Zoek.exe v5.0.0.0 Updated 08-February-2015 Tool run by Dolly on ma 09-02-2015 at 17:27:09,73. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Dolly\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\WINDOWS\system32\wininit.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\igfxCUIService.exe C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\WINDOWS\system32\dashost.exe C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\WINDOWS\System32\WinLogon.exe C:\WINDOWS\System32\dwm.exe C:\WINDOWS\system32\taskhostex.exe C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe C:\WINDOWS\Explorer.EXE C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe C:\WINDOWS\system32\igfxEM.exe C:\WINDOWS\system32\igfxHK.exe C:\Windows\System32\skydrive.exe C:\WINDOWS\system32\igfxTray.exe C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe C:\Windows\System32\RuntimeBroker.exe C:\Windows\System32\SettingSyncHost.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe C:\Users\Dolly\Downloads\zoek.exe C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ==== System Restore Info ====================== 9-2-2015 17:34:12 Zoek.exe System Restore Point Created Succesfully. ==== Windows Installer Info ====================== Adobe Reader XI (11.0.10) - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73401B744BA0000000010]C:\WINDOWS\Installer\47b8ea.msi Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0]C:\WINDOWS\Installer\3cf2b63.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\WINDOWS\Installer\3fd5c0.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC]C:\WINDOWS\Installer\14d73b9.msi Microsoft-invoegtoepassing Opslaan als PDF voor 2007 Microsoft Office-programma's [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021090B0031400000000000F01FEC]C:\WINDOWS\Installer\1526fb9.msi Microsoft PowerPoint Viewer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004159FA0031400000000000F01FEC]C:\WINDOWS\Installer\63666.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\WINDOWS\Installer\1b78b50.msi Photo Notifier and Animation Creator [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\899358D8550154E49BE95F30C9058213]C:\WINDOWS\Installer\3142719.msi Skype Click to Call [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9A1221D6FB710CE4182F723DE03C7010]C:\WINDOWS\Installer\e227.msi SkypeT 7.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0AB19942EE0FDA44C98CE55CA0CE6F7B]C:\WINDOWS\Installer\8b18c95.msi ==== Empty Folders Check ====================== C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully ==== Checking Systemdrive for Symlinks ====================== Volume in drive C is Boot Volume Serial Number is 6E48-96EB Directory of C:\ 22-08-2013 15:45 Documents and Settings [C:\Users] 0 File(s) 0 bytes Directory of C:\Program Files\Windows NT 03-01-2015 19:09 Bureau-accessoires [C:\Program Files\Windows NT\Accessories] 0 File(s) 0 bytes Directory of C:\ProgramData 22-08-2013 15:45 Application Data [C:\ProgramData] 05-04-2014 10:52 Bureaublad [C:\Users\Public\Desktop] 22-08-2013 15:45 Desktop [C:\Users\Public\Desktop] 05-04-2014 10:52 Documenten [C:\Users\Public\Documents] 22-08-2013 15:45 Documents [C:\Users\Public\Documents] 05-04-2014 10:52 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 05-04-2014 10:52 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 22-08-2013 15:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 22-08-2013 15:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\ProgramData\Microsoft\Windows\Start Menu 05-04-2014 10:52 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 File(s) 0 bytes Directory of C:\Users 22-08-2013 15:45 All Users [C:\ProgramData] 22-08-2013 15:45 Default User [C:\Users\Default] 0 File(s) 0 bytes Directory of C:\Users\All Users 22-08-2013 15:45 Application Data [C:\ProgramData] 05-04-2014 10:52 Bureaublad [C:\Users\Public\Desktop] 22-08-2013 15:45 Desktop [C:\Users\Public\Desktop] 05-04-2014 10:52 Documenten [C:\Users\Public\Documents] 22-08-2013 15:45 Documents [C:\Users\Public\Documents] 05-04-2014 10:52 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 05-04-2014 10:52 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 22-08-2013 15:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 22-08-2013 15:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\All Users\Microsoft\Windows\Start Menu 05-04-2014 10:52 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 File(s) 0 bytes Directory of C:\Users\Default 22-08-2013 15:45 Application Data [C:\Users\Default\AppData\Roaming] 22-08-2013 15:45 Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies] 22-08-2013 15:45 Local Settings [C:\Users\Default\AppData\Local] 03-01-2015 19:09 Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 03-01-2015 19:09 Mijn documenten [C:\Users\Default\Documents] 22-08-2013 15:45 My Documents [C:\Users\Default\Documents] 22-08-2013 15:45 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 03-01-2015 19:09 Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 22-08-2013 15:45 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 22-08-2013 15:45 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 22-08-2013 15:45 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 03-01-2015 19:09 Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 22-08-2013 15:45 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 22-08-2013 15:45 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local 22-08-2013 15:45 Application Data [C:\Users\Default\AppData\Local] 03-01-2015 19:09 Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 22-08-2013 15:45 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 22-08-2013 15:45 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local\Microsoft\Windows 22-08-2013 15:45 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 03-01-2015 19:09 Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 File(s) 0 bytes Directory of C:\Users\Default\Documents 03-01-2015 19:09 Mijn afbeeldingen [C:\Users\Default\Pictures] 03-01-2015 19:09 Mijn muziek [C:\Users\Default\Music] 03-01-2015 19:09 Mijn video's [C:\Users\Default\Videos] 22-08-2013 15:45 My Music [C:\Users\Default\Music] 22-08-2013 15:45 My Pictures [C:\Users\Default\Pictures] 22-08-2013 15:45 My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\Default.migrated 05-04-2014 10:52 Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 05-04-2014 10:52 Mijn documenten [C:\Users\Default\Documents] 05-04-2014 10:52 Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 05-04-2014 10:52 Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Default.migrated\AppData\Local 05-04-2014 10:52 Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 0 File(s) 0 bytes Directory of C:\Users\Default.migrated\AppData\Local\Microsoft\Windows 22-08-2013 15:45 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu 05-04-2014 10:52 Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 File(s) 0 bytes Directory of C:\Users\Default.migrated\Documents 05-04-2014 10:52 Mijn afbeeldingen [C:\Users\Default\Pictures] 05-04-2014 10:52 Mijn muziek [C:\Users\Default\Music] 05-04-2014 10:52 Mijn video's [C:\Users\Default\Videos] 22-08-2013 15:45 My Music [C:\Users\Default\Music] 22-08-2013 15:45 My Pictures [C:\Users\Default\Pictures] 22-08-2013 15:45 My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\Dolly 03-01-2015 18:52 Application Data [C:\Users\Dolly\AppData\Roaming] 03-01-2015 18:52 Cookies [C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCookies] 03-01-2015 18:52 Local Settings [C:\Users\Dolly\AppData\Local] 03-01-2015 18:52 Menu Start [C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Start Menu] 03-01-2015 18:52 Mijn documenten [C:\Users\Dolly\Documents] 03-01-2015 18:52 NetHood [C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 03-01-2015 18:52 Netwerkprinteromgeving [C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 03-01-2015 18:52 Recent [C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Recent] 03-01-2015 18:52 SendTo [C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\SendTo] 03-01-2015 18:52 Sjablonen [C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Dolly\AppData\Local 03-01-2015 18:52 Application Data [C:\Users\Dolly\AppData\Local] 03-01-2015 18:52 Geschiedenis [C:\Users\Dolly\AppData\Local\Microsoft\Windows\History] 03-01-2015 18:52 Temporary Internet Files [C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Dolly\AppData\Local\Microsoft\Windows 03-01-2015 18:52 Temporary Internet Files [C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache 03-01-2015 19:13 Content.IE5 [C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache\IE\] 0 File(s) 0 bytes Directory of C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache\Low 03-01-2015 19:15 Content.IE5 [C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache\Low\IE\] 0 File(s) 0 bytes Directory of C:\Users\Dolly\AppData\LocalLow 11-12-2013 17:22 PlayReady [C:\ProgramData\Microsoft\PlayReady] 0 File(s) 0 bytes Directory of C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Start Menu 03-01-2015 18:52 Programma's [C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 File(s) 0 bytes Directory of C:\Users\Dolly\Documents 03-01-2015 18:52 Mijn afbeeldingen [C:\Users\Dolly\Pictures] 03-01-2015 18:52 Mijn muziek [C:\Users\Dolly\Music] 03-01-2015 18:52 Mijn video's [C:\Users\Dolly\Videos] 0 File(s) 0 bytes Directory of C:\Users\Dolly\SkyDrive 09-01-2012 22:07 (26.062) Presentatie1.pptx 1 File(s) 26.062 bytes Directory of C:\Users\Dolly\SkyDrive\Documenten 08-03-2013 21:56 (38.713) 1686_482822918431444_315454102_n.jpg 09-04-2013 20:09 (105.174) 3flowers_zps0a1e717c.jpg 13-06-2013 18:40 (168.661) 655.jpg 06-09-2012 11:24 (134.323) 7-x.jpg 15-12-2012 18:19 (482.609) Merry-x-.exe 09-11-2013 18:31 (1.402.950) Saranne haar kinderfeestje in Drachten 9-11-2013 001.JPG 09-11-2013 18:33 (1.336.597) Saranne haar kinderfeestje in Drachten 9-11-2013 006.JPG 09-11-2013 18:35 (1.361.615) Saranne haar kinderfeestje in Drachten 9-11-2013 011.JPG 09-11-2013 18:36 (1.347.840) Saranne haar kinderfeestje in Drachten 9-11-2013 015.JPG 09-11-2013 18:39 (1.390.549) Saranne haar kinderfeestje in Drachten 9-11-2013 020.JPG 09-11-2013 18:40 (1.186.920) Saranne haar kinderfeestje in Drachten 9-11-2013 022.JPG 09-11-2013 18:42 (1.369.295) Saranne haar kinderfeestje in Drachten 9-11-2013 024.JPG 09-11-2013 18:51 (1.341.105) Saranne haar kinderfeestje in Drachten 9-11-2013 027.JPG 09-11-2013 18:53 (1.310.434) Saranne haar kinderfeestje in Drachten 9-11-2013 033.JPG 09-11-2013 19:59 (1.336.153) Saranne haar kinderfeestje in Drachten 9-11-2013 035.JPG 09-11-2013 20:04 (1.313.010) Saranne haar kinderfeestje in Drachten 9-11-2013 037.JPG 09-11-2013 20:07 (1.134.173) Saranne haar kinderfeestje in Drachten 9-11-2013 038.JPG 09-11-2013 20:12 (1.361.007) Saranne haar kinderfeestje in Drachten 9-11-2013 046.JPG 09-11-2013 20:24 (1.204.933) Saranne haar kinderfeestje in Drachten 9-11-2013 049.JPG 09-11-2013 20:25 (1.432.251) Saranne haar kinderfeestje in Drachten 9-11-2013 050.JPG 09-11-2013 21:15 (1.302.089) Saranne haar kinderfeestje in Drachten 9-11-2013 066.JPG 09-11-2013 21:40 (1.403.689) Saranne haar kinderfeestje in Drachten 9-11-2013 070.JPG 22 File(s) 23.464.090 bytes Directory of C:\Users\Dolly\SkyDrive\Snel foto's 07-04-2012 14:35 (62.828) 002.gif 21-11-2011 12:30 (848.576) 006.jpg 31-10-2011 08:29 (22.522) 1021-008-08-1042.gif 11-09-2011 09:58 (14.610) 1260182421_4_6bkR.jpeg 07-02-2012 19:24 (4.538) 1363217968_14_lILo.jpeg 10-09-2011 08:02 (151.182) 269-weekend024.gif 27-05-2011 08:08 (86.538) 601289lww0kx3cpw.gif 31-12-2012 14:29 (118.727) 614956802.jpg 18-12-2011 21:12 (103.018) Etentje ter ere van ons 40 jarig Huwelijk 005 1.jpg 23-09-2011 06:37 (120.908) fl814e6q52h.gif 23-12-2012 10:47 (95.795) Gezellige+winter (1).jpg 23-12-2012 16:48 (95.795) Gezellige+winter (2).jpg 22-12-2012 17:00 (95.795) Gezellige+winter.jpg 09-09-2011 08:51 (24.669) ik-denk-aan-je-krabbels13.gif 24-12-2012 17:22 (35.119) Mooie-kerst-achtergronden-leuke-hd-kerst-wallpapers-afbeeldingen-plaatjes-foto-24.jpg 31-03-2011 08:14 (23.598) samp25acf9b23767315a.jpg 05-11-2011 13:17 (241.934) TFR2919.tmp.jpg 08-05-2011 18:56 (213.248) TFR601D.tmp.jpg 15-04-2011 17:41 (341.774) TFRBABB.tmp.jpg 03-11-2011 16:11 (154.878) TFRC7F.tmp.jpg 09-11-2012 14:16 (326.408) TFREC28.tmp.jpg 11-04-2012 07:57 (7.888) thumbnailCA8FUEIB.jpg 21-05-2012 08:18 (8.384) thumbnailCA9Q7I64.jpg 21-05-2012 08:19 (19.278) thumbnailCACY6PH3.jpg 24-12-2012 09:07 (34.136) wide-xmas-005.jpg 25 File(s) 3.252.146 bytes Directory of C:\Users\Dolly\SkyDrive.old 31-01-2012 20:59 (10.930) images.jpg 09-01-2012 22:07 (26.062) Presentatie1.pptx 2 File(s) 36.992 bytes Directory of C:\Users\Dolly\SkyDrive.old\Afbeeldingen 05-08-2012 16:55 (25.340) 82570_t2.jpg 1 File(s) 25.340 bytes Directory of C:\Users\Dolly\SkyDrive.old\Afbeeldingen\foto's schaatsen 06-02-2012 19:11 (711.017) Allerlei 009.JPG 06-02-2012 19:11 (724.643) Allerlei 010.JPG 06-02-2012 19:11 (629.505) Allerlei 011.JPG 06-02-2012 19:12 (649.619) Allerlei 012.JPG 06-02-2012 19:12 (1.042.432) Allerlei 013.JPG 06-02-2012 19:12 (700.247) Allerlei 014.JPG 06-02-2012 19:12 (778.089) Allerlei 015.JPG 06-02-2012 19:12 (656.357) Allerlei 016.JPG 8 File(s) 5.891.909 bytes Directory of C:\Users\Dolly\SkyDrive.old\Afbeeldingen\Nieuwe map 06-08-2012 11:01 (62.366) Monza 001.jpg 1 File(s) 62.366 bytes Directory of C:\Users\Dolly\SkyDrive.old\Afbeeldingen\Nieuwe map (1) 10-12-2012 18:12 (23.152) makeimage8.jpg 1 File(s) 23.152 bytes Directory of C:\Users\Dolly\SkyDrive.old\Documenten 09-04-2013 20:09 (105.174) 3flowers_zps0a1e717c.jpg 13-06-2013 18:40 (168.661) 655.jpg 06-09-2012 11:24 (134.323) 7-x.jpg 15-12-2012 18:19 (482.609) Merry-x-.exe 09-11-2013 18:31 (1.402.950) Saranne haar kinderfeestje in Drachten 9-11-2013 001.JPG 09-11-2013 18:33 (1.336.597) Saranne haar kinderfeestje in Drachten 9-11-2013 006.JPG 09-11-2013 18:35 (1.361.615) Saranne haar kinderfeestje in Drachten 9-11-2013 011.JPG 09-11-2013 18:36 (1.347.840) Saranne haar kinderfeestje in Drachten 9-11-2013 015.JPG 09-11-2013 18:39 (1.390.549) Saranne haar kinderfeestje in Drachten 9-11-2013 020.JPG 09-11-2013 18:40 (1.186.920) Saranne haar kinderfeestje in Drachten 9-11-2013 022.JPG 09-11-2013 18:42 (1.369.295) Saranne haar kinderfeestje in Drachten 9-11-2013 024.JPG 09-11-2013 18:51 (1.341.105) Saranne haar kinderfeestje in Drachten 9-11-2013 027.JPG 09-11-2013 18:53 (1.310.434) Saranne haar kinderfeestje in Drachten 9-11-2013 033.JPG 09-11-2013 19:59 (1.336.153) Saranne haar kinderfeestje in Drachten 9-11-2013 035.JPG 09-11-2013 20:04 (1.313.010) Saranne haar kinderfeestje in Drachten 9-11-2013 037.JPG 09-11-2013 20:07 (1.134.173) Saranne haar kinderfeestje in Drachten 9-11-2013 038.JPG 09-11-2013 20:12 (1.361.007) Saranne haar kinderfeestje in Drachten 9-11-2013 046.JPG 09-11-2013 20:24 (1.204.933) Saranne haar kinderfeestje in Drachten 9-11-2013 049.JPG 09-11-2013 20:25 (1.432.251) Saranne haar kinderfeestje in Drachten 9-11-2013 050.JPG 09-11-2013 21:15 (1.302.089) Saranne haar kinderfeestje in Drachten 9-11-2013 066.JPG 09-11-2013 21:40 (1.403.689) Saranne haar kinderfeestje in Drachten 9-11-2013 070.JPG 21 File(s) 23.425.377 bytes Directory of C:\Users\Dolly\SkyDrive.old\Homepage-foto's 11-12-2008 22:31 (26.157) 2-1-09-2008_12-5jaar_018[1].jpg 1 File(s) 26.157 bytes Directory of C:\Users\Dolly\SkyDrive.old\Snel foto's 07-04-2012 14:35 (62.828) 002.gif 21-11-2011 12:30 (848.576) 006.jpg 31-10-2011 08:29 (22.522) 1021-008-08-1042.gif 11-09-2011 09:58 (14.610) 1260182421_4_6bkR.jpeg 07-02-2012 19:24 (4.538) 1363217968_14_lILo.jpeg 10-09-2011 08:02 (151.182) 269-weekend024.gif 27-05-2011 08:08 (86.538) 601289lww0kx3cpw.gif 31-12-2012 14:29 (118.727) 614956802.jpg 18-12-2011 21:12 (103.018) Etentje ter ere van ons 40 jarig Huwelijk 005 1.jpg 23-09-2011 06:37 (120.908) fl814e6q52h.gif 23-12-2012 10:47 (95.795) Gezellige+winter (1).jpg 23-12-2012 16:48 (95.795) Gezellige+winter (2).jpg 22-12-2012 17:00 (95.795) Gezellige+winter.jpg 09-09-2011 08:51 (24.669) ik-denk-aan-je-krabbels13.gif 24-12-2012 17:22 (35.119) Mooie-kerst-achtergronden-leuke-hd-kerst-wallpapers-afbeeldingen-plaatjes-foto-24.jpg 31-03-2011 08:14 (23.598) samp25acf9b23767315a.jpg 05-11-2011 13:17 (241.934) TFR2919.tmp.jpg 08-05-2011 18:56 (213.248) TFR601D.tmp.jpg 15-04-2011 17:41 (341.774) TFRBABB.tmp.jpg 03-11-2011 16:11 (154.878) TFRC7F.tmp.jpg 09-11-2012 14:16 (326.408) TFREC28.tmp.jpg 11-04-2012 07:57 (7.888) thumbnailCA8FUEIB.jpg 21-05-2012 08:18 (8.384) thumbnailCA9Q7I64.jpg 21-05-2012 08:19 (19.278) thumbnailCACY6PH3.jpg 24-12-2012 09:07 (34.136) wide-xmas-005.jpg 25 File(s) 3.252.146 bytes Directory of C:\Users\Public\Documents 05-04-2014 10:52 Mijn afbeeldingen [C:\Users\Public\Pictures] 05-04-2014 10:52 Mijn muziek [C:\Users\Public\Music] 05-04-2014 10:52 Mijn video's [C:\Users\Public\Videos] 22-08-2013 15:45 My Music [C:\Users\Public\Music] 22-08-2013 15:45 My Pictures [C:\Users\Public\Pictures] 22-08-2013 15:45 My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache 03-01-2015 19:22 Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\] 0 File(s) 0 bytes Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache 03-01-2015 19:22 Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\] 0 File(s) 0 bytes Total Files Listed: 108 File(s) 59.485.737 bytes 92 Dir(s) 879.157.514.240 bytes free ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Digital Editions 2.0 Adobe Reader XI (11.0.10) - Nederlands Advanced SystemCare 8 ArcSoft Collage Creator ArcSoft Funhouse ArcSoft Greeting Card Creator ArcSoft Panorama Maker 3 Download & Installeer Packages Driver Booster 2.1 Dropbox Google Chrome Google Toolbar for Internet Explorer Google Update Helper Google+ Auto Backup Intel(R) Processor Graphics IObit Malware Fighter 3 IObit Uninstaller Malwarebytes Anti-Malware versie 2.0.3.1025 McAfee Security Scan Plus Microsoft-invoegtoepassing Opslaan als PDF voor 2007 Microsoft Office-programma's Microsoft PowerPoint Viewer Microsoft Silverlight Photo Notifier and Animation Creator Picasa 3 Realtek High Definition Audio Driver Skype Click to Call SkypeT 7.0 Smart Defrag 3 Start Menu 8 Surfing Protection VLC media player 2.1.3 ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found C:\Users\Dolly\AppData\Roaming\0S1P1R2Y1C1P1Q0D1F2W1G1I1F1T1Q deleted C:\Users\Dolly\AppData\Roaming\WSE_Vosteran deleted C:\Users\Dolly\AppData\Roaming\AdvancedSystemProtector deleted C:\PROGRA~3\ProductData deleted C:\Users\Dolly\AppData\Local\nsa6A30.tmp deleted C:\Users\Dolly\AppData\Local\Vosteran deleted C:\Users\Dolly\AppData\Local\PriceFountain deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\WINDOWS\patsearch.bin deleted C:\Users\Dolly\Downloads\SoftonicDownloader_voor_microsoft-security-essentials (1).exe deleted C:\Users\Dolly\Downloads\SoftonicDownloader_voor_microsoft-security-essentials.exe deleted C:\Users\Dolly\AppData\LocalLow\ADSRemoval deleted C:\windows\SysNative\drivers\Msft_Kernel_webinstrT_01009.Wdf deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3978 MB CPU Info: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz CPU Speed: 2410,3 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | Intel(R) HD Graphics Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Bluetooth-apparaat (Personal Area Network) | Realtek PCIe GBE Family Controller | Intel(R) Centrino(R) Wireless-N 2230 CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW SN-208DB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 868,6GB | D: 60,0GB Hard Disks - Free: C: 818,7GB | D: 42,7GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | | MEDION - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Medion E6234 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: IObit Malware Fighter disabled (Outdated) Default Browser: Google Chrome 40.0.2214.111 Internet Explorer Version: 11.0.9600.17498 Google Chrome version: 40.0.2214.111 Adobe Reader version: 11.0.10.32 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2015-01-31 19:08:23 7826082B93262AB6460E77B91C61EA30 128512 ----a-w- C:\WINDOWS\splwow64.exe ====== C:\Users\Dolly\AppData\Local\Temp ==== 2015-02-07 16:53:22 7CBE02A02B5A7F377B2E19D42B57D6ED 43008 ----a-w- C:\Users\Dolly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7ccw8v.dll ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-02-06 08:28:54 B4521CBE1C39AFF38BD80871C8CC0568 106976 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-06 08:28:54 4DEE5627C7D4277A9A8489286DF38749 714720 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-31 19:11:09 3B26DCAB842C280FA7271FF2B58D3293 28352 ----a-w- C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-01-31 19:08:29 FE21D836EE5C90F2EFCBDE2F52E25482 19731824 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll 2015-01-31 19:08:28 1302567D8675E358C60C59601D0334BF 15158784 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-01-31 19:08:27 75914C685DE3539F3A621B27B9D9F919 1127976 ----a-w- C:\WINDOWS\SysWOW64\msctf.dll 2015-01-31 19:08:26 F96956BBED66937350B360497AAA4EE2 507392 ----a-w- C:\WINDOWS\SysWOW64\untfs.dll 2015-01-31 19:08:26 A9957240537BEE1988B03A6B1E135773 885760 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-01-31 19:08:26 94743D320BA649382829A5FE8C12DDF1 801584 ----a-w- C:\WINDOWS\SysWOW64\mfplat.dll 2015-01-31 19:08:26 6E9C931731AB16217D3A5472B9B442EB 94208 ----a-w- C:\WINDOWS\SysWOW64\QSVRMGMT.DLL 2015-01-31 19:08:26 54091BD386579A661A012D5E77120B2C 786120 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2015-01-31 19:08:26 001E1E3546EA80D1A97E7E2BF6F72969 555520 ----a-w- C:\WINDOWS\SysWOW64\WSDApi.dll 2015-01-31 19:08:25 9B443CC5819EE4A667CAACA10E8BC552 1499384 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll 2015-01-31 19:08:25 887DBBE8CF300A6AE9D0B5D8FF7C0915 143360 ----a-w- C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2015-01-31 19:08:24 B98F9F25D0CCA83E1CA79D1F8BAA1075 465408 ----a-w- C:\WINDOWS\SysWOW64\DevicePairing.dll 2015-01-31 19:08:24 A81265C9CF12A9CA3F436024C1793936 624640 ----a-w- C:\WINDOWS\SysWOW64\rasapi32.dll 2015-01-31 19:08:24 A2CCF16BF1C4F60914EA2DF0BF484A6E 561664 ----a-w- C:\WINDOWS\SysWOW64\nshwfp.dll 2015-01-31 19:08:24 85D880636B8246BD4EF4061F25D84C18 155648 ----a-w- C:\WINDOWS\SysWOW64\QSHVHOST.DLL 2015-01-31 19:08:24 7DCD4205BEDA8892BBA5755805E74047 723968 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll 2015-01-31 19:08:24 6F57859B54404D350E525413322F7AA2 169984 ----a-w- C:\WINDOWS\SysWOW64\WinSCard.dll 2015-01-31 19:08:23 A2530DC44EB8083A63EB83798E7BBB72 162304 ----a-w- C:\WINDOWS\SysWOW64\rascfg.dll 2015-01-31 19:08:23 92937F1A41E6EC1D89BC4D89AC99035B 1142272 ----a-w- C:\WINDOWS\SysWOW64\vssapi.dll 2015-01-31 19:08:23 8091A1E1F4205EED9C17D17DAB055C81 124928 ----a-w- C:\WINDOWS\SysWOW64\wuwebv.dll 2015-01-31 19:08:23 75692538076B0402E7236A314A027299 55296 ----a-w- C:\WINDOWS\SysWOW64\vsstrace.dll 2015-01-31 19:08:23 29A35A031EC84D7D9E393A59BEE37888 39424 ----a-w- C:\WINDOWS\SysWOW64\kmddsp.tsp 2015-01-31 19:08:23 210642D9D287AEDED8BB3123580177D4 22528 ----a-w- C:\WINDOWS\SysWOW64\rasser.dll 2015-01-31 19:08:23 205BDB00F4C032AF45A6BFD18EA7886C 498688 ----a-w- C:\WINDOWS\SysWOW64\dnsapi.dll 2015-01-31 19:08:23 1112C09E14A9824908818944BF026392 81920 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll 2015-01-31 19:08:23 05761DCCF02CEE514DC3B8E3A7F38DF5 272384 ----a-w- C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2015-01-31 19:08:23 017E4B714298435849AC02F32A1C6BDA 61440 ----a-w- C:\WINDOWS\SysWOW64\rasdiag.dll 2015-01-31 19:08:22 F7A9D2E57D357B36C11F1C8269F2B05F 25600 ----a-w- C:\WINDOWS\SysWOW64\setup16.exe 2015-01-31 19:08:22 ACC85159376F84F49F8FE6D860E39A4F 8704 ----a-w- C:\WINDOWS\SysWOW64\instnm.exe 2015-01-31 19:08:22 7CC0DD976389300196B2DB4E3F77662C 33280 ----a-w- C:\WINDOWS\SysWOW64\rasmxs.dll 2015-01-31 19:08:22 7AB08744F06F0BDC87DC124F4276A08E 15360 ----a-w- C:\WINDOWS\SysWOW64\eventcls.dll 2015-01-31 19:08:22 699B5B6ACA78B2380F33478EE8CE4287 29696 ----a-w- C:\WINDOWS\SysWOW64\wuapp.exe 2015-01-31 19:08:22 3C908C70D5876D6B55D742A665DC88C7 14336 ----a-w- C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-01-31 19:08:22 20FE9408E23EC6486CD995759B0BE02B 5632 ----a-w- C:\WINDOWS\SysWOW64\wow32.dll 2015-01-31 19:08:22 1D4E9DD1CF2B3A280FCF26693FBBD299 4096 ----a-w- C:\WINDOWS\SysWOW64\user.exe 2015-01-31 19:08:07 3F92DAAFBCF62CD5C71128B934AF3EAF 266752 ----a-w- C:\WINDOWS\SysWOW64\SkyDriveShell.dll 2015-01-31 19:07:19 C17F3F1EE09758CF9D234B22B80A1006 25600 ----a-w- C:\WINDOWS\SysWOW64\wups.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-01-31 19:11:12 9BC00C5608BF75BEAE893814A3AEC2AD 29888 ----a-w- C:\WINDOWS\Sysnative\aspnet_counters.dll 2015-01-31 19:08:32 ABDB7997BC550C3B9A5075F6799A86E3 22290560 ----a-w- C:\WINDOWS\Sysnative\shell32.dll 2015-01-31 19:08:31 2F92532B7C872394AA9DEB5CE43B3FDB 18823168 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll 2015-01-31 19:08:30 4AABC3D611EEB92FDEDD1C741D63C437 4837376 ----a-w- C:\WINDOWS\Sysnative\SyncEngine.dll 2015-01-31 19:08:28 29A707BE7BCD9A0233BB6435B8E45ACB 7473472 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2015-01-31 19:08:27 FCF3912833E1B7F4EE61F07E79A7BBAC 3558400 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll 2015-01-31 19:08:27 F3D051ABE7D5A29B16BC9F8A7A306341 1390928 ----a-w- C:\WINDOWS\Sysnative\msctf.dll 2015-01-31 19:08:27 A7F1BC7115123D2F17A4251149984080 962216 ----a-w- C:\WINDOWS\Sysnative\mfplat.dll 2015-01-31 19:08:26 E9AE4FAE83FB38A2962F9032B24CEB3C 252416 ----a-w- C:\WINDOWS\Sysnative\dnsrslvr.dll 2015-01-31 19:08:26 E66D01726D7B12302CBF3BBF847C9B05 1027584 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll 2015-01-31 19:08:26 9925BE7849D66AF04F778B41C9D5C7C1 952896 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll 2015-01-31 19:08:26 75B6AD9F2BFDFE7E7C7E38F4FDD2FF1E 658432 ----a-w- C:\WINDOWS\Sysnative\WSDApi.dll 2015-01-31 19:08:26 69C0304BE8E4C58026A0D162AD04BF10 1154048 ----a-w- C:\WINDOWS\Sysnative\SkyDrive.exe 2015-01-31 19:08:26 605CC8C83761219B45B1EF271B2A9E0C 420864 ----a-w- C:\WINDOWS\Sysnative\vpnike.dll 2015-01-31 19:08:26 57C10952ED978E2BF24D904B291C8C0C 558080 ----a-w- C:\WINDOWS\Sysnative\untfs.dll 2015-01-31 19:08:26 57322EBB67A59FB64E228F31A84CA43D 1084416 ----a-w- C:\WINDOWS\Sysnative\IKEEXT.DLL 2015-01-31 19:08:26 3F0D403D47A27134F490B0951826FC37 242176 ----a-w- C:\WINDOWS\Sysnative\WinSCard.dll 2015-01-31 19:08:26 2E3976C857D7230EC8D2B2276E688255 827392 ----a-w- C:\WINDOWS\Sysnative\spoolsv.exe 2015-01-31 19:08:26 0B07D6E59605DB58B780655192D7387C 128000 ----a-w- C:\WINDOWS\Sysnative\QSVRMGMT.DLL 2015-01-31 19:08:25 E8F017472DAB8350583526184F8FE478 166912 ----a-w- C:\WINDOWS\Sysnative\AppxAllUserStore.dll 2015-01-31 19:08:25 D64D99672845B76D67B1C6419A9E39B2 1733952 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll 2015-01-31 19:08:25 2DA3DF504868C941D7EFAE6099B73A65 309760 ----a-w- C:\WINDOWS\Sysnative\WSDMon.dll 2015-01-31 19:08:25 22A5582ACF0CEE97268D7868C69F35CE 845312 ----a-w- C:\WINDOWS\Sysnative\BFE.DLL 2015-01-31 19:08:25 17EB5520615744EE8190861C120DFF93 55776 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe 2015-01-31 19:08:24 F0FD2757C9975EC62C3AFF9DE3415830 514048 ----a-w- C:\WINDOWS\Sysnative\DevicePairing.dll 2015-01-31 19:08:24 E9E186B76AF8F2B705F003CEFE7A4410 1714176 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll 2015-01-31 19:08:24 CCB7FDAA07F104128D5332CD6EF04D97 48128 ----a-w- C:\WINDOWS\Sysnative\kmddsp.tsp 2015-01-31 19:08:24 A7D9C835222913507340E379F6C0E798 894976 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll 2015-01-31 19:08:24 9B1133CA54B4A3E852756EA174682EC8 211968 ----a-w- C:\WINDOWS\Sysnative\QSHVHOST.DLL 2015-01-31 19:08:24 35375E7F42B28163E689B1CF84243DA2 390841 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml 2015-01-31 19:08:24 2C67494BD2CB71CEE84E3DA4B9DEE979 733696 ----a-w- C:\WINDOWS\Sysnative\SkyDriveTelemetry.dll 2015-01-31 19:08:24 0416FE95E0DC01042B46D9F6B1A1EE61 702464 ----a-w- C:\WINDOWS\Sysnative\rasapi32.dll 2015-01-31 19:08:24 03880AB54F6C9A449B9F8AC8B21472AA 713216 ----a-w- C:\WINDOWS\Sysnative\nshwfp.dll 2015-01-31 19:08:23 F7CEA12E6D22FD6BD303EBF9E08F6AF3 140288 ----a-w- C:\WINDOWS\Sysnative\wuwebv.dll 2015-01-31 19:08:23 D06E9DE27BBB41F8AE2A0A2D6FC0F598 422400 ----a-w- C:\WINDOWS\Sysnative\FWPUCLNT.DLL 2015-01-31 19:08:23 A5F199F33C2A919AE9A15997FA7A07FD 77824 ----a-w- C:\WINDOWS\Sysnative\rasdiag.dll 2015-01-31 19:08:23 9FAF67CE7452215ACEDDB517A663454F 43008 ----a-w- C:\WINDOWS\Sysnative\rasmxs.dll 2015-01-31 19:08:23 9766BC2BC08F4ABEA83908B11C154529 182784 ----a-w- C:\WINDOWS\Sysnative\rascfg.dll 2015-01-31 19:08:23 591FB3A6559C393235F6D8A573E4E1B3 1574400 ----a-w- C:\WINDOWS\Sysnative\vssapi.dll 2015-01-31 19:08:23 57D55B8D3387C51758C785C425922C0E 285184 ----a-w- C:\WINDOWS\Sysnative\wow64.dll 2015-01-31 19:08:23 3C4FF4AD2F023865F63017F0E6A9C649 30208 ----a-w- C:\WINDOWS\Sysnative\rasser.dll 2015-01-31 19:08:23 3B7F9612439EA47151EC5EAB232C1C3F 1454080 ----a-w- C:\WINDOWS\Sysnative\VSSVC.exe 2015-01-31 19:08:23 25AE2DD8E6F6BBD922C5F6971F124BBD 74752 ----a-w- C:\WINDOWS\Sysnative\vsstrace.dll 2015-01-31 19:08:23 1D5D2F632E6DB073F44DACE1859B9039 407552 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll 2015-01-31 19:08:23 15CCD57C3F2CE870910C2DB4AE418D22 95744 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll 2015-01-31 19:08:23 0B082D6D7A53D91678E7409DD145E89C 657920 ----a-w- C:\WINDOWS\Sysnative\dnsapi.dll 2015-01-31 19:08:22 D64719E25966885AA991513A66A1A20F 16896 ----a-w- C:\WINDOWS\Sysnative\eventcls.dll 2015-01-31 19:08:22 BC9E947C4B1E166CE2237871CAA4BDC0 16896 ----a-w- C:\WINDOWS\Sysnative\ntvdm64.dll 2015-01-31 19:08:22 63274242700279852B5CFFE4E2E0C6D1 13312 ----a-w- C:\WINDOWS\Sysnative\wow64cpu.dll 2015-01-31 19:08:22 0296B6D45A9D582DF0B6B4E6061CE024 35840 ----a-w- C:\WINDOWS\Sysnative\wuapp.exe 2015-01-31 19:08:07 A9D94877A84A09094755163C193C8791 88064 ----a-w- C:\WINDOWS\Sysnative\BulkOperationHost.exe 2015-01-31 19:08:07 389DD7D7AA19E8BC0B8E6F18F9967C49 291840 ----a-w- C:\WINDOWS\Sysnative\SkyDriveShell.dll 2015-01-31 19:08:07 2FC11DF7FF6420AC4F633F23B0EC9D41 120832 ----a-w- C:\WINDOWS\Sysnative\winbici.dll 2015-01-31 19:07:22 CCE7F88AD038494253B485EC1B144EB3 60416 ----a-w- C:\WINDOWS\Sysnative\wups.dll 2015-01-31 19:07:22 4A112AD7D9C7289FE9945D05E97019D0 17408 ----a-w- C:\WINDOWS\Sysnative\wuaext.dll 2015-01-31 19:07:21 70AC0FA699C9420CB282CCF72993C2E1 51712 ----a-w- C:\WINDOWS\Sysnative\wups2.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2015-01-31 19:08:27 7EC9376D245D734791AD46738712E7D8 473408 ----a-w- C:\WINDOWS\Sysnative\drivers\netio.sys 2015-01-31 19:08:26 F6ECFD6128A16A4851CFE98D4E01B011 551232 -c--a-w- C:\WINDOWS\Sysnative\drivers\vhdmp.sys 2015-01-31 19:08:26 DC64B02CD5E21D16215AC20D393D5CE4 153920 -c--a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys 2015-01-31 19:08:26 49EE0AE9E5B64FFBBD06D55C4984B598 108544 -c--a-w- C:\WINDOWS\Sysnative\drivers\i8042prt.sys 2015-01-31 19:08:26 389C998C64319CD97625B0550E52ECFA 58176 ----a-w- C:\WINDOWS\Sysnative\drivers\dam.sys 2015-01-31 19:08:26 27FF998504DEF8D29A771FBB41707C5E 238912 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2015-01-31 19:08:26 1BD3022FD6E450B00DE560265638FD2A 112640 ----a-w- C:\WINDOWS\Sysnative\drivers\rasl2tp.sys 2015-01-31 19:08:25 ED54A75050211DC77F9B98C41E026858 86336 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys 2015-01-31 19:08:25 B41F3E5780D97CFD44A717153AD9CF2C 80896 ----a-w- C:\WINDOWS\Sysnative\drivers\wanarp.sys 2015-01-31 19:08:25 AD7F69237480F6CB6294EFD9EE4CD04C 428864 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS 2015-01-31 19:08:25 7AA01AB1C110916825E6E1389F1B9AF2 39744 -c--a-w- C:\WINDOWS\Sysnative\drivers\intelpep.sys 2015-01-31 19:08:25 715ABA3DD164D06457A2A3C92F6EA9D5 136512 ----a-w- C:\WINDOWS\Sysnative\drivers\wfplwfs.sys 2015-01-31 19:08:25 5917AFE4A3F695A54B99C1849C8207FE 59712 -c--a-w- C:\WINDOWS\Sysnative\drivers\kbdclass.sys 2015-01-31 19:08:25 3C2DF97A21A9BBE6355B0A51F288EFFF 2485056 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2015-01-31 19:08:25 08374E4E5B8914DE6067CBA99F61E930 51008 -c--a-w- C:\WINDOWS\Sysnative\drivers\mouclass.sys 2015-01-31 19:08:24 DC1D9F692C2AD84C214584C28501C1F7 24576 ----a-w- C:\WINDOWS\Sysnative\drivers\ndistapi.sys 2015-01-31 19:08:24 8CD840A062F6BDF41DDE3ACB96164B72 32256 -c--a-w- C:\WINDOWS\Sysnative\drivers\kbdhid.sys 2015-01-31 19:08:24 5FCBAB60598AE119E02B4C27DE6B99EA 30208 -c--a-w- C:\WINDOWS\Sysnative\drivers\mouhid.sys 2015-01-31 19:08:24 3EE5097945A7F680E320953271EB2D4F 96768 ----a-w- C:\WINDOWS\Sysnative\drivers\agilevpn.sys 2015-01-31 19:08:24 148195AE95D9BC7375A08846439FDAC1 26112 -c--a-w- C:\WINDOWS\Sysnative\drivers\sermouse.sys 2015-01-31 19:08:24 0BBE2FA30BAD58C9ADC01E4F84A3D2A1 72192 ----a-w- C:\WINDOWS\Sysnative\drivers\ndproxy.sys 2015-01-14 16:07:55 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\WINDOWS\Sysnative\drivers\ahcache.sys 2015-01-14 16:07:55 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys ====== C:\WINDOWS\Tasks ====== 2015-02-07 08:44:35 D44A1AD9ECA9BD7E07CE80C2EE40A8E8 2392 ----a-w- C:\WINDOWS\Sysnative\Tasks\Uninstaller_SkipUac_Dolly 2015-02-07 08:44:35 22084E81342FBFD425FC7C286E29A163 292 ----a-w- C:\WINDOWS\Tasks\Uninstaller_SkipUac_Dolly.job 2015-02-07 08:44:22 CB8FB1930AD34BFF97ED780E282E9AE9 3180 ----a-w- C:\WINDOWS\Sysnative\Tasks\ASC8_PerformanceMonitor 2015-02-07 08:44:10 BB22A569BF7B58CF9DACDFAF0D73C56C 256 ----a-w- C:\WINDOWS\Tasks\ASC8_SkipUac_Dolly.job 2015-02-07 08:44:10 705A4C69B2EEA8FB28544034AE075A1C 2356 ----a-w- C:\WINDOWS\Sysnative\Tasks\ASC8_SkipUac_Dolly 2015-02-06 21:53:42 50E300797787C71285F3BBC6FC30105A 1078 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-06 21:53:41 49D198B4CFAC23F868F5666168DC76A1 1074 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-01-31 20:36:14 -------- d-----w- C:\PROGRA~2\COMMON~1\Adobe ======= C: ===== ====== C:\Users\Dolly\AppData\Roaming ====== 2015-02-07 11:14:59 28DA9E78EE91CD50981AC82A32046F64 953200 ----a-w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2015-02-06 21:53:39 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google 2015-01-31 20:37:13 -------- d-----w- C:\Users\Dolly\AppData\Locallow\Adobe 2015-01-31 20:34:14 -------- d-----w- C:\Users\Dolly\AppData\Local\Adobe ====== C:\Users\Dolly ====== 2015-02-09 16:45:29 -------- d-----w- C:\ProgramData\ProductData 2015-02-08 20:06:41 2EDE6612B7042D8582819CAB084E6883 13087456 ----a-w- C:\Users\Dolly\Downloads\Silverlight_x64.exe 2015-02-07 08:44:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2015-01-31 20:36:00 -------- d-----w- C:\ProgramData\Adobe 2015-01-31 11:36:40 178C417115E576ECC684B3B90ECC1D33 1060112 ----a-w- C:\Users\Dolly\Downloads\pcmechanicpm.exe 2015-01-29 18:52:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter ====== C: exe-files == 2015-02-08 20:06:41 2EDE6612B7042D8582819CAB084E6883 13087456 ----a-w- C:\Users\Dolly\Downloads\Silverlight_x64.exe 2015-02-08 15:27:39 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\5B320CB0-3692-4FC1-AA9E-FA214DE3797B\DismHost.exe 2015-02-08 15:12:17 B1B97114D180B5B1B05EB84F50441091 140464 ----a-w- C:\Windows\Temp\F1EF928A-4612-4927-841A-5122D50EDAAB\DismHost.exe 2015-02-07 08:44:31 BA6F01FDDB4C5106CE58B48F1BCD97B1 8022816 ----a-w- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe 2015-02-07 08:44:28 D950F6C1C056BD7CE1BF461CFA3137EB 776992 ----a-w- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallDisplay.exe 2015-02-07 08:44:28 28CA7D1BB9FBFCA2B529D885E61491D8 933664 ----a-w- C:\Program Files (x86)\IObit\IObit Uninstaller\PPUninstaller.exe 2015-02-07 08:44:27 AC8E734154A5383EC9081FEE99A2C6CA 261920 ----a-w- C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe 2015-02-07 08:44:27 5D2AF40D165791C24C28DB24D1AE086E 588576 ----a-w- C:\Program Files (x86)\IObit\IObit Uninstaller\Install_PintoStartMenu.exe 2015-02-07 08:44:26 C36B8E8E584577DABD7D63ACAAF56B32 295712 ----a-w- C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstall_Mitor.exe 2015-02-07 08:44:26 419BEE93691065EDFD0B9DA56EC17E70 1009952 ----a-w- C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\SPNativeMessage.exe 2015-02-07 08:44:26 1E1AC1BDED0704868199E519F74B80BB 187168 ----a-w- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe 2015-02-07 08:44:22 AB61AA00EB531A3FA9D4C926D15E9EEF 1440032 ----a-w- C:\Program Files (x86)\IObit\Surfing Protection\PluginInstall.exe 2015-02-07 08:44:22 32933A97E58B63C399FF9EF9E751C123 1366816 ----a-w- C:\Program Files (x86)\IObit\Surfing Protection\SPUpdate.exe 2015-02-07 08:44:21 8EC37EE818B9ABEBAE4655E9FB7AA132 1195808 ----a-w- C:\Program Files (x86)\IObit\Surfing Protection\unins000.exe 2015-02-07 08:44:17 91965DD96253FA213885A86A5B3269F6 589088 ----a-w- C:\Program Files (x86)\IObit\IObit Uninstaller\SendBugReportNew.exe 2015-02-07 08:44:07 F3E8E02CE126E02F6CEC4F301862CAFE 23840 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\drivers\wnet_x86\RegistryDefragBootTime.exe 2015-02-07 08:44:07 F1525F3D112F4DD28BBFC4C6B4F42335 23840 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\drivers\wxp_x86\RegistryDefragBootTime.exe 2015-02-07 08:44:07 A500F83ECC7AAD400EE677B096193A95 24352 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\drivers\win7_x86\RegistryDefragBootTime.exe 2015-02-07 08:44:07 9D69441E0F1B134D5B7DFA993F365A32 26400 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\drivers\wnet_amd64\RegistryDefragBootTime.exe 2015-02-07 08:44:07 85D28E9EE35CD2336495F1F890871B49 27424 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\drivers\wlh_amd64\RegistryDefragBootTime.exe 2015-02-07 08:44:07 7EEDADC5D43319D802A7CA9EBCFF830E 26400 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\drivers\wxp_amd64\RegistryDefragBootTime.exe 2015-02-07 08:44:07 71B5DBE2F3E12C7B5C7CC5BCF245DC65 24352 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\drivers\wlh_x86\RegistryDefragBootTime.exe 2015-02-07 08:44:07 27B73DAB32F51461861CF7398E3A282C 27424 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\drivers\win7_amd64\RegistryDefragBootTime.exe 2015-02-07 08:44:03 F8016BB3929321C939AA1C86ED1EACCF 2650400 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Suo12_StartupManager.exe 2015-02-07 08:44:03 EABCF2D87E5B9DF58734544F2D2B9B44 1857824 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Suo11_InternetBooster.exe 2015-02-07 08:44:03 E67E564EE6CD283D721B4D008819C1D1 4577672 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\SPSetup.exe 2015-02-07 08:44:03 D07DC842842F5563B3B01B9ED0420CBB 535840 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Suo10_SmartRAM.exe 2015-02-07 08:44:03 BA6F01FDDB4C5106CE58B48F1BCD97B1 8022816 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\IObitUninstaller.exe 2015-02-07 08:44:03 8F98D4316D4BE83F16062402E034FE45 554784 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Suc12_DiskCleaner.exe 2015-02-07 08:44:03 487D919954B2197116FCF25EB0CD455E 1703200 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Sur13_WinFix.exe 2015-02-07 08:44:03 44CFFD67B5D24776741E9926A2B898A9 2491680 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Suc11_RegistryCleaner.exe 2015-02-07 08:44:02 83B208F0FC5015586E23AFD04ECD72C5 1824032 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\UninstallPromote.exe 2015-02-07 08:44:02 76BE6875F6DEB6854BC07A3781A5C3B8 1467680 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\DefaultProgram.exe 2015-02-07 08:44:02 525D899E177338FECB7A9B9F4A374205 825632 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Homepage.exe 2015-02-07 08:44:02 3D39215EDC03C527082D819AC4A6312D 814368 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\StartupInfo.exe 2015-02-07 08:44:02 129C02C910F44CDD9294F136BA7A749B 2216736 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Wizard.exe 2015-02-07 08:44:01 FB0D98445558DF98E2639D172BF14ECC 1826080 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Register.exe 2015-02-07 08:44:01 AB61AA00EB531A3FA9D4C926D15E9EEF 1440032 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\SPInit.exe 2015-02-07 08:44:01 9AED9EDA51AC3295455B913AAFA168F8 748832 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\QuickSettings.exe 2015-02-07 08:44:01 96BC8F1AE73A6FB195C88DD5D84A3F89 1338144 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\RescueCenter.exe 2015-02-07 08:44:01 91965DD96253FA213885A86A5B3269F6 589088 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\SendBugReportNew.exe 2015-02-07 08:44:01 7F32C12E4E3873400DE6CD84088A7ACE 876320 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Reinforce.exe 2015-02-07 08:44:01 33BAC77CCF4C1D507D432B29A66CE2C8 145696 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ReProcess.exe 2015-02-07 08:44:01 2C870BCAE50622B4C488EE30089C8142 650528 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Report.exe 2015-02-07 08:44:01 173498E4BC88F0DBACD7F0932D3C8564 533280 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\smBootTime.exe 2015-02-07 08:44:01 07782C388EDDB13CB0A1040F7E1DDCDC 1106720 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe 2015-02-07 08:43:59 F4790478800A996244C01689BEB5F616 1749792 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe 2015-02-07 08:43:59 E555183AD72039E9B1ADE2E81E0F89EE 64288 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\PerformUpdate.exe 2015-02-07 08:43:59 88AADA69A5695CCFEC5331CF2B4BD7C8 1657632 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\PPUninstaller.exe 2015-02-07 08:43:59 63EE41C76AB9D03BF33359FEBE97220A 443680 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\MonitorDisk.exe 2015-02-07 08:43:59 5AD4E34887E4EA686A7DA8A8BE694AE9 312096 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Nfeatures.exe 2015-02-07 08:43:59 39956C1ABAB13FF57F92F89E7B457921 174880 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\LocalLang.exe 2015-02-07 08:43:58 D9BC2278A381A8F8465596CB84D33320 2724128 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\LiveUpdate.exe 2015-02-07 08:43:58 491435EE4A6A1C4B65620854BC701450 44832 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\DiskScan.exe 2015-02-07 08:43:58 253F84475FE6489C41885EF7D9E6CEA3 95520 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Display.exe 2015-02-07 08:43:57 F95D04C2096C2534DD9465A5408E2505 672032 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCDownload.exe 2015-02-07 08:43:57 EE79D3AE2B5E25F92AFF8188F38F07BE 43296 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\DiskDefrag.exe 2015-02-07 08:43:57 B051C6F830BD6BCD2930F255CCF2B1C4 1192736 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\AutoSweep.exe 2015-02-07 08:43:57 ACD929D8754B63BBBB68B48B96F8A99E 2428704 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe 2015-02-07 08:43:57 425CACE6904A239C894847E5C93753C4 992544 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\BrowserCleaner.exe 2015-02-07 08:43:57 37685B8958172CF394A07F69AB547F77 590112 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCInit.exe 2015-02-07 08:43:57 2F442BAA7A739EDFB8CBF6BFBE8F5388 815392 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe 2015-02-07 08:43:57 231E80A764AA8FDDD75E3A2E10F9713F 1897248 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\AutoCare.exe 2015-02-07 08:43:57 14EAF09E4A4553F7CB9B57731AAA21EB 550176 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCUpgrade.exe 2015-02-07 08:43:57 0A42F6EC406B60711E8140BB55462AAB 228640 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\delayLoad.exe 2015-02-07 08:43:57 02B333E5E0E5FCAFBCD36FF66EA83EE2 1414944 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\AutoUpdate.exe 2015-02-07 08:43:56 2F317435AA6203919E60D20848146676 5212960 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe 2015-02-07 08:43:55 C9DB6365EBC099330C4ABE5AFAA96A81 2161440 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ActionCenterDownloader.exe 2015-02-07 08:43:55 7D4BDF7B34D838C299C615D95C70CE7F 28960 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ACPreScan.exe 2015-02-07 08:43:54 37E24A946C409B7A0F7BE1FBC02218ED 1198368 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 8\unins000.exe 2015-02-06 21:58:30 1F9A2717F6C6D3440B1F4A59FF96C708 1043024 ----a-w- C:\Program Files (x86)\Google\Update\Install\{9D674EDD-53B7-4B49-B864-446034ED3E90}\40.0.2214.111_40.0.2214.94_chrome_updater.exe 2015-02-06 21:58:30 1F9A2717F6C6D3440B1F4A59FF96C708 1043024 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.111\40.0.2214.111_40.0.2214.94_chrome_updater.exe 2015-02-06 21:53:41 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe 2015-02-06 21:53:41 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe 2015-02-06 21:53:41 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe 2015-02-06 21:53:41 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe 2015-02-06 21:53:40 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe 2015-02-06 21:53:40 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe 2015-02-06 21:53:39 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe 2015-02-06 21:53:39 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe 2015-02-06 21:53:38 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Install\{BE09F31C-6202-447F-A450-769AC59AB006}\GoogleUpdateSetup.exe 2015-02-06 21:53:37 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe 2015-02-06 08:28:54 4DEE5627C7D4277A9A8489286DF38749 714720 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe === C: other files == 2015-02-05 07:40:25 5941EF24BBA03AEAC061485822E005C4 1165339 ----a-w- C:\Users\Dolly\AppData\Local\Temp\IObit_Debug_Info.zip ======== System Restore Points ======== RP5: 24-1-2015 10:02:29 - Gepland controlepunt RP6: 28-1-2015 17:06:37 - Windows Update RP7: 31-1-2015 20:10:03 - Windows Update RP8: 6-2-2015 09:25:03 - Windows Update RP9: 9-2-2015 17:33:49 - zoek.exe restore point ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1535316386-195622087-1994388212-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4" ==== Startup Folders ====================== 2015-01-08 19:16:44 1187 ----a-w- C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\ASC8_SkipUac_Dolly.job --a-------- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [27-01-2015 12:06] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18-11-2014 16:48] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:6C:\ProgramC:FilesC:x86\Google\Update\GoogleUpdate.exe [] C:\WINDOWS\tasks\Uninstaller_SkipUac_Dolly.job --a-------- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [20-01-2015 15:15] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\ASC8_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe] "C:\WINDOWS\SysNative\tasks\ASC8_SkipUac_Dolly" [C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /SkipUac] "C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\WINDOWS\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe] "C:\WINDOWS\SysNative\tasks\Driver Booster SkipUAC (Dolly)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe] "C:\WINDOWS\SysNative\tasks\Driver Booster SkipUAC (SYSTEM)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe] "C:\WINDOWS\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\SmartDefrag3_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe] "C:\WINDOWS\SysNative\tasks\SmartDefrag3_Update" [C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe] "C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Dolly" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{ED9A2423-8CA0-46AC-A48C-B69DD8D1A3BA}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Dolly\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Dolly\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.111 (Possible outdated, latest Stable version: 40.0.2214.94) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] oilkkkefbalmbfppgjmgjoefbclebkce - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions oilkkkefbalmbfppgjmgjoefbclebkce - No path found[] Google Slides - Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Wallet - Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Vosteran New Tab - Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce Gmail - Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Dolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully C:\Users\Dolly\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oilkkkefbalmbfppgjmgjoefbclebkce_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://msn.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://msn.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}&rlz=1I7GGHP_nlNL615" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Dolly\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Dolly\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_USERS\S-1-5-21-1535316386-195622087-1994388212-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Dolly\Desktop\Dropbox.lnk - C:\Users\Dolly\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Dolly\Desktop\Eerste gebruiker - Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Dolly\Desktop\Standaardprofiel - Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Advanced SystemCare 8.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /manual C:\Users\Public\Desktop\Collage Creator.lnk - C:\Program Files (x86)\ArcSoft\Collage Creator\Collage.exe C:\Users\Public\Desktop\Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe C:\Users\Public\Desktop\Driver Booster.lnk - C:\Program Files (x86)\IObit\Driver Booster\SkipUacExec.exe C:\Users\Public\Desktop\Funhouse.lnk - C:\Program Files (x86)\ArcSoft\Funhouse\Funhouse.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe C:\Users\Public\Desktop\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll C:\Users\Public\Desktop\Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe C:\Users\Public\Desktop\Start Menu 8.lnk - C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe startmenu ==== shortcuts in Users Start Menu ====================== C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Dolly\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Dolly\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 2.0\Adobe Digital Editions 2.0.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 2.0\Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 2.0\Home Page.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe\Adobe Digital Editions 2.0\Uninstall.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Advanced SystemCare 8.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /manual C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Protect.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /Protect C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Toolbox.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /toolbox C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Turbo Boost.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /turboboost C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Verwijder Advanced SystemCare.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2\Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2\Verwijder Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\Verwijder IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\unins001.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallDisplay.exe uninstall_start C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Verwijderen.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.8.150\McAfee.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Verwijder Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8\Start Menu 8.lnk - C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe startmenu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8\Verwijder Start Menu 8.lnk - C:\Program Files (x86)\IObit\Start Menu 8\unins000.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Standaardprofiel - Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Digital Editions 2.0.lnk - C:\Program Files (x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 8 (2).lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /manual C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 8.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /manual C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\WINDOWS\system32\mspaint.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk - C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk - C:\Users\Dolly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Wordpad.lnk - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe ==== Uninstall List x64 ====================== Adobe Digital Editions 2.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Digital Editions 2.0] Adobe Reader XI (11.0.10) - Nederlands [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1043-7B44-AB0000000001}] Advanced SystemCare 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare 8_is1] ArcSoft Collage Creator [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6928EAE5-34AD-4B6D-99E9-152225888EB8}] ArcSoft Funhouse [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1C6DCAB0-D0BF-4554-8066-61BC5B92B7FF}] ArcSoft Greeting Card Creator [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C6DB4D76-58F0-4861-A397-D1794664FE49}] ArcSoft Panorama Maker 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A04A1014-FAFF-47E2-9799-8C40BE7B80C4}] Download & Installeer Packages [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Download & Installeer Packages] Driver Booster 2.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1] Dropbox [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dropbox] Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] Google+ Auto Backup [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}] Intel(R) Processor Graphics [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] IObit Malware Fighter 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IObit Malware Fighter_is1] IObit Uninstaller [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IObitUninstall] Malwarebytes Anti-Malware versie 2.0.3.1025 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] McAfee Security Scan Plus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Photo Notifier and Animation Creator [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D853998-1055-4E45-B99E-F5039C502831}] Picasa 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Picasa 3] Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] Skype Click to Call [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}] SkypeT 7.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] Smart Defrag 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag 3_is1] Start Menu 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IObit_StartMenu8_is1] Surfing Protection [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IObit Surfing Protection_is1] VLC media player 2.1.3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player] ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll O2 - BHO: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - Startup: Dropbox.lnk = Dolly\AppData\Roaming\Dropbox\bin\Dropbox.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: StartMenu8 Service (StartMenuService) - IObit - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [Skype Technologies S.A.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [Realtek Semiconductor] RtHDVBg_Dolby = "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4 [Realtek Semiconductor] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} mbot_nl_96 = (empty string) [file not found] IObit Malware Fighter = "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [IObit] Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {10921475-03CE-4E04-90CE-E2E7EF20C814}\(Default) = ExplorerWnd Helper -> {HKLM...CLSID} = ExplorerWnd Helper \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [IObit] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\(Default) = MSS+ Identifier -> {HKLM...CLSID} = MSS+ Identifier \InProcServer32\(Default) = C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [McAfee, Inc.] -> {HKLM...Wow...CLSID} = MSS+ Identifier \InProcServer32\(Default) = C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [McAfee, Inc.] {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Ads Removal \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [Adblock] {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Advanced SystemCare Surfing Protection \InProcServer32\(Default) = C:\PROGRA~2\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [IObit] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ "DropboxExt1"\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] "DropboxExt2"\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] "DropboxExt3"\(Default) = {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] "DropboxExt4"\(Default) = {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] "DropboxExt5"\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] "DropboxExt6"\(Default) = {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] "DropboxExt7"\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] "DropboxExt8"\(Default) = {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {189F1E63-33A7-404B-B2F6-8C76A452CC54} = IObitSmartDefrag Extension -> {HKLM...CLSID} = SmartDefragExtension Class \InProcServer32\(Default) = C:\WINDOWS\system32\IObitSmartDefragExtension.dll [IObit] {A6FF0E3A-8437-482C-8E04-4F9E15C57538} = UnLockerMenu -> {HKLM...CLSID} = UnLockerMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [IObit] {B19ED566-D419-470b-B111-3C89040BC027} = IObitUnstaler -> {HKLM...CLSID} = IObitUnstaler Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [IObit] {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} = IobitStartMenu -> {HKLM...CLSID} = IobitStartMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\Start Menu 8\IObitStartMenuExtension.dll [IObit] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {1ee7337f-85ac-45e2-a23c-37c753209769}\(Default) = Smartcard WinRT Provider -> {HKLM...CLSID} = Smartcard WinRT Provider \InProcServer32\(Default) = C:\WINDOWS\system32\SmartcardCredentialProvider.dll [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Advanced SystemCare\(Default) = {2803063F-4B8D-4dc6-8874-D1802487FE2D} -> {HKLM...CLSID} = CExtMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll [IObit] IObit Malware Fighter\(Default) = {0BB81440-5F42-4480-A5F7-770A6F439FC8} -> {HKLM...CLSID} = BlueBirdShell Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [IObit] IobitStartMenu\(Default) = {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} -> {HKLM...CLSID} = IobitStartMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\Start Menu 8\IObitStartMenuExtension.dll [IObit] IObitUnstaler\(Default) = {B19ED566-D419-470b-B111-3C89040BC027} -> {HKLM...CLSID} = IObitUnstaler Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [IObit] SmartDefragExtension\(Default) = {189F1E63-33A7-404B-B2F6-8C76A452CC54} -> {HKLM...CLSID} = SmartDefragExtension Class \InProcServer32\(Default) = C:\WINDOWS\system32\IObitSmartDefragExtension.dll [IObit] UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538} -> {HKLM...CLSID} = UnLockerMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [IObit] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ Advanced SystemCare\(Default) = {2803063F-4B8D-4dc6-8874-D1802487FE2D} -> {HKLM...CLSID} = CExtMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCExtMenu_64.dll [IObit] IObit Malware Fighter\(Default) = {0BB81440-5F42-4480-A5F7-770A6F439FC8} -> {HKLM...CLSID} = BlueBirdShell Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [IObit] IobitStartMenu\(Default) = {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} -> {HKLM...CLSID} = IobitStartMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\Start Menu 8\IObitStartMenuExtension.dll [IObit] IObitUnstaler\(Default) = {B19ED566-D419-470b-B111-3C89040BC027} -> {HKLM...CLSID} = IObitUnstaler Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [IObit] UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538} -> {HKLM...CLSID} = UnLockerMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [IObit] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\Dolly\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxDTCM\(Default) = {9B5F5829-A529-4B12-814A-E81BCB8D93FC} -> {HKLM...CLSID} = TheDeskTopContextMenu Class \InProcServer32\(Default) = C:\WINDOWS\system32\igfxDTCM.dll [Intel Corporation] igfxOSP\(Default) = {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} -> {HKLM...CLSID} = TheAdvOSPropPage Class \InProcServer32\(Default) = C:\WINDOWS\system32\igfxOSP.dll [Intel Corporation] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ IObit Malware Fighter\(Default) = {0BB81440-5F42-4480-A5F7-770A6F439FC8} -> {HKLM...CLSID} = BlueBirdShell Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [IObit] IobitStartMenu\(Default) = {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} -> {HKLM...CLSID} = IobitStartMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\Start Menu 8\IObitStartMenuExtension.dll [IObit] IObitUnstaler\(Default) = {B19ED566-D419-470b-B111-3C89040BC027} -> {HKLM...CLSID} = IObitUnstaler Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [IObit] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation] SmartDefragExtension\(Default) = {189F1E63-33A7-404B-B2F6-8C76A452CC54} -> {HKLM...CLSID} = SmartDefragExtension Class \InProcServer32\(Default) = C:\WINDOWS\system32\IObitSmartDefragExtension.dll [IObit] UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538} -> {HKLM...CLSID} = UnLockerMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [IObit] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ EnableCursorSuppression = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Dolly\AppData\Roaming\Microsoft\Windows Photo Viewer\Achtergrond van Windows Photo Viewer.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSFhConfigBackup\ Provider = @C:\WINDOWS\system32\fhautoplay.dll,-100 InvokeProgID = FHConfig.AutoPlayHandler InvokeVerb = config HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPromptEachTime\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTime HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSPromptEachTimeNoContent\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTimeNoContent HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" "%1" [Google Inc.] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] Startup items in "Dolly" & "All Users" startup folders: ------------------------------------------------------- C:\Users\Dolly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} Dropbox -> shortcut to: C:\Users\Dolly\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks ASC8_PerformanceMonitor -> launches: C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe /Task [IObit] ASC8_SkipUac_Dolly -> launches: C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /SkipUac [IObit] CreateChoiceProcessTask -> launches: C:\Windows\BrowserChoice\browserchoice.exe /launch [file not found] Driver Booster Scan -> launches: C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe /scan [IObit] Driver Booster SkipUAC (Dolly) -> launches: C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe /skipuac [IObit] Driver Booster SkipUAC (SYSTEM) -> launches: C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe /skipuac [IObit] Driver Booster Update -> launches: C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe /auto [IObit] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] SmartDefrag3_Startup -> launches: C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe /STARTUP [IObit] SmartDefrag3_Update -> launches: C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe /autorun [IObit] Uninstaller_SkipUac_Administrator -> launches: C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer [IObit] Uninstaller_SkipUac_Dolly -> launches: C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer [IObit] User_Feed_Synchronization-{ED9A2423-8CA0-46AC-A48C-B69DD8D1A3BA} -> (HIDDEN!) launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS] C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework .NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] .NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\AppID SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666} -> {HKLM...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS] -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent /increment [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1} -> {HKLM...CLSID} = Proactive Scan \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66} -> {HKLM...CLSID} = BthSQM \InProcServer32\(Default) = C:\WINDOWS\System32\BthSQM.dll [MS] Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\kernelceip.dll [MS] Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F} -> {HKLM...CLSID} = Data Integrity Scan \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888} -> {HKLM...CLSID} = DsmRefreshTask Class \InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup SilentCleanup -> launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint Diagnostics -> launches: {5b6b6834-34f0-49b9-ad4e-81d4994c7a74} -> {HKLM...CLSID} = Disk Footprint Diagnostics Task \InProcServer32\(Default) = C:\WINDOWS\system32\DfpCommon.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A} -> {HKLM...CLSID} = FhTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\MUI Lpksetup -> launches: C:\WINDOWS\System32\lpksetup.exe -v [MS] LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\WINDOWS\System32\mcbuilder.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3} -> {HKLM...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS] -> {HKLM...Wow...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371} -> {HKLM...CLSID} = PerfTrack TaskHandler class \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PI Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209} -> {HKLM...CLSID} = Device Installation Group Policy Task Handler \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS] Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b} -> {HKLM...CLSID} = Device Installation Reboot Dialog Task \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS] Plug and Play Cleanup -> launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF} -> {HKLM...CLSID} = Plug and Play Maintenance Task \InProcServer32\(Default) = C:\Windows\System32\pnpclean.dll [MS] Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools MRT_HB -> launches: C:\WINDOWS\system32\MRT.exe /EHB /Q [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Servicing StartComponentCleanup -> launches: 752073A1-23F2-4396-85F0-8FDB879ED0ED [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} -> {HKLM...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] BackupTask -> (HIDDEN!) launches: {60A4C78C-E2B8-4E6E-876F-DA203B02C05E} -> {HKLM...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20} -> {HKLM...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43} -> {HKLM...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS] FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA} -> {HKLM...CLSID} = FamilySafety.WebSync \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS] IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SkyDrive Idle Sync Maintenance Task -> launches: {bf6c1e47-86ec-4194-9ce5-13c15dcb2001} [InProcServer32 entry not found] Routine Maintenance Task -> launches: {1b1f472e-3221-4826-97db-2c2324d389ae} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC} -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler Idle Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8} -> {HKLM...CLSID} = Maintenance Configurator \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9} -> {HKLM...CLSID} = Time Synchronization Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS] SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone SynchronizeTimeZone -> launches: %windir%\system32\tzsync.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TPM Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender Windows Defender Cache Maintenance -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance [MS] Windows Defender Cleanup -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup [MS] Windows Defender Scheduled Scan -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob [MS] Windows Defender Verification -> launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate Scheduled Start -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS] Scheduled Start With Network -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WOF WIM-Hash-Management -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1} -> {HKLM...CLSID} = WOF Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders Work Folders Logon Synchronization -> launches: {97d47d56-3777-49fb-8e8f-90d7e30e1a1e} -> {HKLM...CLSID} = Work Folder Logon Trigger Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] Work Folders Maintenance Work -> launches: {63260bce-a3fb-4a34-aa51-d4d8e877b62b} -> {HKLM...CLSID} = Work Folder Maintenance Task Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WS Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC} -> {HKLM...CLSID} = WinStore Tile Badge Updater \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS] License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS] Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E} -> {HKLM...CLSID} = WinStore License Sync task \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS] WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS] WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\WSService.dll [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-1535316386-195622087-1994388212-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Advanced SystemCare Service 8, AdvancedSystemCareService8, C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [IObit] IMF Service, IMFservice, C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [IObit] Intel(R) HD Graphics Control Panel Service, igfxCUIService1.0.0.0, C:\WINDOWS\system32\igfxCUIService.exe [Intel Corporation] LiveUpdate, LiveUpdateSvc, C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [IObit] Network Connection Broker, NcbService, C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\WINDOWS\System32\ncbservice.dll [MS]} Skype Click to Call PNR Service, c2cpnrsvc, "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [MS] Skype Click to Call Updater, c2cautoupdatesvc, "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [MS] StartMenu8 Service, StartMenuService, C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [IObit] Windows Defender Network Inspection Service, WdNisSvc, "C:\Program Files\Windows Defender\NisSrv.exe" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> IMFservice, Service <> SystemEventsBroker, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> StartMenuService, <> str, service <> SystemEventsBroker, Service <> PEVSystemStart, Service Accessibility Tools: -------------------- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\ Configuration = togglekeys HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\Session6\ Configuration = togglekeys ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache\IE\5JKNGN1T will be deleted at reboot C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache\IE\HCQ5VMM6 will be deleted at reboot C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache\IE\Q7DRQ8OX will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Dolly\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Dolly\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1316 folders=333 63650361 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Dolly\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Dolly\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache\IE\5JKNGN1T" not found "C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache\IE\HCQ5VMM6" not found "C:\Users\Dolly\AppData\Local\Microsoft\Windows\INetCache\IE\Q7DRQ8OX" not found "C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on ma 09-02-2015 at 17:52:00,31 ======================