Zoek.exe v5.0.0.0 Updated 05-February-2015 Tool run by Erik on do 05/02/2015 at 17:04:48,38. Microsoft Windows 7 Professional 6.1.7600 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Erik\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2014-01-30-182259.log 11930 bytes C:\zoek-results2014-02-01-134617.log 56579 bytes C:\zoek-results2014-02-01-172357.log 11875 bytes C:\zoek-results2014-02-02-195714.log 2773 bytes C:\zoek-results2014-02-02-200201.log 23535 bytes C:\zoek-results2014-02-05-072011.log 52396 bytes C:\zoek-results2014-02-05-090324.log 5337 bytes C:\zoek-results2014-04-26-154328.log 20149 bytes ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Fingerprint Sensor\AtService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Acer Bio Protection\CompPtcVUI.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2014\avgidsagent.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Acer\Empowering Technology\Service\ETService.exe C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Windows\system32\FsUsbExService.Exe C:\Program Files\Acer\Registration\GregHSRW.exe C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe C:\Program Files\Acer Bio Protection\BASVC.exe C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe C:\Program Files\Launch Manager\LManager.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Windows\PLFSetI.exe C:\Program Files\Acer Bio Protection\PdtWzd.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Erik\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wuauclt.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\msiexec.exe C:\Users\Erik\Desktop\zoek.exe C:\Users\Erik\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== Empty Folders Check ====================== C:\Program Files\Freemake deleted successfully C:\PROGRA~2\Freemake deleted successfully C:\Users\Erik\AppData\Local\PDFCreator deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2774006475-2745618473-1495315895-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32C256F-65EF-4FF6-9EF1-B69AACCE885C} deleted successfully HKEY_USERS\S-1-5-21-2774006475-2745618473-1495315895-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74CEF2C-9776-44C2-BA9-3980F2DA175D} deleted successfully HKEY_USERS\S-1-5-21-2774006475-2745618473-1495315895-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{947E7CDC-D576-44B9-A092-563C913673D} deleted successfully HKEY_USERS\S-1-5-21-2774006475-2745618473-1495315895-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A97F21EF-DD8A-4797-9288-AC81E998AF7} deleted successfully HKEY_USERS\S-1-5-21-2774006475-2745618473-1495315895-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B19DDB91-12D5-4610-9535-3A36C09BD745} deleted successfully HKEY_USERS\S-1-5-21-2774006475-2745618473-1495315895-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD964FC2-C48A-4774-82DB-BAC98FB26AD8} deleted successfully HKEY_USERS\S-1-5-21-2774006475-2745618473-1495315895-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC74FF9B-43B7-40A3-8B71-165E8B698F9D} deleted successfully HKEY_USERS\S-1-5-21-2774006475-2745618473-1495315895-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E375039C-3463-4390-99EC-876D7634B91F} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\BRECHT~1\AppData\Roaming\Mozilla\Firefox\Profiles\0cga71le.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20150502_1752_.backup ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\0 ---- FireFox user.js and prefs.js backups ---- user_20150502_1752_.backup prefs_20150502_1752_.backup ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\rgggdyce.default user.js not found ---- Lines WiseEnhance removed from prefs.js ---- user_pref("extensions.WiseEnhance.asul", "1398455679529"); user_pref("extensions.WiseEnhance.aul", "1398455695999"); user_pref("extensions.WiseEnhance.irl", true); user_pref("extensions.WiseEnhance.is", "isgiwhBE"); user_pref("extensions.WiseEnhance.ug", "B061DD5B-5997-4D66-9732-99CEE0EB182E"); ---- FireFox user.js and prefs.js backups ---- prefs_20150502_1752_.backup ProfilePath: C:\Users\JENSVA~1\AppData\Roaming\Mozilla\Firefox\Profiles\jewkscw6.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20150502_1752_.backup ProfilePath: C:\Users\PATRIC~1\AppData\Roaming\Mozilla\Firefox\Profiles\a0e77qf4.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20150502_1752_.backup ==== Deleting Files \ Folders ====================== C:\Users\Erik\.android deleted C:\Program Files\ProtectDisc Driver Installer deleted C:\~MG_0005.tmp deleted C:\~MG_0006.tmp deleted C:\found.000 deleted C:\Users\Erik\AppData\Roaming\MAGIX deleted C:\Users\Erik\AppData\Roaming\temp.ini deleted C:\Users\Erik\AppData\Roaming\pdfforge deleted C:\Users\Erik\AppData\Roaming\OpenCandy deleted C:\Users\Jens Vanhoof\AppData\Roaming\MAGIX deleted C:\PROGRA~2\MAGIX deleted C:\Windows\wininit.ini deleted C:\Windows\system32\GroupPolicy\Machine deleted C:\Windows\system32\GroupPolicy\User deleted C:\Windows\system32\GroupPolicy\gpt.ini deleted C:\Windows\System32\lMMLDeleteUserData42107612FX.tmp deleted "C:\Program Files\Acer Bio Protection\ACERWMI.dll" deleted "C:\Program Files\Acer Bio Protection\BASVC.exe" deleted "C:\Program Files\Acer Bio Protection\CompPtcVUI.exe" deleted "C:\Program Files\Acer Bio Protection\CustomRes_Acer.dll" deleted "C:\Program Files\Acer Bio Protection\PdtWzd.exe" deleted "C:\Program Files\Acer Bio Protection\PwdFilter.dll" deleted "C:\Program Files\Acer Bio Protection" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Erik\AppData\Local\Temp ==== 2015-02-04 17:38:17 A082E5473B2A9A4D846ED7DDF637AC76 8704 ----a-w- C:\Users\Erik\AppData\Local\Temp\SpOrder.dll 2015-02-04 17:13:22 4447723C9263C249C25E9EB93A759E52 1153144 ----a-w- C:\Users\Erik\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe 2015-02-04 09:49:01 B57B0E3F18E5A0E9BE67592E9AFB9A3D 629944 ------w- C:\Users\Erik\AppData\Local\Temp\PositiveFinds\Setup.exe ====== Java Cache ===== 2015-02-05 16:01:08 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Erik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-409de25b 2015-02-05 16:01:04 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Erik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6464ebb4 2015-02-05 16:01:04 B42E2F8DC42238A6019B0DB8C8C29A0E 424 ----a-w- C:\Users\Erik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2015-02-05 16:01:02 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Erik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-7d01b204 2015-02-05 16:01:04 34FA8033B50A3F99D3AB8209C72C0ABA 6860 ----a-w- C:\Users\Erik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-17e3df99 ====== C:\Windows\system32 ===== 2015-02-05 16:00:15 F686D185C5DE79A6E7DC7FEC7119CF56 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2015-02-04 17:38:48 89E95EC1B2DB35DF402222DF1A5B63CC 98488 ----a-w- C:\Windows\System32\pdfcmon.dll 2015-02-04 17:38:22 4A27F070D7A1DC652D7D3E6E38DAEDCD 2848 ----a-w- C:\Windows\System32\LavasoftTcpServiceOff.ini 2015-02-04 17:38:22 147D85DAEE09FCED1B474D801DD41445 5152 ----a-w- C:\Windows\System32\LavasoftTcpService.ini 2015-02-04 17:38:14 71D311C224FF8690D7CF7C2BA7219009 332216 ----a-w- C:\Windows\System32\LavasoftTcpService.dll ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== 2015-01-31 13:55:47 -------- d-----w- C:\Windows\system32\Tasks\NCH Software 2015-01-29 17:38:36 E7EA9DCDBDB4F9C0E15C9AD8361F9C47 3580 ----a-w- C:\Windows\system32\Tasks\Launch HTC Sync Loader ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-02-05 16:00:28 -------- d-----w- C:\Program Files\Common Files\Java 2015-02-04 17:38:47 -------- d-----w- C:\Program Files\PDFCreator 2015-02-04 17:37:16 -------- d-----w- C:\Program Files\Lavasoft 2015-02-04 17:15:19 -------- d-----w- C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602 2015-02-04 17:15:16 -------- d-----w- C:\Program Files\Positive Finds 2015-01-31 13:55:40 -------- d-----w- C:\Program Files\NCH Software 2015-01-29 17:42:54 -------- d-----w- C:\Program Files\Spirent Communications 2015-01-29 17:35:25 -------- d-----w- C:\Program Files\MSXML 4.0 2015-01-24 11:45:52 -------- d-----w- C:\Program Files\HTC ======= C: ===== ====== C:\Users\Erik\AppData\Roaming ====== 2015-02-04 17:51:06 -------- d-----w- C:\Users\Erik\AppData\Local\pdfforge 2015-02-04 17:38:34 -------- d-----w- C:\Users\Erik\AppData\Local\Lavasoft 2015-02-04 17:35:46 -------- d-----w- C:\Users\Erik\AppData\Roaming\Lavasoft 2015-01-31 13:55:46 -------- d-----w- C:\Users\Erik\AppData\Roaming\NCH Software 2015-01-29 17:43:53 -------- d-----w- C:\Users\Erik\AppData\Local\HTC MediaHub 2015-01-29 17:40:01 -------- d-----w- C:\Users\Erik\AppData\Local\Htc 2015-01-29 17:39:54 -------- d-----w- C:\Users\Erik\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 2015-01-24 11:47:37 -------- d-----w- C:\Users\Erik\AppData\Roaming\HTC ====== C:\Users\Erik ====== 2015-02-05 15:59:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-02-05 15:59:15 -------- d-----w- C:\ProgramData\Oracle 2015-02-04 17:39:11 -------- d-----w- C:\ProgramData\PDF Architect 2 2015-02-04 17:38:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2015-02-04 17:37:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-02-04 17:35:46 -------- d-----w- C:\ProgramData\Lavasoft 2015-02-04 17:15:18 -------- d-----w- C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602 2015-02-04 17:13:22 DA195EB29474C79EEE34AC5F9C791D17 27843432 ----a-w- C:\Users\Erik\Desktop\PDFCreator-1_7_3_setup.exe 2015-02-04 17:13:22 0D5F3E3FF517F1DF693CA90659287DC9 32845784 ----a-w- C:\Users\Erik\Desktop\VidPlayaSetup_v2.exe 2015-01-31 13:55:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2015-01-31 13:55:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs 2015-01-31 13:55:40 -------- d-----w- C:\ProgramData\NCH Software 2015-01-29 17:43:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2015-01-29 17:38:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync 2015-01-24 11:46:51 -------- d-----w- C:\ProgramData\HTC ====== C: exe-files == 2015-02-05 16:27:45 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe 2015-02-05 16:27:44 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe 2015-02-05 16:27:44 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateSetup.exe 2015-02-05 16:27:44 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateBroker.exe 2015-02-05 16:27:37 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe 2015-02-05 16:27:35 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe 2015-02-05 16:27:35 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler64.exe 2015-02-05 16:27:34 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files\Google\Update\1.3.26.9\GoogleUpdate.exe 2015-02-05 16:27:30 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\Install\{F684F236-1BED-4B98-8440-A696D9A78AC4}\GoogleUpdateSetup.exe 2015-02-05 16:27:30 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe 2015-02-05 15:59:36 B0D46640968F989830413EB88F43E0D0 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-02-05 15:59:36 52C8B9FD016E6317FDB151296FF90877 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-02-05 15:59:36 3E72E1AB196855916E2065C604674631 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-02-05 15:59:24 F9D744CD9BC58F287F8FA59D32508EDD 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\orbd.exe 2015-02-05 15:59:24 F5EA785B2BCC08DC28CBC2D96E05F2C1 68520 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe 2015-02-05 15:59:24 DF1C8EDDAF14D2960A06A9DF7B2D0A89 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\java-rmi.exe 2015-02-05 15:59:24 DBB5C8AE19ACFA2857CFB90C7305AC56 51112 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\ssvagent.exe 2015-02-05 15:59:24 DA34E76DE9CD93471F24E7BD43139958 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\kinit.exe 2015-02-05 15:59:24 CDB1FE0DCF2ADB755EBF65C8AEBBC871 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\servertool.exe 2015-02-05 15:59:24 B0D46640968F989830413EB88F43E0D0 176552 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\java.exe 2015-02-05 15:59:24 AF82EA1498FEC5C49B8A1AE5AA0A5F6C 77224 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\jp2launcher.exe 2015-02-05 15:59:24 A8884FB8246655C84F110E77DF5E1B4A 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\ktab.exe 2015-02-05 15:59:24 90C02BD6D01BBC1C620323F9E330E89C 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\jjs.exe 2015-02-05 15:59:24 8B6DF9CD28359C5E819446FD79CE3948 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\rmiregistry.exe 2015-02-05 15:59:24 7479DA0BED071427A3F0017AC51CC27B 159656 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\unpack200.exe 2015-02-05 15:59:24 69BD74EE834B5629226BF89468B8020B 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\keytool.exe 2015-02-05 15:59:24 5F7C51E0DCA813D647F14FC12AE675F2 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\policytool.exe 2015-02-05 15:59:24 577F5DCBA4DE4C345631873670F84E79 16296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\tnameserv.exe 2015-02-05 15:59:24 52C8B9FD016E6317FDB151296FF90877 272296 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\javaws.exe 2015-02-05 15:59:24 3E72E1AB196855916E2065C604674631 176552 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe 2015-02-05 15:59:24 39685FC75B6FB2144E793595F1AB111D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\pack200.exe 2015-02-05 15:59:24 2F77C9862B1A2401278C4A5B932DA69D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\klist.exe 2015-02-05 15:59:24 0FB2ACAC796B166F6486B593B604A3FF 15784 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\rmid.exe 2015-02-05 15:59:24 063A1044A451660B159426B9C5E75957 30632 ----a-w- C:\Program Files\Java\jre1.8.0_31\bin\jabswitch.exe 2015-02-05 15:57:58 CA2522F1E480FA299060C05B859DE16D 639912 ----a-w- C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FUBA1M5Z\JavaSetup8u31[1].exe 2015-02-05 15:57:56 CA2522F1E480FA299060C05B859DE16D 639912 ----a-w- C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O0S32PZH\JavaSetup8u31[1].exe 2015-02-04 18:28:18 0739ACE3F8013D65099AE1656214142B 795728 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.94\40.0.2214.94_40.0.2214.93_chrome_updater_b.exe 2015-02-04 18:21:38 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZ5V88ZC\RSIT[1].exe 2015-02-04 17:39:11 962B579365EB2647840D80E23726C7F7 10718760 ----a-w- C:\ProgramData\PDF Architect 2\Installation\PDFArchitect2Installer.exe 2015-02-04 17:38:55 94309ED7C5B17CFE3948AB6E2B5E93BE 306856 ----a-w- C:\Program Files\PDFCreator\DeleteMonitorDll.exe 2015-02-04 17:38:53 B8E15EDCE5E4CB058FCFFDD4EEB11B41 758944 ----a-w- C:\Program Files\PDFCreator\Images2PDF\Images2PDF.exe 2015-02-04 17:38:53 826AA50E1B9F0A5E05B9437AB6C2280D 174240 ----a-w- C:\Program Files\PDFCreator\Images2PDF\Images2PDFC.exe 2015-02-04 17:38:50 8AC556B9AE874C735C73D36E4EBADC66 13824 ----a-w- C:\Program Files\PDFCreator\RepairFolderPermissions.exe 2015-02-04 17:38:49 B721158F2CE6B342B5ED617BE0A89D46 5366832 ----a-w- C:\Program Files\PDFCreator\PrinterHelper.exe 2015-02-04 17:38:49 ADB4F58EEB26F849FDDE43E9529B5700 54824 ----a-w- C:\Program Files\PDFCreator\SetupHelper.exe 2015-02-04 17:38:49 76A45880826FF373CB95C2D02FF24769 51200 ----a-w- C:\Program Files\PDFCreator\ErrorReport.exe 2015-02-04 17:38:48 2294E3E468279EB70EC21F05565B2D60 1118760 ----a-w- C:\Program Files\PDFCreator\PDFCreator.exe 2015-02-04 17:38:47 B96D09AC0A030273B4DC1A980E3C56D8 720816 ----a-w- C:\Program Files\PDFCreator\unins000.exe 2015-02-04 17:38:47 60B4FBC99C6A051DA18797CDBF29EE76 143360 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Bin\gswin32c.exe 2015-02-04 17:35:23 10A0405E4BFECD875A5EAA493DB1D207 8066184 ----a-w- C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBTHUMRZ\WebCompanionInstaller[1].exe 2015-02-04 17:12:51 28DD7D9FA728B8F9B89E5796B2CC4EE5 373088 ----a-w- C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBTHUMRZ\SoftonicDownloader_voor_pdfcreator[1].exe 2015-02-04 16:54:21 0785283126950F03247C5959F63CED99 373104 ----a-w- C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJE701M0\SoftonicDownloader_voor_pdf-split-and-merge[1].exe 2015-02-04 15:49:16 C21F358D88148141044CAFD4C92FD439 549624 ------w- C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\PluginContainer.exe 2015-02-04 14:49:07 7622BC1F2583CA3500A27214C3386DB9 351992 ------w- C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\Updater.exe 2015-02-04 09:48:54 BD51EA63CAE142030056DD76267B2804 314616 ----a-w- C:\Program Files\Positive Finds\Uninstaller.exe 2015-01-31 13:55:44 06846CD05CED7E7B3C3179E9A2AFCF10 962608 ----a-w- C:\Program Files\NCH Software\WavePad\wavepadsetup_v6.05.exe 2015-01-31 13:55:40 18DFE2C522CA0E71A8786FCAA9B5BE57 2754608 ----a-w- C:\Program Files\NCH Software\WavePad\wavepad.exe 2015-01-31 13:55:31 06846CD05CED7E7B3C3179E9A2AFCF10 962608 ----a-w- C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FUBA1M5Z\wpsetup[1].exe 2015-01-29 17:40:46 50A8E0F02BEE2A4E1D7374C949657AAE 137130712 ----a-w- C:\ProgramData\HTC\HTC MediaHub\HSMSetup\HSMSetup.exe 2015-01-29 17:36:41 A73326AF05962C9B4FF2499073C26BCC 114688 ----a-w- C:\Program Files\HTC\Internet Pass-Through\htcnat.exe 2015-01-29 17:36:41 3CAE2BBC86FCF7F94C9696994AF30386 167424 ----a-w- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 2015-01-29 17:35:47 EF0636024103946DD43F4A3268DC7673 130408 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe 2015-01-29 17:35:47 BC666CA53CA5656CD758D78A04521ADB 54632 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe 2015-01-29 17:35:47 BC666CA53CA5656CD758D78A04521ADB 54632 ----a-w- C:\Program Files\Adobe\Flash Player\AddIns\airappinstaller\airappinstaller.exe 2015-01-29 17:35:47 5F236C6CB5A434D03D9FDE5F58AD0E44 103272 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe 2015-01-29 17:35:47 596F766685BAFC71A9949839DF9D88C9 59392 ----a-w- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe === C: other files == 2015-02-05 15:59:24 3315140254247E248C3531F159C79109 14130 ----a-w- C:\Program Files\Java\jre1.8.0_31\lib\deploy\ffjcext.zip 2015-02-04 17:39:02 880838A24C2DFA4CB3394A9F863B9F41 1155824 ----a-w- C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlWeekly.zip 2015-02-04 17:39:02 7D00072C9A70399573D06A6772C1FEDA 223705 ----a-w- C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlDaily.zip 2015-02-04 17:38:51 FDF4B7FA98573492A62B6CCA14815FDE 143 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\gsdj.bat 2015-02-04 17:38:51 EB12B1B17BAE9ACDF5F730E8A8B8F482 586 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\ps2pdf.bat 2015-02-04 17:38:51 E73952C1808EAD40B09F9D840E607AD7 404 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\ps2pdf14.bat 2015-02-04 17:38:51 E58297722D0D22B3ECF9D75020681EB0 1131 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\ps2epsi.bat 2015-02-04 17:38:51 E35C2A861E7B51C8EE01DCAE82CAEA3C 528 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\ps2ps2.bat 2015-02-04 17:38:51 DD77E8B85DD9BBD39375B4D815585E68 395 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\ps2ascii.bat 2015-02-04 17:38:51 D3C17D58EDD85ACA947A0AC0091C5660 271 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\pf2afm.bat 2015-02-04 17:38:51 CFFD874A35D9D00EFB491B496D3E9ED2 138 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\lpr2.bat 2015-02-04 17:38:51 CF9072C32D56E2C7FE85DCA673C137CA 582 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\eps2eps.bat 2015-02-04 17:38:51 BCF7A957306F77B76859FD630037010F 71 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\gstt.bat 2015-02-04 17:38:51 BC46A12DC0921BDBAE711E0FAC153860 70 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\gst.bat 2015-02-04 17:38:51 B82F9935BFA11419EC6C363A29AE05E1 1460 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\ps2pdfxx.bat 2015-02-04 17:38:51 B39534F9E53A4FCC4F28CF99FCEDF6B1 144 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\gslj.bat 2015-02-04 17:38:51 AA00A6C11C781CC0A77BC45AA5E80BF4 404 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\ps2pdf13.bat 2015-02-04 17:38:51 A66ED14A1C9E5A6C6D01DB13F8671E45 141 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\gslp.bat 2015-02-04 17:38:51 A4F047184CC16140D2E45A2E5FED373D 256 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\pfbtopfa.bat 2015-02-04 17:38:51 A128F19C0DEDEBD0DE6AD344A4D0F01E 146 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\gsdj500.bat 2015-02-04 17:38:51 94973BD32C37A479321FEA658C59916D 184 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\gssetgs32.bat 2015-02-04 17:38:51 94973BD32C37A479321FEA658C59916D 184 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\gssetgs.bat 2015-02-04 17:38:51 89ABF67457237ABBA1540A8C918BDD92 318 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\pdf2dsc.bat 2015-02-04 17:38:51 82A2806EA432236F246B022F310DEBF1 1521 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\pftogsf.bat 2015-02-04 17:38:51 72DD78C9F9C476DE6F277456CBF875F4 88 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\lp386r2.bat 2015-02-04 17:38:51 6FC26133FCAF67CBAD5D0F315D8B8149 92 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\gsnd.bat 2015-02-04 17:38:51 60575A02493E499946423A5CDFF1B07D 184 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\gssetgs64.bat 2015-02-04 17:38:51 5BC0A2090A05779D8AE6BFC6FA11717E 95 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\gsndt.bat 2015-02-04 17:38:51 5083568FE7F99A27106D38F15A1DE8DA 404 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\ps2pdf12.bat 2015-02-04 17:38:51 4AEE03647E3F453C76B47E65F82B7F94 145 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\lpgs.bat 2015-02-04 17:38:51 44DDCD1EE83B17FDEFA39E8F31DF1A81 141 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\wmakebat.bat 2015-02-04 17:38:51 0CB25A3A955DE32499E22268ADCD5D0A 126 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\font2c.bat 2015-02-04 17:38:51 09FE49F06BF6EFDB213F745E5C5920C2 141 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\gsbj.bat 2015-02-04 17:38:51 09863BD713D6594134265D864B4729FD 95 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\lp386.bat 2015-02-04 17:38:51 07FCB58D7BB449B4BC1125BA5B73D690 494 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\pdf2ps.bat 2015-02-04 17:38:51 025E7D6CD7027E0703D2F45641E1D0A2 501 ----a-w- C:\Program Files\PDFCreator\Ghostscript\Lib\ps2ps.bat 2015-02-04 17:38:34 D8C9C6BB78AA6DEDAD10D021A586AA1B 528 ----a-w- C:\ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zip 2015-02-04 17:15:19 5671493F3E5284BB5009D4FACD0B2D7F 5763 ----a-w- C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\rgggdyce.default\extensions\{27b7c23c-50cd-4b3c-a6c1-8e45175b2442}.xpi 2015-02-04 17:15:19 5671493F3E5284BB5009D4FACD0B2D7F 5763 ----a-w- C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{27b7c23c-50cd-4b3c-a6c1-8e45175b2442}.xpi 2015-02-04 01:09:49 5671493F3E5284BB5009D4FACD0B2D7F 5763 ----a-w- C:\Program Files\Positive Finds\Extensions\{27b7c23c-50cd-4b3c-a6c1-8e45175b2442}.xpi 2015-01-29 17:43:14 950CC1E6AE3A6CD23E0945CDE089B02C 25088 ----a-w- C:\Program Files\HTC\HTC Driver\Driver Files\Win7_x86\androidusb.sys 2015-01-29 17:43:14 89E2296561FCE84AC9F34EE7243D78AC 105984 ----a-w- C:\Program Files\HTC\HTC Driver\Driver Files\Win7_x86\HtcVComV32.sys 2015-01-29 17:43:14 339ADEFAD60353F960E3CA67CE468C24 23040 ----a-w- C:\Program Files\HTC\HTC Driver\Driver Files\Win7_x86\htcnprot.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2774006475-2745618473-1495315895-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "ecSetupX.exe"="E:\ecSetupX.exe E: 3" "Web Companion"="C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" "LManager"="C:\Program Files\Launch Manager\LManager.EXE" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" "ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" "PLFSetI"="C:\Windows\PLFSetI.exe" "VitaKeyPdtWzd"="C:\Program Files\Acer Bio Protection\PdtWzd.exe" "NeroCheck"="C:\Windows\system32\NeroCheck.exe" "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" "AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" "beid"="C:\Program Files\Belgium Identity Card\beid35gui.exe /startup" "ROUTE66Sync"="C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe /TRAYONLY" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "HTC Sync Loader"="C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "ecSetupX.exe"="E:\ecSetupX.exe E: 3" "Web Companion"="C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize" ==== Startup Folders ====================== 2013-09-21 07:05:39 1118 ----a-w- C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk 2013-09-21 07:06:41 1274 ----a-w- C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk 2013-05-10 06:32:18 1105 ----a-w- C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk 2012-11-03 19:54:31 1274 ----a-w- C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25/01/2015 18:48] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [20/12/2014 07:22] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [20/12/2014 07:22] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Launch HTC Sync Loader" [C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\{00E7A93D-6B2F-4512-A114-C826A9818220}" [C:\Program Files\Skype\Phone\Skype.exe] "C:\Windows\system32\tasks\{5B7CD2D7-8410-4E34-B763-CA99E9F49709}" [C:\Program Files\Skype\Phone\Skype.exe] "C:\Windows\system32\tasks\{9480DC58-7F82-4234-AA58-7DCA75943ADC}" [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe] "C:\Windows\system32\tasks\{FB61D383-FDB4-4020-B889-7BC02D0B800C}" [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\NCH Software\WavePadSevenDays" [C:\Program Files\NCH Software\WavePad\WavePad.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\rgggdyce.default user_pref("browser.startup.homepage", "https://be.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10028_BE_150204__yaie"); user_pref("browser.newtab.url", "https://be.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10028_BE_150204__yaie"); user_pref("browser.search.defaultenginename", "Yahoo"); user_pref("browser.search.selectedEngine", "Yahoo"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\0 - Positive Finds - %ProfilePath%\extensions\{27b7c23c-50cd-4b3c-a6c1-8e45175b2442}.xpi ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\rgggdyce.default - Positive Finds - %ProfilePath%\extensions\{27b7c23c-50cd-4b3c-a6c1-8e45175b2442}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Belgium eID - %AppDir%\extensions\belgiumeid.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\rgggdyce.default 0FC325593893749364EC4A733E7D9100 - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash 0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat CAF78E18A9E1380A0A38065B3B1210E0 - C:\Users\Erik\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin 893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa 9D4A0B314CB9CF134CA27E1E0217E51E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector ECD2A181CCFD1DD27596570EBA28F3EA - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 9F8210675BD2ACC283959BB33F0307DF - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director FF030B5F429A1A8C18821E4595599C1F - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.300.12 CCC24FAA47C47E66BE61BF22603C5E3A - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java(TM) Platform SE 6 U30 BA31D3FB803BBA92413D9D7D4E214D52 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9 C41576CBD076B6895C20B465CDC26958 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9 D8F8E45ACC404661CF0787F2A0888180 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9 7B55FEF2BA47A2420BB49CD93320077A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9 D9F5A433758BC151850E53690D57663A - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9 2FE95733EB36CD762EAE54BBE9D8B11C - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9 8FD41344CB62DDB06E2A339F2C5F1947 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9 CF46E0E1398B382CE0CE738C67A38DD1 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin 8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.94 (Up to date, latest Stable version: 40.0.2214.94) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17/01/2012 11:45] YouTube - Brecht Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Brecht Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Skype Click to Call - Brecht Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - Brecht Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Brecht Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Slides - Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Skype Click to Call - Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Jens Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Jens Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Jens Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Jens Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Skype Click to Call - Jens Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - Jens Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Jens Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage deleted successfully C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://be.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10028_BE_150204__yaie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7PRFA_nl" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Jens Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Jens Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2774006475-2745618473-1495315895-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Brecht Vanhoof\Desktop\CDex.lnk - C:\Program Files\CDex_150\CDex.exe C:\Users\Brecht Vanhoof\Desktop\DVD Decrypter.lnk - C:\Program Files\DVD Decrypter\DVDDecrypter.exe C:\Users\Brecht Vanhoof\Desktop\DVD Shrink 3.2.lnk - C:\Program Files\dvd shrink\DVD Shrink 3.2.exe C:\Users\Brecht Vanhoof\Desktop\HijackThis.lnk - C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Users\Brecht Vanhoof\Desktop\LimeWire 5.4.6.lnk - C:\Program Files\LimeWire\LimeWire.exe C:\Users\Brecht Vanhoof\Desktop\Microsoft Access 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe C:\Users\Brecht Vanhoof\Desktop\Microsoft Excel.lnk - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Users\Brecht Vanhoof\Desktop\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe /design C:\Users\Brecht Vanhoof\Desktop\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\Users\Brecht Vanhoof\Desktop\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\Users\Brecht Vanhoof\Desktop\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe C:\Users\Brecht Vanhoof\Desktop\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe C:\Users\Brecht Vanhoof\Desktop\Microsoft Word 2010.lnk - C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Users\Brecht Vanhoof\Desktop\Notepad.lnk - C:\Windows\system32\notepad.exe C:\Users\Brecht Vanhoof\Desktop\outlook - Snelkoppeling.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Users\Brecht Vanhoof\Desktop\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\Erik\Desktop\Acer Crystal Eye Webcam.lnk - C:\Windows\Acer Crystal Eye Webcam.exe C:\Users\Erik\Desktop\Adobe Photoshop CS.lnk - C:\Program Files\Adobe\Adobe Photoshop CS\Photoshop.exe C:\Users\Erik\Desktop\Adobe Reader 9.lnk - C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\SC_Reader.ico C:\Users\Erik\Desktop\CDex.lnk - C:\Program Files\CDex_150\CDex.exe C:\Users\Erik\Desktop\Computer.lnk - C:\Users\Erik\Desktop\DATA D.lnk - D:\ C:\Users\Erik\Desktop\DVD Decrypter.lnk - C:\Program Files\DVD Decrypter\DVDDecrypter.exe C:\Users\Erik\Desktop\DVD Shrink 3.2.lnk - C:\Program Files\dvd shrink\DVD Shrink 3.2.exe C:\Users\Erik\Desktop\DVDVideoSoft Free Studio.lnk - C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe C:\Users\Erik\Desktop\Evernote.lnk - C:\Program Files\Evernote\Evernote\Evernote.exe C:\Users\Erik\Desktop\Free YouTube Download.lnk - C:\Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe C:\Users\Erik\Desktop\hp officejet 5500 series (ACER-PC) - Snelkoppeling.lnk - \\ACER-PC\hp officejet 5500 series C:\Users\Erik\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Erik\Desktop\Lerarenopleiding.lnk - Z:\Mijn Documenten\Lerarenopleiding C:\Users\Erik\Desktop\Mazoutverbruik.lnk - \\NETWERKSCHIJF\MyShare\Mijn Documenten\Excel\Mazout opvolging levering en prijs.xls C:\Users\Erik\Desktop\meterstanden electriciteit en water.lnk - Z:\Mijn Documenten\Excel\meterstanden electriciteit en water.xls C:\Users\Erik\Desktop\Microsoft Picture It Photo Standard 9.lnk - C:\Users\Erik\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Erik\Desktop\NTI Media Maker 8.lnk - C:\Program Files\NewTech Infosystems\NTI Media Maker 8\DiscLaunchPad.exe C:\Users\Erik\Desktop\OpenOffice3.1 Installeren.lnk - C:\OpenOffice.org 3.1 (nl) Installation Files\setup.exe C:\Users\Jens Vanhoof\Desktop\HijackThis.lnk - C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Users\Jens Vanhoof\Desktop\WINWORD - Snelkoppeling.lnk - C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Users\Patricia Corstjens\Desktop\CDex.lnk - C:\Program Files\CDex_150\CDex.exe C:\Users\Patricia Corstjens\Desktop\Documenten.lnk - C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms C:\Users\Patricia Corstjens\Desktop\DVD Decrypter.lnk - C:\Program Files\DVD Decrypter\DVDDecrypter.exe C:\Users\Patricia Corstjens\Desktop\DVD Shrink 3.2.lnk - C:\Program Files\dvd shrink\DVD Shrink 3.2.exe C:\Users\Patricia Corstjens\Desktop\HijackThis.lnk - C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Users\Patricia Corstjens\Desktop\LimeWire 5.4.6.lnk - C:\Program Files\LimeWire\LimeWire.exe C:\Users\Patricia Corstjens\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Patricia Corstjens\Desktop\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe C:\Users\Patricia Corstjens\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Patricia Corstjens\Desktop\Mijn afbeeldingen.lnk - C:\Users\Erik\Pictures ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\4Media MP4 to MP3 Converter 6.lnk - C:\Program Files\4Media\MP4 to MP3 Converter 6\vcloader.exe C:\Users\Public\Desktop\Acrobat Reader 5.0.lnk - C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\AVG 2013.lnk - C:\Program Files\AVG\AVG2013\avgui.exe C:\Users\Public\Desktop\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe C:\Users\Public\Desktop\Bhaalu.lnk - C:\Program Files\Right Brain Interface\Bhaalu\Bhaalu.exe --disable-plugins-discovery C:\Users\Public\Desktop\BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Users\Public\Desktop\eID-Viewer.lnk - C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Users\Public\Desktop\Foto's op TV 3 op cd-dvd.lnk - C:\Program Files\Easy Computing\Foto's op TV 3 op cd-dvd\PhotoTV2.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\HTC Sync Manager.lnk - C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\Users\Public\Desktop\LaCie Network Assistant.lnk - C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe C:\Users\Public\Desktop\MAGIX Foto's op CD & DVD 9 deluxe.lnk - C:\Program Files\MAGIX\Fotos_op_CD_DVD_9_deluxe\Fotos_dlx.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Mufin MusicFinder Base.lnk - C:\Program Files\MAGIX\Mufin MusicFinder\Sonos.exe C:\Users\Public\Desktop\NCH Suite.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -suite C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe C:\Users\Public\Desktop\PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files\QuickTime\QuickTimePlayer.exe C:\Users\Public\Desktop\ROUTE 66 Sync.lnk - C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\WavePad Sound Editor.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe C:\Users\Public\Desktop\WinZip.lnk - C:\Program Files\WinZip\WINZIP32.EXE C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk - C:\Program Files\Xirrus\Xirrus Wi-Fi Inspector\Xirrus Wi-Fi Inspector.exe C:\Users\Public\Desktop\µTorrent.lnk - ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\CD Audio Burn Recorder.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind ExpressBurn C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\CD Audio Rip Extractor.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Rip C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Crescendo Music Notation.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Crescendo C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Dictation Recorder.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Express C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\DJ Mixing Software.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Zulu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Multitrack Mixer.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind MixPad C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Record to CD or Mp3 Wizard.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Golden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Sound File Converter.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Switch C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Sound File Editor.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Sound File Recorder.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind RecordPad C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Streaming Audio Recorder.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind SoundTap C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Streaming Audio Server.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind BroadWave C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Text-to-Speech Reader.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Verbose C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Voice Changing Software.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Voxal C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Driver\Uninstall HTC Driver.lnk - C:\Windows\System32\msiexec.exe /x {4CEEE5D0-F905-4688-B9F9-ECC710507796} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Sync Manager\HTC Sync Manager.lnk - C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Sync Manager\Uninstall HTC Sync Manager.lnk - C:\Windows\System32\msiexec.exe /x {231D0C79-98A6-4693-A366-36DE7D7346EC} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync\HTC Sync verwijderen.lnk - C:\Windows\System32\msiexec.exe /i {CBDAE89D-8ABD-4DC5-9309-C2C58696B371} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync\HTC Sync.lnk - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk - C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind ExpressAccounts C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Classic FTP Software.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind ClassicFTP C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Doxillion Document Converter.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Doxillion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Burn CD, DVD or Blu-Ray.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind ExpressBurn C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Dictate Recorder.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Express C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Rip CD Ripper.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Rip C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Express Zip File Compression.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind ExpressZip C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Graphics File Converter.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Pixillion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind ExpressInvoice C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind MixPad C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Prism C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\RecordPad Sound Recorder.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind RecordPad C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\SoundTap Streaming Recorder.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind SoundTap C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Switch C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind Debut C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe -extfind VideoPad C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk - C:\Program Files\NCH Software\WavePad\wavepad.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Doneer aan PDFCreator.lnk - C:\Program Files\PDFCreator\Doneer aan PDFCreator.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator Hulp.lnk - C:\Program Files\PDFCreator\PDFCreator_english.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator op het Web.lnk - C:\Program Files\PDFCreator\PDFCreator.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk - C:\Windows\System32\cmd.exe /k "C:\Program Files\PDFCreator\Images2PDF\Images2PDFC.exe" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF.lnk - C:\Program Files\PDFCreator\Images2PDF\Images2PDF.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk - C:\Program Files\PDFCreator\AFPL License.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\FairPlay License.lnk - C:\Program Files\PDFCreator\FairPlay License.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\GPL License.lnk - C:\Program Files\PDFCreator\GNU License.txt ==== shortcuts in Quick Launch ====================== C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk - C:\Program Files\DVD Decrypter\DVDDecrypter.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE /recycle C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel.lnk - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Access 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel.lnk - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe /design C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WINWORD - Snelkoppeling.lnk - C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Users\Brecht Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Wordpad.lnk - C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\4Media MP4 to MP3 Converter 6.lnk - C:\Program Files\4Media\MP4 to MP3 Converter 6\vcloader.exe C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk - C:\Program Files\DVD Decrypter\DVDDecrypter.exe C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk - C:\Program Files\Xirrus\Xirrus Wi-Fi Inspector\Xirrus Wi-Fi Inspector.exe C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Erik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE /recycle C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Jens Vanhoof\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WINWORD - Snelkoppeling.lnk - C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Users\Patricia Corstjens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk - C:\Program Files\DVD Decrypter\DVDDecrypter.exe C:\Users\Patricia Corstjens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Patricia Corstjens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE /recycle C:\Users\Patricia Corstjens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle C:\Users\Patricia Corstjens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe C:\Users\Patricia Corstjens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Patricia Corstjens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Patricia Corstjens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\LaCie Network Assistant.lnk - C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe C:\Users\Patricia Corstjens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Patricia Corstjens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Patricia Corstjens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TVWiz deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS] ecSetupX.exe = E:\ecSetupX.exe E: 3 [file not found] Web Companion = C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize [Lavasoft] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [Intel Corporation] LManager = C:\Program Files\Launch Manager\LManager.EXE [Dritek System Inc.] RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [Realtek Semiconductor] SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ePower_DMC = C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [Acer Inc.] PLFSetI = C:\Windows\PLFSetI.exe [empty string] VitaKeyPdtWzd = "C:\Program Files\Acer Bio Protection\PdtWzd.exe" [file not found] NeroCheck = C:\Windows\system32\NeroCheck.exe [Ahead Software Gmbh] Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [Microsoft© Corporation] AdobeVersionCue = C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [Adobe Sytems] beid = "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup [Belgian Government] ROUTE66Sync = C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground [null data] QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Apple Inc.] IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation] HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation] Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation] BCSSync = "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS] APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] AVG_UI = "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.] iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.] HTC Sync Loader = "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [null data] SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = Adobe PDF Reader Help bij koppelingen \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated] {30c85a3d-1d96-4589-b63f-91fb7ef45a41}\(Default) = Positive Finds -> {HKLM...CLSID} = Positive Finds \InProcServer32\(Default) = C:\Program Files\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll [empty string] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [Oracle Corporation] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {92EF2EAD-A7CE-4424-B0DB-499CF856608E}\(Default) = (no title provided) -> {HKLM...CLSID} = Evernote extension \InProcServer32\(Default) = C:\Program Files\Evernote\Evernote\EvernoteIE.dll [Evernote Corp., 305 Walnut Street, Redwood City, CA 94063] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated] {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} = EPM-PO Shell Extension -> {HKLM...CLSID} = EPM-PO Shell Extensions \InProcServer32\(Default) = epm-po.dll [file not found] {8F9D8FBE-C5C1-4B65-986E-51235C9283E8} = FPLaunchCache -> {HKLM...CLSID} = FPLaunchCache \InProcServer32\(Default) = C:\Program Files\Acer Bio Protection\FPLaunchCache.dll [file not found] {E0D79304-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] {E0D79305-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] {E0D79306-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] {E0D79307-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...CLSID} = Werkruimten \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM...CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2014\avgse.dll [AVG Technologies CZ, s.r.o.] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM...CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] {5F327514-6C5E-4d60-8F16-D07FA08A78ED} = Auto Update Property Sheet Extension -> {HKLM...CLSID} = Auto Update Property Sheet Extension \InProcServer32\(Default) = C:\Windows\system32\wuaucpl.cpl [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <> (C:\Program Files\Acer Bio Protection\PwdFilter [file not found]) Notification Packages = C:\Program Files\Acer Bio Protection\PwdFilter HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {5ECD2B32-EE53-4D02-8C18-089742CE5065}\(Default) = CompPtc -> {HKLM...CLSID} = CompPtc \InProcServer32\(Default) = C:\Program Files\Acer Bio Protection\CompPtcV32.dll [file not found] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS] <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Windows Live\Messenger\msgrapp.dll [MS] <> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM...CLSID} = Skype IE add-on Pluggable Protocol \InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] <> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -> {HKLM...CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler \InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS] <> wlpg\CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -> {HKLM...CLSID} = Album Download IE Asynchronous Pluggable Protocol Interface \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2014\avgse.dll [AVG Technologies CZ, s.r.o.] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {8F9D8FBE-C5C1-4B65-986E-51235C9283E8}\(Default) = FPLaunchCache -> {HKLM...CLSID} = FPLaunchCache \InProcServer32\(Default) = C:\Program Files\Acer Bio Protection\FPLaunchCache.dll [file not found] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM...CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} -> {HKLM...CLSID} = AVG Shell Extension Class \InProcServer32\(Default) = C:\Program Files\AVG\AVG2014\avgse.dll [AVG Technologies CZ, s.r.o.] WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] {8F9D8FBE-C5C1-4B65-986E-51235C9283E8}\(Default) = FPLaunchCache -> {HKLM...CLSID} = FPLaunchCache \InProcServer32\(Default) = C:\Program Files\Acer Bio Protection\FPLaunchCache.dll [file not found] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ LogonHoursAction = (REG_DWORD) dword:0x00000002 {unrecognized setting} DontDisplayLogonHoursWarnings = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\system32\Bubbles.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ DVDDecrypterPlayDVDMovieOnArrival\ Provider = DVD Decrypter InvokeProgID = DVDDecrypter InvokeVerb = PlayDVDMovieOnArrival_Decrypt HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = "C:\Program Files\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1" [LIGHTNING UK!] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] MSLivePhotoAcqHWEventHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = Microsoft.LivePhotoAcqHWEventHandler HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveVideoCameraArrivalCaptureWizard\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = WLXAutoPlayMgr.WLXHWEventHandler InitCmdLine = WLXVideoAcquireWizard HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22} -> {HKLM...CLSID} = WLXWEventHandler Class \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS] MSPictureIt9ViewOnArrival\ Provider = Microsoft Digital Image import wizard InvokeProgID = Microsoft.Picture.It.9.AutoPlay InvokeVerb = AutoPlay HKLM\SOFTWARE\Classes\Microsoft.Picture.It.9.AutoPlay\shell\AutoPlay\Command\(Default) = C:\Program Files\Common Files\Microsoft Shared\Picture It!\imprtwiz.exe /invoke={D0551EC1-5A78-11cf-9DBE-00AA00A70BB5} [MS] MXCDRBurningCDArrival\ Provider = MAGIX Speed InvokeProgID = Magix.MXCDR InvokeVerb = Show HKLM\SOFTWARE\Classes\Magix.MXCDR\shell\Show\DropTarget\CLSID = {FF482932-87EF-409E-9C02-48E9FF861CBF} -> {HKLM...CLSID} = MXCDR AutoplayClass \LocalServer32\(Default) = C:\Program Files\MAGIX\Speed2_burnR_mxcdr_MSI\Speed.exe [MAGIX AG] MXMP3MakerBrowseOnArrival\ Provider = Mufin MusicFinder InvokeProgID = Magix.MP3Maker InvokeVerb = Brws HKLM\SOFTWARE\Classes\Magix.MP3Maker\shell\Brws\DropTarget\CLSID = {C783A282-958A-4684-9093-AB409B3834E0} -> {HKLM...CLSID} = MXMP3Maker Autoplay Class \LocalServer32\(Default) = C:\Program Files\MAGIX\Mufin MusicFinder\Sonos.exe [MAGIX] MXMP3MakerBurningCDArrival\ Provider = Mufin MusicFinder InvokeProgID = Magix.MP3Maker InvokeVerb = Burn HKLM\SOFTWARE\Classes\Magix.MP3Maker\shell\Burn\DropTarget\CLSID = {C783A282-958A-4684-9093-AB409B3834E0} -> {HKLM...CLSID} = MXMP3Maker Autoplay Class \LocalServer32\(Default) = C:\Program Files\MAGIX\Mufin MusicFinder\Sonos.exe [MAGIX] MXMP3MakerPlayAudioOnArrival\ Provider = Mufin MusicFinder InvokeProgID = Magix.MP3Maker InvokeVerb = PlayA HKLM\SOFTWARE\Classes\Magix.MP3Maker\shell\PlayA\DropTarget\CLSID = {C783A282-958A-4684-9093-AB409B3834E0} -> {HKLM...CLSID} = MXMP3Maker Autoplay Class \LocalServer32\(Default) = C:\Program Files\MAGIX\Mufin MusicFinder\Sonos.exe [MAGIX] MXMP3MakerPlayCDOnArrival\ Provider = Mufin MusicFinder InvokeProgID = Magix.MP3Maker InvokeVerb = PlayCD HKLM\SOFTWARE\Classes\Magix.MP3Maker\shell\PlayCD\DropTarget\CLSID = {C783A282-958A-4684-9093-AB409B3834E0} -> {HKLM...CLSID} = MXMP3Maker Autoplay Class \LocalServer32\(Default) = C:\Program Files\MAGIX\Mufin MusicFinder\Sonos.exe [MAGIX] MXMP3MakerPlayVideoOnArrival\ Provider = Mufin MusicFinder InvokeProgID = Magix.MP3Maker InvokeVerb = PlayV HKLM\SOFTWARE\Classes\Magix.MP3Maker\shell\PlayV\DropTarget\CLSID = {C783A282-958A-4684-9093-AB409B3834E0} -> {HKLM...CLSID} = MXMP3Maker Autoplay Class \LocalServer32\(Default) = C:\Program Files\MAGIX\Mufin MusicFinder\Sonos.exe [MAGIX] MXMP3MakerShowPicturesOnArrival\ Provider = Mufin MusicFinder InvokeProgID = Magix.MP3Maker InvokeVerb = ShwPic HKLM\SOFTWARE\Classes\Magix.MP3Maker\shell\ShwPic\DropTarget\CLSID = {C783A282-958A-4684-9093-AB409B3834E0} -> {HKLM...CLSID} = MXMP3Maker Autoplay Class \LocalServer32\(Default) = C:\Program Files\MAGIX\Mufin MusicFinder\Sonos.exe [MAGIX] NeroAutoPlay9LaunchNeroStartSmart\ Provider = Nero StartSmart InvokeProgID = Nero.AutoPlay8 InvokeVerb = LaunchNeroStartSmart_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe /AutoPlay [Nero AG] NTIBurner\ Provider = NTI Media Maker InvokeProgID = NTIBurnerOpen InvokeVerb = open HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = "C:\Program Files\NewTech Infosystems\NTI Media Maker 8\DiscLaunchPad.exe" [NewTech Infosystems, Inc.] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe" "%1" [Google Inc.] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] WIA_{321D47FC-1224-4948-9DC8-7F98A6C8BDCB}\ Provider = Microsoft Office Publisher CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\OFFICE11\MSPUB.EXE /IMG_STI /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{51BD566E-A02D-4387-9A82-D929EA8C20B0}\ Provider = MAGIX Foto Manager 2008 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaClsid;{51BD566E-A02D-4387-9A82-D929EA8C20B0}; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{7A4BD4E2-4D48-465C-880E-CC1686541B37}\ Provider = Microsoft Digital Image import wizard CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Common Files\Microsoft Shared\Picture It!\imprtwiz.exe /invoke:{8BA700B3-F8E5-11CE-9A70-00AA00A21882}; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{A9A65AD1-9904-43E3-B3FE-F546A91938B6}\ Provider = WinZip CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\PROGRA~1\WINZIP\WINZIP32.EXE /wia; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{E18A3053-DDCF-438C-90AC-0D7129A22620}\ Provider = Microsoft Office Publisher CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\OFFICE11\MSPUB.EXE /IMG_WIA; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{EF8B4361-87A9-4C93-B6FA-B4415B75AA17}\ Provider = Microsoft Office Word CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /IMG_WIA; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "Erik" & "All Users" startup folders: ------------------------------------------------------ C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} EvernoteClipper -> shortcut to: C:\Program Files\Evernote\Evernote\EvernoteClipper.exe [Evernote Corp., 305 Walnut Street, Redwood City, CA 94063] OneNote 2010 Schermopname en Snel starten -> shortcut to: C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [MS] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Acrobat Update Task -> launches: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] Launch HTC Sync Loader -> launches: C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup [null data] SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe /addGadget [MS] {00E7A93D-6B2F-4512-A114-C826A9818220} -> launches: C:\Program Files\Skype\Phone\Skype.exe [Skype Technologies S.A.] {1962750F-D09E-4AA2-8EF0-E071F76E2BA6} -> launches: C:\Windows\system32\pcalua.exe -a E:\AUTORUN\AUTORUN.EXE -d E:\ [MS] {5B7CD2D7-8410-4E34-B763-CA99E9F49709} -> launches: C:\Program Files\Skype\Phone\Skype.exe [Skype Technologies S.A.] {8AFC1082-2D6A-476F-8DEC-F312925E1E15} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files\AVG\AVG2012\avgmfapx.exe" -c /AppMode=SETUP /Uninstall [MS] {9296F0A6-BF75-4098-A2E8-DD6281A0758C} -> launches: C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\ [MS] {9480DC58-7F82-4234-AA58-7DCA75943ADC} -> launches: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [file not found] {C21EF5E2-B634-4E31-B685-1BD2FE92200E} -> launches: C:\Windows\system32\pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" [MS] {CF9DD6D7-536A-4146-A155-2C6E48591954} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JTC42AET\cdex_151[1].exe" -d C:\Users\Erik\Desktop [MS] {DBA3CE88-B42D-4AC2-BF7E-875EC16C9C12} -> launches: C:\Windows\system32\pcalua.exe -a E:\Setup_.exe -d E:\ [MS] {FB61D383-FDB4-4020-B889-7BC02D0B800C} -> launches: C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [file not found] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Microsoft\Office Genuine Advantage OGALogon -> (HIDDEN!) launches: C:\Windows\system32\OGAExec.exe /batch [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS] LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Offline Files Background Synchronization -> launches: {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} -> {HKLM...CLSID} = Offline Files Background Synchronization Task Handler \InProcServer32\(Default) = C:\Windows\System32\cscui.dll [MS] Logon Synchronization -> launches: {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} -> {HKLM...CLSID} = Offline Files Background Synchronization Task Handler \InProcServer32\(Default) = C:\Windows\System32\cscui.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\NCH Software WavePadSevenDays -> launches: C:\Program Files\NCH Software\WavePad\WavePad.exe -sevendays [NCH Software] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-2774006475-2745618473-1495315895-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] SqmUpload_S-1-5-21-2774006475-2745618473-1495315895-1006 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] SqmUpload_S-1-5-21-2774006475-2745618473-1495315895-1007 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] SqmUpload_S-1-5-21-2774006475-2745618473-1495315895-1008 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000003\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000006\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000010\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Windows\system32\LavasoftTcpService.dll [Lavasoft Limited], 01 - 04, 46 %SystemRoot%\system32\mswsock.dll [MS], 05 - 45 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {10954C80-4F0F-11D3-B17C-00C0DFE39736}\ ButtonText = Quick-Launch Area MenuText = Quick-Launch Area Exec = C:\Program Files\Acer Bio Protection\PwdBank.exe [file not found] {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM...CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [MS] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] {A95FE080-8F5D-11D2-A20B-00AA003C157A}\ ButtonText = @C:\Program Files\Evernote\Evernote\Resource.dll,-101 MenuText = @C:\Program Files\Evernote\Evernote\Resource.dll,-101 Script = C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html [null data] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> searchprovider = res://C:\Program Files\blinkx Remote Toolbar\the_blinkx_shook.dll/search.htm [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] AuthenTec Fingerprint Service, ATService, C:\Program Files\Fingerprint Sensor\AtService.exe [AuthenTec, Inc.] AVGIDSAgent, AVGIDSAgent, "C:\Program Files\AVG\AVG2014\avgidsagent.exe" [AVG Technologies CZ, s.r.o.] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] EgisTec Service, IGBASVC, C:\Program Files\Acer Bio Protection\BASVC.exe [file not found] Empowering Technology Service, ETService, C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [null data] FABS - Helping agent for MAGIX media database, Fabs, C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [MAGIX© AG] FsUsbExService, FsUsbExService, C:\Windows\system32\FsUsbExService.Exe [Teruten] GRegService, Greg_Service, C:\Program Files\Acer\Registration\GregHSRW.exe [Acer Incorporated] HTCMonitorService, HTCMonitorService, "C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe" [Nero AG] IE Search Set, SearchProtectionService, "C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe" [null data] Intel(R) Matrix Storage Event Monitor, IAANTMON, C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [Intel Corporation] Internet Pass-Through Service, PassThru Service, C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [null data] iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] IviRegMgr, IviRegMgr, "C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [InterVideo] LavasoftTcpService, LavasoftTcpService, C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [Lavasoft Limited] Office Software Protection Platform, osppsvc, "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [MS] Protexis Licensing V2, PSI_SVC_2, "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [Protexis Inc.] Service Mgr PositiveFinds, Service Mgr PositiveFinds, "C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe" [null data] Update Mgr PositiveFinds, Update Mgr PositiveFinds, "C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe" [null data] Updater Service, Updater Service, C:\Program Files\Acer\Acer Updater\UpdaterService.exe [Acer] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> hitmanpro37, <> hitmanpro37.sys, <> HitmanPro37Crusader, <> HitmanPro37CrusaderBoot, <> mcmscsvc, Service <> MCODS, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> hitmanpro37, <> hitmanpro37.sys, <> HitmanPro37Crusader, <> HitmanPro37CrusaderBoot, <> mcmscsvc, Service <> MCODS, Service <> MpfService, Service <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = C:\Windows\system32\AdobePDF.dll [file not found] pdfcmon\Driver = pdfcmon.dll [pdfforge GmbH] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Users\Brecht Vanhoof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brecht Vanhoof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Brecht Vanhoof\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Erik\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Erik\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Erik\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Erik\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jens Vanhoof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jens Vanhoof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Jens Vanhoof\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jens Vanhoof\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patricia Corstjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patricia Corstjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Patricia Corstjens\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patricia Corstjens\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FUBA1M5Z will be deleted at reboot C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Brecht Vanhoof\AppData\Local\Mozilla\Firefox\Profiles\0cga71le.default\cache2 emptied successfully C:\Users\Erik\AppData\Local\Mozilla\Firefox\Profiles\rgggdyce.default\cache2 emptied successfully C:\Users\Jens Vanhoof\AppData\Local\Mozilla\Firefox\Profiles\jewkscw6.default\cache2 emptied successfully C:\Users\Patricia Corstjens\AppData\Local\Mozilla\Firefox\Profiles\a0e77qf4.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Brecht Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Jens Vanhoof\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Patricia Corstjens\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=12103 folders=1035 3715204138 bytes) ==== Empty Temp Folders ====================== C:\Users\Brecht Vanhoof\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Erik\AppData\Local\Temp will be emptied at reboot C:\Users\Jens Vanhoof\AppData\Local\Temp emptied successfully C:\Users\Patricia Corstjens\AppData\Local\Temp emptied successfully C:\Users\TEMP\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Deleting Files / Folders ====================== "C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Program Files\Acer Bio Protection" not deleted "C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FUBA1M5Z" not deleted ==== EOF on do 05/02/2015 at 18:30:21,76 ======================