Zoek.exe v5.0.0.0 Updated 03-February-2015 Tool run by Kouwenberg on wo 04-02-2015 at 17:32:27,99. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Kouwenberg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1CLILMR2\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Program Files (x86)\Tyuminates\Tyuminates.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Tyuminates\TyuminatesHelper.exe C:\Windows\system32\conhost.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\taskeng.exe C:\Program Files\My Dell\uaclauncher.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\Kouwenberg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1CLILMR2\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== System Restore Info ====================== 4-2-2015 17:36:56 Zoek.exe System Restore Point Created Succesfully. ==== Windows Installer Info ====================== AxCrypt 1.7.2867.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9108118C5B69BF24A954D5281DBC26EE]C:\Windows\Installer\129658.msi D3DX10 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BD4C90EC03660F46A13E87A329932FA]C:\Windows\Installer\155975.msi Google Earth [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0336A2D4B8F23E11C9048BCAF6798BE8]C:\Windows\Installer\1bea34.msi Google Earth Plug-in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\11F45BA4C8F23E110BF98BCAF6798BE8]C:\Windows\Installer\1967b0f.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\13b4833.msi Junk Mail filter update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\807E9EB00CD53694C9DFA05A9190E097]C:\Windows\Installer\2fbc5e6.msi Logitech Webcam Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\742EF78996E4E2A49A161DF409F1BD6F]C:\Windows\Installer\31e4d39.msi Lyrics Plugin for Windows Media Player [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2EA2003439040E940AD399E01E485C86]C:\Windows\Installer\47a123.msi Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2FA0BBE92DA4ABA359FE79E7EB1ABC90]C:\Windows\Installer\d8ffb4.msi Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE4EBED704B66673BB53C5BB3C58AD73]C:\Windows\Installer\4f6744.msi Microsoft Application Error Reporting [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400100000000F01FEC]C:\Windows\Installer\155961.msi Microsoft PowerPoint Viewer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004159FA0031400000000000F01FEC]C:\Windows\Installer\b8e3df.msi Microsoft Security Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C87C2F32131E0AC4F8484337BF7782AB]c:\Windows\Installer\5d9370.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\Windows\Installer\ce71dd.msi Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D034B0FAA6BD374B960AAD30DF10D8B]C:\Windows\Installer\155991.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3e43b73803c7c394f8a6b2f0402e19c2]C:\Windows\Installer\14942d4.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\27ad7d.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]c:\Windows\Installer\52aa4d.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98]c:\Windows\Installer\52aa53.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\Windows\Installer\c011e.msi Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7205E5CD8E56BC1418C5A9BA84FB8B2E]C:\Windows\Installer\2fbc797.msi Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B4EB76DD26E75124FA3A1F328A003A98]C:\Windows\Installer\2fbc72e.msi MSVCRT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6C64DD86500CEF47BA082BB611A1FF1]C:\Windows\Installer\155949.msi MSVCRT_amd64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\52744B0D6663D294EB6F85A741DBB99D]C:\Windows\Installer\155955.msi MSVCRT110 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8CDD41E806AE81E43B3E917301D4B5AD]C:\Windows\Installer\15594d.msi MSVCRT110_amd64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F187AF9E08E3993428A5DAE3112CC877]C:\Windows\Installer\155951.msi MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217]c:\Windows\Installer\c0112.msi MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE]c:\Windows\Installer\c0118.msi NVIDIA PhysX [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67C4BD9B4A105D6498017FAA3667BDFA]C:\Windows\Installer\5d9337.msi Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4FB8353CB5373F540BE95C140A704E8E]C:\Windows\Installer\2fbc75a.msi Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\048BED4F836BECB4CAB650E73FE10021]C:\Windows\Installer\2fbc790.msi Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E66BAA708174D2242981A4BFC329A217]C:\Windows\Installer\2fbc657.msi Security Update for CAPICOM (KB931906) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9F2FDFE0D6387BE43AD230B83D1FBFA2]C:\Windows\Installer\27b000.msi SkypeT 7.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0AB19942EE0FDA44C98CE55CA0CE6F7B]C:\Windows\Installer\1383577.msi Spotnet [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\236FD8B510DCB324E8476B0E17B8CF25]C:\Windows\Installer\8091b1.msi swMSM [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C43C21609E58D74B9C5F017D78D7262]C:\Windows\Installer\e34830.msi Windows Live Communications Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\80316C14DFC645D4BAA61763DE801AE8]C:\Windows\Installer\2fbc58e.msi Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9A509B147BE07C48BB1F544C6715866]C:\Windows\Installer\2fbc74e.msi Windows Live Family Safety [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BC56C1905EEA5044195608D0F788C001]C:\Windows\Installer\2fbc7a4.msi Windows Live Family Safety [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C84AC3BCBC59B2147BEAF6E28A8F9970]C:\Windows\Installer\2fbc55f.msi Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C27625EC9E0A05448857882A125DDC05]C:\Windows\Installer\155959.msi Windows Live Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C18BC956E45B1FD46B813F757793A345]C:\Windows\Installer\2fbc549.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\730C84D5214D86F41B79500EC34DF604]C:\Windows\Installer\2fbc783.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B62C577B8AAE11A4CAFB675ED26F8B50]C:\Windows\Installer\2fbc600.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2EBA17B53A5670542A72F34F31DF9A4C]C:\Windows\Installer\2fbc766.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B316307EBADBE3346AA6ED20363E3DD5]C:\Windows\Installer\2fbc5df.msi Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\12385052E33CB6949851F66DD463C2FA]C:\Windows\Installer\2fbc550.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4B2346D1D42EE5044ABA7D6E0D88BC9C]C:\Windows\Installer\2fbc5c6.msi Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A8F1162B7EFE88E478D5910FFEEA784E]C:\Windows\Installer\2fbc598.msi Windows Live SOXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00BA1CDCFF107CF418A6616CF790320C]C:\Windows\Installer\2fbc580.msi Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0003981D77AEC394D8DD2E2634E659B9]C:\Windows\Installer\2fbc578.msi Windows Live UX Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C8BD9F007D5674D4BAF56F89EE8385D0]C:\Windows\Installer\2fbc5a9.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A0B2C0921EEC55F4BA645417CE10AD69]C:\Windows\Installer\2fbc744.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\23644217C7B42CA40B4D9FA58CE8AD3D]C:\Windows\Installer\2fbc79f.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5304EB40E8C384B4FB8B615548C9C0B8]C:\Windows\Installer\2fbc73c.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E261E417F4DCB1F43820F7159704C952]C:\Windows\Installer\2fbc627.msi Windows Live Writer Resources [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B219630C148E0F64F9129301503DC9F9]C:\Windows\Installer\2fbc776.msi ==== Empty Folders Check ====================== C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Naver deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Kouwenberg\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Kouwenberg\AppData\Roaming\Opera Software deleted successfully C:\Users\Kouwenberg\AppData\Roaming\uTorrent deleted successfully C:\Users\Kouwenberg\AppData\Roaming\Vso deleted successfully C:\Users\Kouwenberg\AppData\Local\Adobe deleted successfully C:\Users\Kouwenberg\AppData\Local\calibre-cache deleted successfully C:\Users\Kouwenberg\AppData\Local\MigWiz deleted successfully C:\Users\Kouwenberg\AppData\Local\Opera Software deleted successfully C:\Users\Kouwenberg\AppData\Local\softthinks deleted successfully C:\Users\Kouwenberg\AppData\Local\Unity deleted successfully ==== Checking Systemdrive for Symlinks ====================== Het volume in station C heeft geen naam. Het volumenummer is 3E56-92BF Map van C:\ 14-07-2009 06:08 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\Program Files\Windows NT 22-11-2013 11:33 Bureau-accessoires [C:\Program Files\Windows NT\Accessories] 0 bestand(en) 0 bytes Map van C:\ProgramData 14-07-2009 06:08 Application Data [C:\ProgramData] 22-11-2013 11:33 Bureaublad [C:\Users\Public\Desktop] 14-07-2009 06:08 Desktop [C:\Users\Public\Desktop] 22-11-2013 11:33 Documenten [C:\Users\Public\Documents] 14-07-2009 06:08 Documents [C:\Users\Public\Documents] 22-11-2013 11:33 Favorieten [C:\Users\Public\Favorites] 14-07-2009 06:08 Favorites [C:\Users\Public\Favorites] 22-11-2013 11:33 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 22-11-2013 11:33 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14-07-2009 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14-07-2009 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\ProgramData\Microsoft\Windows\Start Menu 22-11-2013 11:33 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users 14-07-2009 06:08 All Users [C:\ProgramData] 14-07-2009 06:08 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 14-07-2009 06:08 Application Data [C:\ProgramData] 22-11-2013 11:33 Bureaublad [C:\Users\Public\Desktop] 14-07-2009 06:08 Desktop [C:\Users\Public\Desktop] 22-11-2013 11:33 Documenten [C:\Users\Public\Documents] 14-07-2009 06:08 Documents [C:\Users\Public\Documents] 22-11-2013 11:33 Favorieten [C:\Users\Public\Favorites] 14-07-2009 06:08 Favorites [C:\Users\Public\Favorites] 22-11-2013 11:33 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 22-11-2013 11:33 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14-07-2009 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14-07-2009 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Microsoft\Windows\Start Menu 22-11-2013 11:33 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default 14-07-2009 06:08 Application Data [C:\Users\Default\AppData\Roaming] 14-07-2009 06:08 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 14-07-2009 06:08 Local Settings [C:\Users\Default\AppData\Local] 22-11-2013 11:33 Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 22-11-2013 11:33 Mijn documenten [C:\Users\Default\Documents] 14-07-2009 06:08 My Documents [C:\Users\Default\Documents] 14-07-2009 06:08 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 22-11-2013 11:33 Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14-07-2009 06:08 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14-07-2009 06:08 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14-07-2009 06:08 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 22-11-2013 11:33 Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 14-07-2009 06:08 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14-07-2009 06:08 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 14-07-2009 06:08 Application Data [C:\Users\Default\AppData\Local] 22-11-2013 11:33 Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14-07-2009 06:08 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14-07-2009 06:08 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 22-11-2013 11:33 Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 22-11-2013 11:33 Mijn afbeeldingen [C:\Users\Default\Pictures] 22-11-2013 11:33 Mijn muziek [C:\Users\Default\Music] 22-11-2013 11:33 Mijn video's [C:\Users\Default\Videos] 14-07-2009 06:08 My Music [C:\Users\Default\Music] 14-07-2009 06:08 My Pictures [C:\Users\Default\Pictures] 14-07-2009 06:08 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Kouwenberg 22-11-2013 11:33 Application Data [C:\Users\Kouwenberg\AppData\Roaming] 22-11-2013 11:33 Cookies [C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Cookies] 22-11-2013 11:33 Local Settings [C:\Users\Kouwenberg\AppData\Local] 22-11-2013 11:33 Menu Start [C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Start Menu] 22-11-2013 11:33 Mijn documenten [C:\Users\Kouwenberg\Documents] 22-11-2013 11:33 NetHood [C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 22-11-2013 11:33 Netwerkprinteromgeving [C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 22-11-2013 11:33 Recent [C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Recent] 22-11-2013 11:33 SendTo [C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\SendTo] 22-11-2013 11:33 Sjablonen [C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Kouwenberg\AppData\Local 22-11-2013 11:33 Application Data [C:\Users\Kouwenberg\AppData\Local] 22-11-2013 11:33 Geschiedenis [C:\Users\Kouwenberg\AppData\Local\Microsoft\Windows\History] 22-11-2013 11:33 Temporary Internet Files [C:\Users\Kouwenberg\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Kouwenberg\AppData\LocalLow 10-04-2014 19:41 PlayReady [C:\ProgramData\Microsoft\PlayReady] 0 bestand(en) 0 bytes Map van C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Start Menu 22-11-2013 11:33 Programma's [C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Kouwenberg\Documents 22-11-2013 11:33 Mijn afbeeldingen [C:\Users\Kouwenberg\Pictures] 22-11-2013 11:33 Mijn muziek [C:\Users\Kouwenberg\Music] 22-11-2013 11:33 Mijn video's [C:\Users\Kouwenberg\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 22-11-2013 11:33 Mijn afbeeldingen [C:\Users\Public\Pictures] 22-11-2013 11:33 Mijn muziek [C:\Users\Public\Music] 22-11-2013 11:33 Mijn video's [C:\Users\Public\Videos] 14-07-2009 06:08 My Music [C:\Users\Public\Music] 14-07-2009 06:08 My Pictures [C:\Users\Public\Pictures] 14-07-2009 06:08 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Map van C:\Users\UpdatusUser 22-11-2013 11:55 Application Data [C:\Users\UpdatusUser\AppData\Roaming] 22-11-2013 11:55 Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies] 22-11-2013 11:55 Local Settings [C:\Users\UpdatusUser\AppData\Local] 22-11-2013 11:55 Menu Start [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu] 22-11-2013 11:55 Mijn documenten [C:\Users\UpdatusUser\Documents] 22-11-2013 11:55 NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 22-11-2013 11:55 Netwerkprinteromgeving [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 22-11-2013 11:55 Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent] 22-11-2013 11:55 SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo] 22-11-2013 11:55 Sjablonen [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\UpdatusUser\AppData\Local 22-11-2013 11:55 Application Data [C:\Users\UpdatusUser\AppData\Local] 22-11-2013 11:55 Geschiedenis [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History] 22-11-2013 11:55 Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu 22-11-2013 11:55 Programma's [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\UpdatusUser\Documents 22-11-2013 11:55 Mijn afbeeldingen [C:\Users\UpdatusUser\Pictures] 22-11-2013 11:55 Mijn muziek [C:\Users\UpdatusUser\Music] 22-11-2013 11:55 Mijn video's [C:\Users\UpdatusUser\Videos] 0 bestand(en) 0 bytes Map van C:\Windows\AppPatch 01-11-2014 12:25 spbin [C:\PROGRA~2\SearchProtect\SearchProtect\bin] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 0 bestand(en) 0 bytes 95 map(pen) 409.367.760.896 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4163636342-2427653924-40305621-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 16 ActiveX Adobe Flash Player 16 NPAPI Alt.Binz 0.39.4 Audacity 2.0.5 AxCrypt 1.7.2867.0 BitTorrent CCleaner Conexant HD Audio D3DX10 DAEMON Tools Lite Dell Backup and Recovery Dell System Detect FBReader for Windows foobar2000 v1.3.4 Freemake Video Converter versie 4.1.5 Google Chrome Google Earth Google Earth Plug-in Google Update Helper ImgBurn Junk Mail filter update LAME v3.99.3 (for Windows) Logitech Webcam Software Lyrics Plugin for Windows Media Player Malwarebytes Anti-Malware versie 2.0.4.1028 Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Application Error Reporting Microsoft OneDrive Microsoft PowerPoint Viewer Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My Dell Nero 8 Lite NVIDIA-configuratiescherm 320.78 NVIDIA 3D Vision stuurprogramma 320.78 NVIDIA Grafisch stuurprogramma 320.78 NVIDIA HD Audio-stuurprogramma 1.1.13.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX systeemsoftware 9.10.0514 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.14.17 NVIDIA Update Components Photo Common Photo Gallery Powerpost QuickPar 0.9 Rainlendar2 (remove only) Realtek Ethernet Controller Driver Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) SkypeT 7.0 Spotnet SumatraPDF swMSM VLC media player WebcamMax Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 5.01 (64-bit) ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\dfcbdlmlolgabkmlmhpbajpejedmdokj deleted C:\PROGRA~3\Adobe deleted C:\Users\Kouwenberg\AppData\Roaming\wss.ini deleted C:\PROGRA~3\Yahoo! deleted C:\PROGRA~3\InstallMate deleted C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Kouwenberg\AppData\LocalLow\Protect deleted C:\Users\Kouwenberg\AppData\LocalLow\{2C09954F-CDA8-4BD1-8794-1D543E050378} deleted C:\Users\Kouwenberg\AppData\LocalLow\{7137906E-F346-29A9-396C-44A0FB1A7874} deleted C:\Users\Kouwenberg\AppData\LocalLow\{83B90DCD-16B8-18D1-D5C7-A232F108E76B} deleted C:\Users\Kouwenberg\AppData\LocalLow\{E6C6497B-0CF9-A2C6-7A09-97F36493189F} deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Users\KOUWEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\978bm9rq.default\extensions\staged deleted C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted "C:\Users\Kouwenberg\AppData\Roaming\Tor\geoip" deleted "C:\Users\Kouwenberg\AppData\Roaming\Tor\torrc" deleted "C:\Users\Kouwenberg\AppData\Roaming\Tor" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 6127 MB CPU Info: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz CPU Speed: 3075,4 MHz Sound Card: Luidsprekers (Conexant HD Audio | Display Adapters: NVIDIA GeForce GT 530 | NVIDIA GeForce GT 530 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Dell E2211H(Digital) | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 2x (D: | G: | ) D: HL-DT-STDVD+-RW GH70N | G: DTSOFT BDROM Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 452,4GB | E: 13,2GB Hard Disks - Free: C: 381,2GB | E: 590,1MB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | 02/22/13 | DELL - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: Dell Inc. 0GDG8Y Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Internet Explorer Version: 11.0.9600.17501 Google Chrome version: 39.0.2171.71 Flash Player version: 16.0.0.296 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\KOUWEN~1\AppData\Local\Temp ==== 2015-02-01 20:03:22 C4228DF58A6044C4B2443F9308D1D29C 2463384 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\Wtmp165610\tmp\XTab_v4.0.exe 2015-02-01 19:57:44 A082E5473B2A9A4D846ED7DDF637AC76 8704 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\SpOrder.dll 2015-02-01 19:43:47 FD5B7F027C810E513961BD79105C5CE7 330223 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\n5021\VOPackage.exe 2015-02-01 19:43:42 CDE952D9C0A563EE744E63D69D8A519C 323680 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\n5021\slb2_mystartsearch_2101-61885dd2.exe 2015-01-31 09:28:32 E8350DD1BBE01D5A6E74BE7B85FA6F6C 17928552 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\line\LineInst.exe 2015-01-31 09:28:31 B6E411E3AEE6656BF6253AF67F740035 829800 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\line\NELO_CrashReporter.exe 2015-01-31 09:28:31 623C9754952A35B018F2448AF8184075 1030144 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\line\dbghelp.dll 2015-01-31 09:28:31 460BBA75C4208D2F348C5C5F78A389B2 182632 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\line\NELO.dll 2015-01-31 09:27:57 27BF98713DFE086CFA62FAE4D709AA0D 1126760 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\line\LineUpgrader.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-01-14 16:17:45 AE3334958D8F631FF14A0AEB3D7EFB3A 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys ====== C:\Windows\Tasks ====== 2015-02-01 20:17:19 A3FC6C67BE23733ED4F10F602D801AEA 3158 ----a-w- C:\Windows\Sysnative\Tasks\{7ED868E6-8638-40DD-BECF-AECFDB8E512F} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-02-03 20:10:10 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-02-01 19:43:44 -------- d-sh--w- C:\PROGRA~2\Tyuminates ======= C: ===== ====== C:\Users\Kouwenberg\AppData\Roaming ====== ====== C:\Users\Kouwenberg ====== 2015-02-03 20:09:28 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Kouwenberg\Desktop\RSITx64.exe ====== C: exe-files == 2015-02-03 20:10:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Kouwenberg.exe 2015-02-03 20:09:28 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Kouwenberg\Desktop\RSITx64.exe 2015-02-01 20:03:22 C4228DF58A6044C4B2443F9308D1D29C 2463384 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\Wtmp165610\tmp\XTab_v4.0.exe 2015-02-01 19:43:47 FD5B7F027C810E513961BD79105C5CE7 330223 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\n5021\VOPackage.exe 2015-02-01 19:43:47 F309A4BC87D2B2ADA95A57373DE8A939 43520 ----a-r- C:\Program Files (x86)\Tyuminates\TyuminatesHelper.exe 2015-02-01 19:43:46 4AEC96190CFCB442AEECB275D73A4470 110080 ----a-w- C:\Program Files (x86)\Tyuminates\temp\certutil.exe 2015-02-01 19:43:45 AE2195D9D957A12F116A2054189DCC0C 3959296 --sh--w- C:\Program Files (x86)\Tyuminates\Tyuminates.exe 2015-02-01 19:43:45 687D44385CD5480112291845087E4F90 7168 --sh--w- C:\Program Files (x86)\Tyuminates\LoopbackForWin8.exe 2015-02-01 19:43:42 CDE952D9C0A563EE744E63D69D8A519C 323680 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\n5021\slb2_mystartsearch_2101-61885dd2.exe 2015-01-31 09:28:32 E8350DD1BBE01D5A6E74BE7B85FA6F6C 17928552 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\line\LineInst.exe 2015-01-31 09:28:31 B6E411E3AEE6656BF6253AF67F740035 829800 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\line\NELO_CrashReporter.exe 2015-01-31 09:27:57 27BF98713DFE086CFA62FAE4D709AA0D 1126760 ----a-w- C:\Users\Kouwenberg\AppData\Local\Temp\line\LineUpgrader.exe === C: other files == 2015-02-03 16:18:11 884AFE6FDB0AF169C7F42377F66E5B29 2984 ----a-w- C:\Users\Kouwenberg\.rainlendar2\backups\20150203-Rainlendar2Backup.zip 2015-02-02 16:09:35 1C25ABF734298A0B2BF1FF2B3FA6E5A2 2984 ----a-w- C:\Users\Kouwenberg\.rainlendar2\backups\20150202-Rainlendar2Backup.zip 2015-02-01 07:23:33 A01B9F858CB60B81E76798F2068598F6 2984 ----a-w- C:\Users\Kouwenberg\.rainlendar2\backups\20150201-Rainlendar2Backup.zip 2015-01-31 07:07:37 DE101F4136DA72F6ED3845F5E2E7BBE5 2984 ----a-w- C:\Users\Kouwenberg\.rainlendar2\backups\20150131-Rainlendar2Backup.zip 2015-01-30 06:53:02 E11B49F49E6A8BC7DC539D1E01501C38 2984 ----a-w- C:\Users\Kouwenberg\.rainlendar2\backups\20150130-Rainlendar2Backup.zip 2015-01-29 16:25:15 B2FEDD669E22B406A8251CE830911AC3 2984 ----a-w- C:\Users\Kouwenberg\.rainlendar2\backups\20150129-Rainlendar2Backup.zip ======== System Restore Points ======== RP225: 18-1-2015 8:51:29 - Windows Update RP226: 21-1-2015 17:37:22 - Windows Update RP227: 25-1-2015 8:40:05 - Windows Update RP228: 29-1-2015 17:35:52 - Windows Update RP229: 2-2-2015 17:22:18 - Windows Update RP230: 2-2-2015 21:28:12 - Herstelbewerking RP231: 3-2-2015 17:28:54 - Windows Update RP232: 3-2-2015 20:18:02 - Removed Java 7 Update 67 RP233: 4-2-2015 17:36:45 - zoek.exe restore point ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ApnUpdater" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cAudioFilterAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cAudioFilterAgent" "hkey"="HKLM" "command"="C:\\Program Files\\Conexant\\cAudioFilterAgent\\cAudioFilterAgent64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellSystemDetect] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DellSystemDetect" "hkey"="HKCU" "command"="C:\\Users\\Kouwenberg\\AppData\\Local\\Apps\\2.0\\44QE9O3A.2NW\\Z7A32VJP.NWR\\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\\DellSystemDetect.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Kouwenberg\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GrooveMonitor" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InetStat] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InetStat" "hkey"="HKCU" "command"="C:\\Users\\Kouwenberg\\AppData\\Roaming\\InetStat\\inetstat.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechQuickCamRibbon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogitechQuickCamRibbon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Logitech\\Logitech WebCam Software\\LWS.exe\" /hide" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Messenger (Yahoo!)" "hkey"="HKCU" "command"="\"C:\\PROGRA~2\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartAudio] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SmartAudio" "hkey"="HKLM" "command"="C:\\Program Files\\CONEXANT\\SAII\\SAIICpl.exe /t" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebcamMaxAutoRun] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WebcamMaxAutoRun" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\WebcamMax\\wcmmon.exe\" -a" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Kouwenberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Productregistratie.lnk] "path"="C:\\Users\\Kouwenberg\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Logitech . Productregistratie.lnk" "backup"="C:\\Windows\\pss\\Logitech . Productregistratie.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\Logitech\\LOGITE~1\\eReg.exe /remind /language=NLD /_WFM=\".\"" "item"="Logitech . Productregistratie" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [25-01-2015 20:48] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22-01-2014 17:10] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"] "C:\Windows\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4163636342-2427653924-40305621-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4163636342-2427653924-40305621-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{3150FF30-9222-4236-8FCF-7DF9B95903BD}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Kouwenberg\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Kouwenberg\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon deleted ==== Chromium Look ====================== Google Chrome Version: 39.0.2171.71 (Possible outdated, latest Stable version: 40.0.2214.94) HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions iahagolkpaghhinaljhjihagjgomdokb - C:\Users\Kouwenberg\AppData\Local\Alexa\atbpg-4YUyhF-1.3.crx[04-02-2014 10:08] Google Slides - Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap DANGDUT.NET - Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahagolkpaghhinaljhjihagjgomdokb Google Wallet - Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage deleted successfully C:\Users\Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Kouwenberg\Desktop\FBReader.lnk - C:\Program Files (x86)\FBReader\FBReader.exe C:\Users\Kouwenberg\Desktop\firefox - Snelkoppeling.lnk - C:\Users\Kouwenberg\Desktop\Tor Browser\Browser\firefox.exe C:\Users\Kouwenberg\Desktop\ImgBurn - Snelkoppeling.lnk - C:\Program Files (x86)\ImgBurn\ImgBurn.exe C:\Users\Kouwenberg\Desktop\MovieMaker - Snelkoppeling.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe C:\Users\Kouwenberg\Desktop\Popcorn Time.lnk - C:\Users\Kouwenberg\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe . C:\Users\Kouwenberg\Desktop\Spotnet - Snelkoppeling.lnk - C:\Program Files (x86)\Spotnet\Spotnet\Spotnet.exe C:\Users\UpdatusUser\Desktop\FBReader.lnk - C:\Program Files (x86)\FBReader\FBReader.exe C:\Users\UpdatusUser\Desktop\QuickPar.lnk - C:\Program Files (x86)\QuickPar\QuickPar.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\Public\Desktop\Dell Backup and Recovery.lnk - C:\Program Files (x86)\Dell Backup and Recovery\Dbr.exe C:\Users\Public\Desktop\Freemake Video Converter.lnk - C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\Logitech-webcamsoftware.lnk - C:\Program Files (x86)\Logitech\Logitech WebCam Software\LWS.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Nero Express.lnk - C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe /w C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\WebcamMax.lnk - C:\Program Files (x86)\WebcamMax\WebcamMax.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Kouwenberg\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe . C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Kouwenberg\AppData\Local\Popcorn Time\Uninstall.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk - C:\Program Files (x86)\SumatraPDF\SumatraPDF.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster STUDIO.lnk - C:\Program Files (x86)\SpacialAudio\SAMBC\SAMBC.exe /FBSS C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Kouwenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyServer"="http=127.0.0.1:9880;https=127.0.0.1:9880" "ProxyOverride"="" "ProxyEnable"=dword:00000001 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Uninstall List x64 ====================== Adobe Flash Player 16 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Flash Player 16 NPAPI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] Alt.Binz 0.39.4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alt.Binz] Audacity 2.0.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1] AxCrypt 1.7.2867.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C8118019-96B5-42FB-9A45-5D82D1CB62EE}] BitTorrent [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent] CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner] Conexant HD Audio [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_AUDIO_HDA] D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}] DAEMON Tools Lite [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite] Dell Backup and Recovery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}] Dell System Detect [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\9204f5692a8faf3b] FBReader for Windows [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FBReader for Windows] foobar2000 v1.3.4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\foobar2000] Freemake Video Converter versie 4.1.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freemake Video Converter_is1] Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Earth [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}] Google Earth Plug-in [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] ImgBurn [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ImgBurn] Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}] LAME v3.99.3 (for Windows) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LAME_is1] Logitech Webcam Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{987FE247-4E69-4A2E-A961-D14F901FDBF6}] Lyrics Plugin for Windows Media Player [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{43002AE2-4093-49E0-A03D-990EE184C568}] Malwarebytes Anti-Malware versie 2.0.4.1028 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] Microsoft .NET Framework 4.5.1 (Nederlands) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043] Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft OneDrive [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe] Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{23F2C78C-E131-4CA0-8F84-3473FB7728BA}] Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DC5E5027-65E8-41CB-815C-9AAB48BFB8E2}] Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD67BE4B-7E62-4215-AFA3-F123A800A389}] MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}] MSVCRT_amd64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}] MSVCRT110 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}] MSVCRT110_amd64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9FA781F-3E80-4399-825A-AD3E11C28C77}] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] My Dell [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC-Doctor for Windows] Nero 8 Lite [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Nero8Lite_is1] NVIDIA-configuratiescherm 320.78 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] NVIDIA 3D Vision stuurprogramma 320.78 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] NVIDIA Grafisch stuurprogramma 320.78 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] NVIDIA HD Audio-stuurprogramma 1.1.13.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] NVIDIA PhysX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}] NVIDIA PhysX systeemsoftware 9.10.0514 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] NVIDIA Stereoscopic 3D Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAStereo] NVIDIA Update 1.14.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] NVIDIA Update Components [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update] Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3538BF4-735B-45F3-B09E-C541A007E4E8}] Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07AAB66E-4718-422D-9218-4AFB3C922A71}] Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F4DEB840-B638-4BCE-AC6B-057EF31E0012}] Powerpost [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Product_Name] QuickPar 0.9 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QuickPar] Rainlendar2 (remove only) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Rainlendar2] Realtek Ethernet Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] Security Update for CAPICOM (KB931906) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}] SkypeT 7.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] Spotnet [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5B8DF632-CD01-423B-8E74-B6E0718BFC52}] SumatraPDF [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SumatraPDF] swMSM [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] VLC media player [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player] WebcamMax [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WebcamMax] Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1B905A9B-EB74-4C70-B81B-5F446C178566}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite] Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}] Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{091C65CB-AEE5-4405-9165-800D7F880C10}] Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CE52672C-A0E9-4450-8875-88A221D5CD50}] Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{659CB81C-B54E-4DF1-B618-F35777393A54}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5D48C037-D412-4F68-B197-05E03CD46F40}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5B71ABE2-65A3-4507-A227-3FF413FDA9C4}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E703613B-BDAB-433E-A66A-DE0263E3D35D}] Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{25058321-C33E-496B-8915-6FD64D362CAF}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}] Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}] Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}] Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D1893000-EA77-493C-8DDD-E262436E959B}] Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{290C2B0A-CEE1-4F55-AB46-4571EC01DA96}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{71244632-4B7C-4AC2-B0D4-F95AC88EDAD3}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{714E162E-CD4F-4F1B-8302-7F5179409C25}] Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C036912B-E841-46F0-9F21-391005D39C9F}] WinRAR 5.01 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver] ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\d7c1aef8-c8f1-48d7-9d75-76457c205b37 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InetStat deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Tyuminates - Unknown owner - C:\Program Files (x86)\Tyuminates\Tyuminates.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Aanmeldhulp voor Microsoft-account \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Aanmeldhulp voor Microsoft-account \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\Kouwenberg\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\Kouwenberg\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\Kouwenberg\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...Wow...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\Kouwenberg\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...Wow...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\Kouwenberg\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...Wow...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\Kouwenberg\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS] {C3DFC144-30F8-4138-81F9-578DBEB9324A} = AxCrypt File Encryption -> {HKLM...CLSID} = axcrypt.File \InProcServer32\(Default) = C:\Program Files\Axantum\AxCrypt\AxCryptShellExt.dll [Axantum Software AB] {B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler -> {HKLM...Wow...CLSID} = NeroDigitalIconHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] {7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler -> {HKLM...Wow...CLSID} = NeroDigitalPropSheetHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Kouwenberg\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [MS] -> {HKCU...Wow...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Kouwenberg\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ axcrypt.File\(Default) = {C3DFC144-30F8-4138-81F9-578DBEB9324A} -> {HKLM...CLSID} = axcrypt.File \InProcServer32\(Default) = C:\Program Files\Axantum\AxCrypt\AxCryptShellExt.dll [Axantum Software AB] EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Kouwenberg\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [MS] -> {HKCU...Wow...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Kouwenberg\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Kouwenberg\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll [MS] -> {HKCU...Wow...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Kouwenberg\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler -> {HKLM...Wow...CLSID} = NeroDigitalColumnHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ axcrypt.File\(Default) = {C3DFC144-30F8-4138-81F9-578DBEB9324A} -> {HKLM...CLSID} = axcrypt.File \InProcServer32\(Default) = C:\Program Files\Axantum\AxCrypt\AxCryptShellExt.dll [Axantum Software AB] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableLockWorkstation = (REG_DWORD) dword:0x00000000 {unrecognized setting} LogonHoursAction = (REG_DWORD) dword:0x00000002 {unrecognized setting} DontDisplayLogonHoursWarnings = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] PCDEventLauncherTask -> launches: "C:\Program Files\My Dell\sessionchecker.exe" [PC-Doctor, Inc.] PCDoctorBackgroundMonitorTask -> launches: "C:\Program Files\My Dell\uaclauncher.exe" -backgroundmon scripts\backgroundmon.xml -st PCDoctorBackgroundMonitorTask --ignoresecondarysplash --runsilently [PC-Doctor, Inc.] RealDownloaderRealUpgradeLogonTaskS-1-5-21-4163636342-2427653924-40305621-1000 -> launches: C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /logoncheck [file not found] RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4163636342-2427653924-40305621-1000 -> launches: C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe /scheduledcheck [file not found] SystemToolsDailyTest -> launches: "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently [file not found] User_Feed_Synchronization-{3150FF30-9222-4236-8FCF-7DF9B95903BD} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS] {604AFA6B-E538-4EBB-A1A5-FB627FF6C224} -> launches: C:\Windows\system32\pcalua.exe -a G:\SETUP.EXE -d G:\ [MS] {6B13ED86-9E76-4936-B86C-8DC9EDE7F4E5} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Kouwenberg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OMW5S0Z\32bit_Win7_Win8_Win81_R273.exe" -d C:\Users\Kouwenberg\Desktop [MS] {7ED868E6-8638-40DD-BECF-AECFDB8E512F} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Kouwenberg\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=brd [MS] C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware Microsoft Antimalware Scheduled Scan -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS] Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem Calibration Loader -> launches: {B210D694-C8DF-490d-9576-9E20CDBC20BD} -> {HKLM...CLSID} = Color Calibration Loader \InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS] -> {HKLM...Wow...CLSID} = Color Calibration Loader \InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-4163636342-2427653924-40305621-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Firebird Guardian - DefaultInstance, FirebirdGuardianDefaultInstance, "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe" -s DefaultInstance [Firebird Project] Firebird Server - DefaultInstance, FirebirdServerDefaultInstance, "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe" -s DefaultInstance [Firebird Project] Machine Debug Manager, MDM, "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [MS] Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS] Microsoft Netwerkinspectie, NisSrv, "c:\Program Files\Microsoft Security Client\NisSrv.exe" [MS] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation] Tyuminates, Tyuminates, C:\Program Files (x86)\Tyuminates\Tyuminates.exe [null data] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> MsMpSvc, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> MsMpSvc, Service <> PEVSystemStart, Service <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kouwenberg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kouwenberg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1CLILMR2 will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Kouwenberg\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=37 folders=27 7310134 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Kouwenberg\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\KOUWEN~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Kouwenberg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1CLILMR2" not found ==== EOF on wo 04-02-2015 at 17:50:19,33 ======================