = MWLIVShell Class \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\MWLIVShellExt.dll [Egis Technology Inc. ] ShredderContextMenu\(Default) = {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} -> {HKLM...CLSID} = ShredContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [Egis Technology Inc.] -> {HKLM...Wow...CLSID} = ShredContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec Shredder\x86\ShredderContextMenu.dll [Egis Technology Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ Advanced SystemCare\(Default) = {2803063F-4B8D-4dc6-8874-D1802487FE2D} -> {HKLM...CLSID} = CExtMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll [IObit] IObitUnstaler\(Default) = {B19ED566-D419-470b-B111-3C89040BC027} -> {HKLM...CLSID} = IObitUnstaler Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [IObit] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} -> {HKLM...CLSID} = Ath_CopyHook \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\FolderViewImpl.dll [Qualcomm Atheros Commnucations] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM...CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\WINDOWS\system32\igfxpph.dll [Intel Corporation] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKCU\Software\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice Column Handler -> {HKCU...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll [Apache Software Foundation] -> {HKCU...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgsea.dll [AVG Technologies CZ, s.r.o.] -> {HKLM...Wow...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2015\avgse.dll [AVG Technologies CZ, s.r.o.] IObitUnstaler\(Default) = {B19ED566-D419-470b-B111-3C89040BC027} -> {HKLM...CLSID} = IObitUnstaler Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [IObit] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ EnableCursorSuppression = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\hfm\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\achtergrond van windows photo viewer.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AcerClearfiMediaAutoPlayMOVIE\ Provider = Acer InvokeProgID = AcerClearfiMediaAutoPlayMOVIE\AutoPlay InvokeVerb = open HKLM\SOFTWARE\Classes\AcerClearfiMediaAutoPlayMOVIE\AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\Acer\abMedia\AcerMediaAutoplay.exe %1 MOVIE [Acer Incorporated] AcerClearfiMediaAutoPlayMUSIC\ Provider = Acer InvokeProgID = AcerClearfiMediaAutoPlayMUSIC\AutoPlay InvokeVerb = open HKLM\SOFTWARE\Classes\AcerClearfiMediaAutoPlayMUSIC\AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\Acer\abMedia\AcerMediaAutoplay.exe %1 MUSIC [Acer Incorporated] MSFhConfigBackup\ Provider = @C:\WINDOWS\system32\fhautoplay.dll,-100 InvokeProgID = FHConfig.AutoPlayHandler InvokeVerb = config HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPromptEachTime\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTime HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSPromptEachTimeNoContent\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTimeNoContent HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] NTIBurner\ Provider = NTI Media Maker InvokeProgID = NTIBurnerOpen InvokeVerb = open HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = "C:\Program Files (x86)\NTI\NTI Media Maker 9\Launcher.exe" [null data] Startup items in "hfm" & "All Users" startup folders: ----------------------------------------------------- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp {++} Acer Backup Manager Tray -> shortcut to: C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k [NTI Corporation] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Acrobat Update Task -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] Adobe Flash Player Updater -> launches: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] Adobe Reader and Acrobat Manager -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] ALU -> launches: C:\Program Files (x86)\Acer\Live Updater\updater.exe -auto [null data] ALUAgent -> launches: C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [null data] ASC8_PerformanceMonitor -> launches: C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe /Task [IObit] ASC8_SkipUac_hfm -> launches: C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /SkipUac [IObit] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] DeviceDetector -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [CyberLink] GarminUpdaterTask -> launches: C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [null data] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] iuBrowserIEAgent -> (HIDDEN!) launches: "C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe" [null data] iuEmailOutlookAgent -> (HIDDEN!) launches: "C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe" [null data] Optimize Start Menu Cache Files-S-1-5-21-2871391618-1465616402-3070090435-500 -> launches: {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\twinapi.dll [MS] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\SysWOW64\twinapi.dll [MS] Power Management -> launches: "C:\Program Files\Acer\Acer Power Management\ePowerTray.exe" [Acer Incorporated] StartMenuAutoupdate -> launches: C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe /AUTORUN [IObit] Uninstaller_SkipUac_hfm -> launches: C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer [IObit] User_Feed_Synchronization-{921FB239-8D9D-46A9-B3F3-6A3143384C50} -> (HIDDEN!) launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS] C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework .NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] .NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\AppID SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666} -> {HKLM...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS] -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent /increment [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1} -> {HKLM...CLSID} = Proactive Scan \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66} -> {HKLM...CLSID} = BthSQM \InProcServer32\(Default) = C:\WINDOWS\System32\BthSQM.dll [MS] Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\kernelceip.dll [MS] Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F} -> {HKLM...CLSID} = Data Integrity Scan \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888} -> {HKLM...CLSID} = DsmRefreshTask Class \InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup SilentCleanup -> launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint Diagnostics -> launches: {5b6b6834-34f0-49b9-ad4e-81d4994c7a74} -> {HKLM...CLSID} = Disk Footprint Diagnostics Task \InProcServer32\(Default) = C:\WINDOWS\system32\DfpCommon.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A} -> {HKLM...CLSID} = FhTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3} -> {HKLM...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS] -> {HKLM...Wow...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371} -> {HKLM...CLSID} = PerfTrack TaskHandler class \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PI Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209} -> {HKLM...CLSID} = Device Installation Group Policy Task Handler \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS] Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b} -> {HKLM...CLSID} = Device Installation Reboot Dialog Task \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS] Plug and Play Cleanup -> launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF} -> {HKLM...CLSID} = Plug and Play Maintenance Task \InProcServer32\(Default) = C:\Windows\System32\pnpclean.dll [MS] Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools MRT_HB -> launches: C:\WINDOWS\system32\MRT.exe /EHB /Q [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Servicing StartComponentCleanup -> launches: 752073A1-23F2-4396-85F0-8FDB879ED0ED [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} -> {HKLM...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] BackupTask -> (HIDDEN!) launches: {60A4C78C-E2B8-4E6E-876F-DA203B02C05E} -> {HKLM...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20} -> {HKLM...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43} -> {HKLM...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS] FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA} -> {HKLM...CLSID} = FamilySafety.WebSync \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS] IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SkyDrive Idle Sync Maintenance Task -> launches: {bf6c1e47-86ec-4194-9ce5-13c15dcb2001} [InProcServer32 entry not found] Routine Maintenance Task -> launches: {1b1f472e-3221-4826-97db-2c2324d389ae} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC} -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler Idle Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8} -> {HKLM...CLSID} = Maintenance Configurator \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9} -> {HKLM...CLSID} = Time Synchronization Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS] SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone SynchronizeTimeZone -> launches: %windir%\system32\tzsync.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TPM Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender Windows Defender Cache Maintenance -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance [MS] Windows Defender Cleanup -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup [MS] Windows Defender Scheduled Scan -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob [MS] Windows Defender Verification -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate Scheduled Start -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS] Scheduled Start With Network -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WOF WIM-Hash-Management -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1} -> {HKLM...CLSID} = WOF Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders Work Folders Logon Synchronization -> launches: {97d47d56-3777-49fb-8e8f-90d7e30e1a1e} -> {HKLM...CLSID} = Work Folder Logon Trigger Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] Work Folders Maintenance Work -> launches: {63260bce-a3fb-4a34-aa51-d4d8e877b62b} -> {HKLM...CLSID} = Work Folder Maintenance Task Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WS Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC} -> {HKLM...CLSID} = WinStore Tile Badge Updater \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS] License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS] Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E} -> {HKLM...CLSID} = WinStore License Sync task \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS] WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS] WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\WSService.dll [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-2871391618-1465616402-3070090435-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F37C7F06-0B23-4AD1-9160-1CC285A5E9EC}\(Default) = Easy Capture Manager Print Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\W2PDeskband.dll [Samsung Electronics Co., Ltd.] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {7815BE26-237D-41A8-A98F-F7BD75F71086}\ MenuText = Send by Bluetooth to CLSIDExtension = {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Advanced SystemCare Service 8, AdvancedSystemCareService8, C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [IObit] AtherosSvc, AtherosSvc, C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [Qualcomm Atheros Commnucations] AVG Firewall, avgfws, "C:\Program Files (x86)\AVG\AVG2015\avgfws.exe" [AVG Technologies CZ, s.r.o.] AVG WatchDog, avgwd, "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.] AVGIDSAgent, AVGIDSAgent, "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe" [AVG Technologies CZ, s.r.o.] CCDMonitorService, CCDMonitorService, C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [Acer Incorporated] Dritek RF Button Command Service, RfButtonDriverService, C:\Windows\RfBtnSvc64.exe [Dritek System INC.] Dritek WMI Service, DsiWMIService, C:\Program Files (x86)\Launch Manager\dsiwmis.exe [Dritek System Inc.] ePower Service, ePowerSvc, "C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe" [Acer Incorporated] Garmin Core Update Service, Garmin Core Update Service, "C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe" [null data] IconMan_R, IconMan_R, "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe" [Realsil Microelectronics Inc.] Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation] Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [Intel Corporation] Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation] Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation] LiveUpdate, LiveUpdateSvc, C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [IObit] Network Connection Broker, NcbService, C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\WINDOWS\System32\ncbservice.dll [MS]} NTI IScheduleSvc, NTI IScheduleSvc, C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [NTI Corporation] Rapport Management Service, RapportMgmtService, "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [IBM Corp.] StartMenu8 Service, StartMenuService, C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [IObit] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> SystemEventsBroker, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> SystemEventsBroker, Service <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ ssm1M Langmon\Driver = ssm1mlm.dll [empty string] usp01 Langmon\Driver = usp01l.dll [empty string] ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\hfm\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\hfm\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\hfm\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\hfm\AppData\Local\Microsoft\Windows\INetCache\IE\IAFLRXDB will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\hfm\AppData\Local\Mozilla\Firefox\Profiles\3dszcye3.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\hfm\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=219 folders=88 2155171 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\hfm\AppData\Local\Temp will be emptied at reboot C:\Users\Riekie\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\hfm\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\hfm\AppData\Local\Microsoft\Windows\INetCache\IE\IAFLRXDB" not found ==== EOF on ma 02-02-2015 at 12:35:02,34 ======================