Zoek.exe v5.0.0.0 Updated 07-March-2015 Tool run by Blijham on za 07-03-2015 at 19:00:24,53. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Blijham\Downloads\zoek (1).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe C:\Windows\system32\RunDll32.exe C:\Program Files\HP\HP Officejet 6600\bin\HPNetworkCommunicator.exe C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Video Web Camera\traybar.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Blijham\Downloads\zoek (1).exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== System Restore Info ====================== 7-3-2015 19:05:02 Zoek.exe System Restore Point Created Succesfully. ==== Windows Installer Info ====================== 64 Bit HP CIO Components Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E3C12FFDF79F4745981D8BC9EC48245]C:\Windows\Installer\2681b79.msi Acrobat.com [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4AFCE782A91734120AB96D1AD25EE404]C:\Windows\Installer\29ebb.msi Adobe AIR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1F9ACB2AC6655084791DF7CD39837632]c:\Windows\Installer\29eab.msi Adobe Photoshop Elements 7.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9D5706BC219FEA04EB6A5E09AD421FB6]c:\Windows\Installer\73aa3.msi Adobe Reader 9.5.5 MUI [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA7FFFFB7449A0100000010]c:\Windows\Installer\29ea3.msi Advertising Center [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\83a4ce2b545b00a4284131efe019e5d6]c:\Windows\Installer\29ef2.msi Ask Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF]C:\Windows\Installer\6bec39.msi Backup Manager Basic [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5E677B270354B4C4493557D18FD7D939]C:\Windows\Installer\270b0.msi Basissoftware voor HP Officejet 6600 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\57D40C3717DE7D64FB092317E1AFCC96]C:\Windows\Installer\733c1.msi Broadcom Gigabit NetLink Controller [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8FD07F69F061C9F4B9E9A2B934B9E49B]c:\Windows\Installer\29e87.msi Compatibiliteitspakket voor het 2007 Microsoft Office system [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109020031400000000000F01FEC]c:\Windows\Installer\73aff.msi D3DX10 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BD4C90EC03660F46A13E87A329932FA]C:\Windows\Installer\15fdde.msi Google Earth [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0336A2D4B8F23E11C9048BCAF6798BE8]C:\Windows\Installer\100eb6.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\4d90656.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC]C:\Windows\Installer\2fa22d83.msi HP Officejet 6600 Haelp [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A3AB818CF6220DE4C9FE690AFD032011]C:\Windows\Installer\733d3.msi HP Update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC03D219E93F13B4DAA921C3B697E42E]C:\Windows\Installer\2978b20.msi I.R.I.S. OCR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F2ACB6ACBEDEF80458B01304B41EA616]C:\Windows\Installer\733cd.msi ImagXpress [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9802F8A97F16FB43B582A2C0B9B7AD4]c:\Windows\Installer\29edb.msi Java 7 Update 71 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF230120717FF]C:\Windows\Installer\122e78.msi Junk Mail filter update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E0BA6F1DDC839B4A832AAE92BEFCF4E]C:\Windows\Installer\15fe15.msi Mesh Runtime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6116D6C8427B0184F8D20D746E7B6DE8]C:\Windows\Installer\886a09.msi Messenger Companion [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E52D2418A820365468DE755587C30892]C:\Windows\Installer\886af5.msi Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2FA0BBE92DA4ABA359FE79E7EB1ABC90]C:\Windows\Installer\532cc.msi Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE4EBED704B66673BB53C5BB3C58AD73]C:\Windows\Installer\51489.msi Microsoft Antimalware Service NL-NL Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F0CDE8FCB51114478267701C5A8EACE]c:\Windows\Installer\5befa.msi Microsoft Application Error Reporting [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400100000000F01FEC]C:\Windows\Installer\73aa8.msi Microsoft Office Live Add-in 1.5 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7CEBB04F4A2C00A4B942A750A5C22526]C:\Windows\Installer\4f7f3.msi Microsoft Office Suite Activation Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\487EA05EEBAFAD641A8FB7B665CD2BE2]C:\Windows\Installer\23434.msi Microsoft Office XP Professional met FrontPage [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3140820900063D11C8EF00054038389C]C:\Windows\Installer\32663.msi Microsoft PowerPoint Viewer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004159FA0031400000000000F01FEC]C:\Windows\Installer\256427b.msi Microsoft Security Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6B23D699926F467498B4BC429D1C0915]c:\Windows\Installer\420cafb.msi Microsoft Security Client NL-NL Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDA119CD06B72F041A21BFE16B04D270]c:\Windows\Installer\5bebf.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\Windows\Installer\64855.msi Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D034B0FAA6BD374B960AAD30DF10D8B]C:\Windows\Installer\73ae0.msi Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B7573E6B77E5519368A6CCCFB4D891C4]c:\Windows\Installer\3b8be.msi Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D756077321A70C3E844C138CE981581]c:\Windows\Installer\72327d4.msi Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4ccf9caae9dddda409c15b94a670bae2]C:\Windows\Installer\42713.msi Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1af2a8da7e60d0b429d7e6453b3d0182]C:\Windows\Installer\6c1df5e.msi Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\84b9c17023c712640acaf308593282f8]C:\Windows\Installer\29ec3.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\6c1df8c.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1E4ACFA687B90463F8277AFB33442800]c:\Windows\Installer\7da4bac.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\Windows\Installer\5010e.msi Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C173E5AD3336A8D3394AF65D2BB0CCE6]c:\Windows\Installer\157e5c7.msi Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]C:\Windows\Installer\e177c.msi Microsoft Works [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5F1F8515B1AF94D45B64555A00B498DB]c:\Windows\Installer\73af5.msi MSVCRT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6C64DD86500CEF47BA082BB611A1FF1]C:\Windows\Installer\15fdd5.msi MSVCRT_amd64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\52744B0D6663D294EB6F85A741DBB99D]C:\Windows\Installer\15fe19.msi MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217]c:\Windows\Installer\3b8f1.msi MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE]c:\Windows\Installer\3b913.msi Nero ControlCenter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ad0ac5dbda17ad341be9e6eec0a9cda9]c:\Windows\Installer\29f22.msi Nero ControlCenter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ecd1404f1ef381e4a8e9d96e2513ee63]c:\Windows\Installer\29f62.msi Nero DiscSpeed [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\bd002968a7820cd40bb2b27678bfdcc4]c:\Windows\Installer\29f1a.msi Nero DiscSpeed Help [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\f3e910cc2d956844d8b47818506ba217]c:\Windows\Installer\29f5a.msi Nero DriveSpeed [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5f85fc338d845754386d695f474e8da3]c:\Windows\Installer\29f0a.msi Nero DriveSpeed Help [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\840d7c5e4b9f91243b32b8bd102a65d3]c:\Windows\Installer\29f4a.msi Nero Express Help [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\249202383b4805c468228b0caad28258]c:\Windows\Installer\29f42.msi Nero InfoTool [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\16dfdcbffcd717e4296278b30a501393]c:\Windows\Installer\29f12.msi Nero InfoTool Help [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\dbd00402bd6e8b54b9b6d17d308381ce]c:\Windows\Installer\29f52.msi Nero Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\33408a8eb2031ff418d5cf8cae4c28ff]c:\Windows\Installer\29f6a.msi Nero Online Upgrade [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\69748abd30580ff4fa757174dda961d6]c:\Windows\Installer\29f2a.msi Nero StartSmart [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c8ca84773e81bb3459b980f8ea1af62b]c:\Windows\Installer\29efa.msi Nero StartSmart Help [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\685b8432ea9cec6439c66ae849622e41]c:\Windows\Installer\29f32.msi Nero StartSmart OEM [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\536D34D4ADF65af4AAB932FC370D85AE]c:\Windows\Installer\29f3a.msi NeroExpress [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6113a595bb04f0e42a8e7d59d15a2607]c:\Windows\Installer\29f02.msi neroxml [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB940C659E972054EB7A79453A6EF0B9]c:\Windows\Installer\29ed3.msi NVIDIA PhysX [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6A1554C134743904194E4177DC560534]C:\Windows\Installer\1d4a0.msi PowerDVD [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F13E2FB2BB8B7A046B05892DE8F0D774]c:\Windows\Installer\1d4aa.msi Reader for PC [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BFD972D3A79D934B89E598DFA6A5826]C:\Windows\Installer\3ffe153.msi Sibelius Scorch (ActiveX Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A192868E92259740B0B6EE078FA35DC]C:\Windows\Installer\ae7a2.msi SweetPacks bundle uninstaller [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\237AA359BFA99C94484AF769ACA080AD]C:\Windows\Installer\1f68c06.msi Visual Studio 2010 x64 Redistributables [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D331B1297950F74EBC16F6A3B4096F3]C:\Windows\Installer\e1781.msi Visual Studio 2012 x64 Redistributables [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07E577C8197A8AD4CB3CA67B31F64448]C:\Windows\Installer\9e4cb.msi Visual Studio 2012 x86 Redistributables [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A91FFE89BA03B4E49B340FB6C136BE8F]C:\Windows\Installer\9e4c6.msi Visual Studio C++ 10.0 Runtime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\422F2144948316443A9EEDFED8527209]C:\Windows\Installer\1a75b0.msi Windows Live Communications Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3D04254D3B6B9FF42B3445CE3E1E0066]C:\Windows\Installer\886912.msi Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B53C70A248384AD4A95944B2C6980A37]C:\Windows\Installer\886a77.msi Windows Live Family Safety [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\76EA78D0BE4101C4885AADC61318BE81]C:\Windows\Installer\8868c4.msi Windows Live Family Safety [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FE37E449E75817F4D94CDC50D9A7DDFE]C:\Windows\Installer\886aeb.msi Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BFF8CCA148D950C44AED2DA8B99C6189]C:\Windows\Installer\7c8d4f.msi Windows Live Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F132F0B0A6ECD384AA32773B467F9571]C:\Windows\Installer\8868ef.msi Windows Live Language Selector [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAF5E720674195C4AA4B23FE82253099]C:\Windows\Installer\8868a7.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A563885D93EA72F4DBEA4B7EC2E809C0]C:\Windows\Installer\886ab0.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A57765D93F393A44082948E08362ED03]C:\Windows\Installer\88696c.msi Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C55EC23CAB21159478799076DFFE55F6]C:\Windows\Installer\7c8f4a.msi Windows Live Mesh [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A3414F312C911046897B31C10C48668]C:\Windows\Installer\886ae1.msi Windows Live Mesh [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C7BCDCEDCC85568419FA26F77989EF84]C:\Windows\Installer\886a4e.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\11F12B5E3396B0E42AC597363E0CD711]C:\Windows\Installer\886953.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\59D49284A9EE7734283144CF2456BF72]C:\Windows\Installer\886a95.msi Windows Live Messenger Companion Core [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C4B69A87346AF0D4892C8A1EA666969F]C:\Windows\Installer\886a5e.msi Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E08F45ADC1622A148A5545A941F4F295]C:\Windows\Installer\8868af.msi Windows Live Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4314AE291D01A814191EA5403531A183]C:\Windows\Installer\8869d8.msi Windows Live Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9D4227BCACD61F34F838B6E1930AF029]C:\Windows\Installer\886acc.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D262DB9887B64540A5A4F5FE63C38B4]C:\Windows\Installer\886a85.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6ACDB9A3563B764CA384963D73AFB3E]C:\Windows\Installer\886930.msi Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0FB3B06AB459FA248B8DC2D1436B31AA]C:\Windows\Installer\886abb.msi Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\766F6333940964D4896BC447E3BE5C1B]C:\Windows\Installer\8869a7.msi Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B292C385A83B0447A137070E0186AF4]C:\Windows\Installer\886923.msi Windows Live Remote Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A889D6FD0AEE7724AA8B51E880E634B9]C:\Windows\Installer\15fdb3.msi Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\15150F9C9A59B9B45B4371062E0D415A]C:\Windows\Installer\15fdbb.msi Windows Live Remote Service [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8456A20EEDF62E04E89D11D9D7E746F1]C:\Windows\Installer\15fda7.msi Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3CDFBC612FC20C46ACD5A2A07F7FA55]C:\Windows\Installer\15fdbf.msi Windows Live SOXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4E3B286A696ED244AC1C470AE61874B]C:\Windows\Installer\886908.msi Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26CEF00243C306D4C98ECE73E2100CF8]C:\Windows\Installer\15fde2.msi Windows Live Sync [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9DDE91DC23612004292147874EAB4032]C:\Windows\Installer\b723c.msi Windows Live UX Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E97A59ECCF4EFFF4A857920FB449F22F]C:\Windows\Installer\8868db.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9FC52F6D78E4BE343B421CB29EDC6D86]C:\Windows\Installer\886a6c.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\076CFAAAB965F2A4284B2449E5D03EFE]C:\Windows\Installer\886988.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\329710E78F6123E449FEA051B01D69EF]C:\Windows\Installer\886ad7.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\60EA627A3AAA1D34783E075F0113F440]C:\Windows\Installer\8869e8.msi Windows Live Writer Resources [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B144B41D477071489AE1A6376EA2681]C:\Windows\Installer\886aa5.msi ==== Empty Folders Check ====================== C:\PROGRA~2\Fotoservice deleted successfully C:\PROGRA~2\Foxy Games deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\VidPlaya deleted successfully C:\PROGRA~2\VS Revo Group deleted successfully C:\PROGRA~2\Zylom Games deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully C:\Users\Blijham\AppData\Roaming\SimpleFiles deleted successfully C:\Users\Blijham\AppData\Local\Sparta deleted successfully C:\Users\Blijham\AppData\Local\Zylom Games deleted successfully ==== Checking Systemdrive for Symlinks ====================== De volumenaam van station C is Packard Bell Het volumenummer is A436-6488 Map van C:\ 14-07-2009 06:08 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\ProgramData 14-07-2009 06:08 Application Data [C:\ProgramData] 14-07-2009 06:08 Desktop [C:\Users\Public\Desktop] 14-07-2009 06:08 Documents [C:\Users\Public\Documents] 14-07-2009 06:08 Favorites [C:\Users\Public\Favorites] 14-07-2009 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14-07-2009 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users 14-07-2009 06:08 All Users [C:\ProgramData] 14-07-2009 06:08 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 14-07-2009 06:08 Application Data [C:\ProgramData] 14-07-2009 06:08 Desktop [C:\Users\Public\Desktop] 14-07-2009 06:08 Documents [C:\Users\Public\Documents] 14-07-2009 06:08 Favorites [C:\Users\Public\Favorites] 14-07-2009 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14-07-2009 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Blijham 16-01-2010 14:13 Application Data [C:\Users\Blijham\AppData\Roaming] 16-01-2010 14:13 Cookies [C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\Cookies] 16-01-2010 14:13 Local Settings [C:\Users\Blijham\AppData\Local] 16-01-2010 14:13 Menu Start [C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\Start Menu] 16-01-2010 14:13 Mijn documenten [C:\Users\Blijham\Documents] 16-01-2010 14:13 NetHood [C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 16-01-2010 14:13 Netwerkprinteromgeving [C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 16-01-2010 14:13 Recent [C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\Recent] 16-01-2010 14:13 SendTo [C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\SendTo] 16-01-2010 14:13 Sjablonen [C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Blijham\AppData\Local 16-01-2010 14:13 Application Data [C:\Users\Blijham\AppData\Local] 16-01-2010 14:13 Geschiedenis [C:\Users\Blijham\AppData\Local\Microsoft\Windows\History] 16-01-2010 14:13 Temporary Internet Files [C:\Users\Blijham\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Blijham\AppData\LocalLow 12-09-2010 12:33 PlayReady [C:\ProgramData\Microsoft\PlayReady] 0 bestand(en) 0 bytes Map van C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\Start Menu 16-01-2010 14:13 Programma's [C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Blijham\Documents 16-01-2010 14:13 Mijn afbeeldingen [C:\Users\Blijham\Pictures] 16-01-2010 14:13 Mijn muziek [C:\Users\Blijham\Music] 16-01-2010 14:13 Mijn video's [C:\Users\Blijham\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Default 14-07-2009 06:08 Application Data [C:\Users\Default\AppData\Roaming] 14-07-2009 06:08 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 14-07-2009 06:08 Local Settings [C:\Users\Default\AppData\Local] 14-07-2009 06:08 My Documents [C:\Users\Default\Documents] 14-07-2009 06:08 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 14-07-2009 06:08 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14-07-2009 06:08 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14-07-2009 06:08 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 14-07-2009 06:08 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14-07-2009 06:08 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 14-07-2009 06:08 Application Data [C:\Users\Default\AppData\Local] 14-07-2009 06:08 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14-07-2009 06:08 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 14-07-2009 06:08 My Music [C:\Users\Default\Music] 14-07-2009 06:08 My Pictures [C:\Users\Default\Pictures] 14-07-2009 06:08 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 14-07-2009 06:08 My Music [C:\Users\Public\Music] 14-07-2009 06:08 My Pictures [C:\Users\Public\Pictures] 14-07-2009 06:08 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Map van C:\Windows\AppPatch 17-09-2014 08:32 spbin [C:\PROGRA~2\SearchProtect\SearchProtect\bin] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 0 bestand(en) 0 bytes 53 map(pen) 111.636.377.600 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1057498486-3272655960-1594907610-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1057498486-3272655960-1594907610-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-1057498486-3272655960-1594907610-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== @Home Components 64 Bit HP CIO Components Installer Acrobat.com Adobe AIR Adobe Flash Player 16 ActiveX Adobe Photoshop Elements 7.0 Adobe Reader 9.5.5 MUI Adobe Shockwave Player 11.6 Advertising Center ALPS Touch Pad Driver Backup Manager Basic Basissoftware voor HP Officejet 6600 Broadcom Gigabit NetLink Controller CCleaner CollageIt 1.9.3 Compatibiliteitspakket voor het 2007 Microsoft Office system Conexant HD Audio CyberLink PowerDVD 8 D3DX10 Google Chrome Google Earth Google Update Helper HP FWUpdateEDO2 HP Officejet 6600 Haelp HP Photo Creations HP Update I.R.I.S. OCR Identity Card ImagXpress Intel© Matrix Storage Manager Java 7 Update 71 Java Auto Updater Junk Mail filter update Kruidvat fotoservice Launch Manager Mesh Runtime Messenger Companion Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Antimalware Service NL-NL Language Pack Microsoft Application Error Reporting Microsoft Office Live Add-in 1.5 Microsoft Office Suite Activation Assistant Microsoft Office XP Professional met FrontPage Microsoft PowerPoint Viewer Microsoft Security Client Microsoft Security Client NL-NL Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyDriveConnect 3.3.0.1502 Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml NetDiag NVIDIA-configuratiescherm 340.52 NVIDIA Drivers NVIDIA HD Audio-stuurprogramma 1.3.18.0 NVIDIA Install Application NVIDIA PhysX Packard Bell InfoCentre Packard Bell MyBackup Packard Bell Power Management Packard Bell Recovery Management Packard Bell Registration Packard Bell Updater PackardBell ScreenSaver Photo Editor 1.1 Pixum Fotoboek Reader for PC Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Sibelius Scorch (ActiveX Only) Star Defender 4 Video Web Camera Visual Studio 2010 x64 Redistributables Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables Visual Studio C++ 10.0 Runtime VLC media player 2.0.5 Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Fotoservice not found C:\PROGRA~2\Foxy Games not found C:\PROGRA~2\VidPlaya not found C:\PROGRA~2\VS Revo Group not found C:\PROGRA~2\Zylom Games not found C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found "C:\Windows\Installer\1f68c06.msi" not found C:\PROGRA~3\lddjconcamddaafijhcpfmdoccgfippo deleted C:\PROGRA~3\{40e4e635-3a7a-3099-40e4-4e6353a798d4} deleted C:\PROGRA~3\100 deleted C:\PROGRA~3\4158328666894771241 deleted C:\Users\Blijham\.android deleted C:\user.js deleted C:\User Data deleted C:\Users\Blijham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sparta.lnk deleted C:\Users\Blijham\AppData\Roaming\sparta111 deleted C:\Users\Blijham\AppData\Roaming\aps.uninstall.scan.results deleted C:\Users\Blijham\AppData\Roaming\ProductData deleted C:\Users\Blijham\AppData\Roaming\YoudaGames deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Systweak deleted C:\PROGRA~3\ProductData deleted C:\PROGRA~3\InstallMate deleted C:\Users\Blijham\AppData\Local\nsa393E.tmp deleted C:\Users\Blijham\AppData\Local\nsiBFA8.tmp deleted C:\Users\Blijham\AppData\Local\nsr1FE3.tmp deleted C:\Users\Blijham\AppData\Local\com deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip deleted C:\Windows\SysNative\roboot64.exe deleted C:\windows\SysNative\Tasks\fsupdate deleted C:\Users\Blijham\AppData\LocalLow\Protect deleted C:\Users\Blijham\AppData\LocalLow\{6C85A1C9-0F93-4B46-BE67-D409D64C7E67} deleted C:\windows\SysNative\Tasks\LaunchSignup deleted C:\END deleted C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\Blijham\Desktop\Search.lnk deleted "C:\Users\Blijham\AppData\Local\{9019BFE9-7006-46D8-B11F-FB38795A7A73}" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4091 MB CPU Info: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz CPU Speed: 1843.0 MHz Sound Card: Speakers (Conexant High Definit | SPDIF Interface (Conexant High | Display Adapters: NVIDIA GeForce G 105M | NVIDIA GeForce G 105M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Broadcom NetLink (TM) Gigabit Ethernet | Atheros AR5B93 Wireless Network Adapter CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW TS-L633C Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 286.3GB Hard Disks - Free: C: 103.9GB Manufacturer *: Phoenix Technologies LTD BIOS Info: AT/AT COMPATIBLE | 10/25/09 | ACRSYS - 6040000 Time Zone: West-Europa (standaardtijd) Motherboard *: Packard Bell SJV50MV Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 40.0.2214.115 Internet Explorer Version: 11.0.9600.17633 Google Chrome version: 40.0.2214.115 Adobe Reader version: 9.5.5.316 Sun Java version: 1.7.0_71 (32-bit) Shockwave Player version: 11.6r626 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Blijham\AppData\Local\Temp ==== 2015-03-07 08:53:58 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\libiconv2.dll 2015-03-07 08:53:58 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\libintl3.dll 2015-03-07 08:53:58 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\pcre3.dll 2015-03-07 08:53:58 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\regex2.dll 2015-03-06 07:17:13 F46AAC7D589C79C2F9E9C22230D3EC69 96288 ----a-w- C:\Users\Blijham\AppData\Local\Temp\cct.dll 2015-03-06 07:17:13 A4D4D41FB72604E729E78F595262771D 280984 ----a-w- C:\Users\Blijham\AppData\Local\Temp\JavaIC.dll 2015-03-06 07:17:13 69809CDCF1F94CE88ECFF73E59CC540B 331488 ----a-w- C:\Users\Blijham\AppData\Local\Temp\msscct32.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-03-06 12:00:13 FB6CA5DB39A1CE1A937EF8C310E50EB7 16122344 ----a-w- C:\Windows\SysWOW64\nvwgf2um.dll 2015-03-06 12:00:07 4D6F7551FB12933266F6E1BBEA4E453A 11283344 ----a-w- C:\Windows\SysWOW64\nvopencl.dll 2015-03-06 12:00:05 3FF8A77AA2A15EED5407DD743A1421B4 24196896 ----a-w- C:\Windows\SysWOW64\nvoglv32.dll 2015-03-06 12:00:00 772574C6F76CE4B05B218AB7D79013F6 907096 ----a-w- C:\Windows\SysWOW64\NvIFR.dll 2015-03-06 11:59:59 9612B7E76DEFD8CB389298F36888B813 869152 ----a-w- C:\Windows\SysWOW64\NvFBC.dll 2015-03-06 11:59:54 81824D6C7CE97C546F782004D165A3D5 3989960 ----a-w- C:\Windows\SysWOW64\nvcuvid.dll 2015-03-06 11:59:53 3E138A354D89E1A93B3BE628AE8A59E4 11222048 ----a-w- C:\Windows\SysWOW64\nvcuda.dll 2015-03-06 11:59:47 6115718AF9E1C6CF5F15F9B9E3B6C927 15294296 ----a-w- C:\Windows\SysWOW64\nvcompiler.dll 2015-03-06 11:59:45 B76EDB073E28A340485F5C2808A0CE8D 2814656 ----a-w- C:\Windows\SysWOW64\nvapi.dll 2015-03-03 19:50:59 DDE994E9159497D0D5AB2CDF66D1EAD6 76800 ----a-w- C:\Windows\SysWOW64\wdi.dll 2015-02-28 07:22:00 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\SysWOW64\locale.nls ====== C:\Windows\SysWOW64\drivers ===== 2015-03-06 11:45:44 E5805896A55D4166C20F216249F40FA3 26528 ----a-w- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS ====== C:\Windows\Sysnative ===== 2015-03-07 11:25:01 07FB08A3B425083D0CE5424B0131E5C7 364392 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT 2015-03-06 13:46:44 4D5D8058F17C873B4F0792678BAA6534 34080 ----a-w- C:\Windows\Sysnative\SmartDefragBootTime.exe 2015-03-06 13:46:14 84E8B979BBBDD23AD84E88FD12236306 128288 ----a-w- C:\Windows\Sysnative\IObitSmartDefragExtension.dll 2015-03-06 12:03:23 B55FA6AD6C4A74AFC85433490E97C0DE 3826628 ----a-w- C:\Windows\Sysnative\nvcoproc.bin 2015-03-06 12:00:09 F604AE1332421138D469435379C941F0 13922752 ----a-w- C:\Windows\Sysnative\nvopencl.dll 2015-03-06 12:00:06 8E8C648748CEE5DEE4EB67B72873C8CE 31512520 ----a-w- C:\Windows\Sysnative\nvoglv64.dll 2015-03-06 12:00:01 D3FD99DBAD44F786331A21C7DB4FC6A7 26353 ----a-w- C:\Windows\Sysnative\nvinfo.pb 2015-03-06 12:00:00 5D0CB01028819025524E463781CD5791 944928 ----a-w- C:\Windows\Sysnative\NvIFR64.dll 2015-03-06 11:59:59 A5FA73A696788810DBA88E4100BD9E66 903624 ----a-w- C:\Windows\Sysnative\NvFBC64.dll 2015-03-06 11:59:57 6670FCA907690044166597B2A4AFAD3D 1539928 ----a-w- C:\Windows\Sysnative\nvdispgenco6434052.dll 2015-03-06 11:59:57 3166E2388D12BD4050F757644D608F34 1890080 ----a-w- C:\Windows\Sysnative\nvdispco6434052.dll 2015-03-06 11:59:56 61A6B8949D013C7494CF0F94A1215682 17555104 ----a-w- C:\Windows\Sysnative\nvd3dumx.dll 2015-03-06 11:59:55 F015F1DDBDC95B334355CADC2D1F4E46 4247000 ----a-w- C:\Windows\Sysnative\nvcuvid.dll 2015-03-06 11:59:53 DDDE661AD6D0D2E16FF87CE267469C07 13835208 ----a-w- C:\Windows\Sysnative\nvcuda.dll 2015-03-06 11:59:46 EF6A1FA396C854B4F6B9A22C0C988DCF 22994208 ----a-w- C:\Windows\Sysnative\nvcompiler.dll 2015-03-06 11:58:35 DF2393DCDA345251F6CC0F59D5AE6DBF 31520 ----a-w- C:\Windows\Sysnative\nvhdap64.dll 2015-03-06 11:58:34 1675579489A3CC59B0A2ED3C1514E883 74016 ----a-w- C:\Windows\Sysnative\nvapo64v.dll 2015-03-06 11:57:45 D10864C1730172780C2D4BE633B9220A 1795952 ----a-w- C:\Windows\Sysnative\WdfCoInstaller01011.dll 2015-03-03 19:50:59 D713D6446DDBB474D801F361B4B186EA 950272 ----a-w- C:\Windows\Sysnative\perftrack.dll 2015-03-03 19:50:59 C6F7473B55510F0B93961DA03D8E3B38 91136 ----a-w- C:\Windows\Sysnative\wdi.dll 2015-03-03 19:50:59 AA7079AD52B8BFBAE94167D54C32F84F 29696 ----a-w- C:\Windows\Sysnative\powertracker.dll 2015-02-28 07:22:00 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\Sysnative\locale.nls ====== C:\Windows\Sysnative\drivers ===== 2015-03-06 12:00:01 2232AE1BB51A96A7381A2CA17DF12E24 12866008 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys 2015-03-06 11:58:35 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Windows\Sysnative\drivers\nvhda64v.sys 2015-03-06 11:58:16 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2015-03-06 11:57:11 B6EBAD9D72DA681E1976AD51DE1B73F5 34544 ----a-w- C:\Windows\Sysnative\drivers\Smb_driver_Intel.sys 2015-03-06 11:56:33 6EEB253FABF511192D05841B47A15FF9 458960 ----a-w- C:\Windows\Sysnative\drivers\k57nd60a.sys 2015-02-11 07:32:37 E45CDE1C8340DFEDF1D6724263F39E5B 458824 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2015-02-11 07:32:36 C60C6B9A2E50B0404F6789C62B428C03 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-02-11 07:32:36 78D152A9FD5747FF6AA89C79F0346F62 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== 2015-03-06 11:45:49 AEDB9A49FD986B399F6EE92F20D785AB 2858 ----a-w- C:\Windows\Sysnative\Tasks\Driver Booster SkipUAC (Blijham) 2015-03-06 11:45:14 AD7A960EBBA89AD2F9648FA1526C16D8 2912 ----a-w- C:\Windows\Sysnative\Tasks\Uninstaller_SkipUac_Blijham ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-03-07 16:05:52 -------- d-----w- C:\Program Files\trend micro 2015-03-06 11:58:12 -------- d-----w- C:\Program Files\Synaptics ======= C:\PROGRA~2 ===== 2015-03-06 11:44:36 -------- d-----w- C:\PROGRA~2\COMMON~1\IObit 2015-03-06 11:44:14 -------- d-----w- C:\PROGRA~2\IObit ======= C: ===== ====== C:\Users\Blijham\AppData\Roaming ====== 2015-03-07 11:25:57 A382ADA96B4886562DE6383631E0DA46 96336 ----a-w- C:\Users\Blijham\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-07 09:36:19 -------- d-----w- C:\Users\Blijham\AppData\Local\F-Secure 2015-03-06 12:38:46 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\IObit 2015-03-06 11:45:10 -------- d-----w- C:\Users\Blijham\AppData\Roaming\Apple Computer 2015-03-06 11:44:43 -------- d-----w- C:\Users\Blijham\AppData\Locallow\IObit 2015-03-06 11:44:11 -------- d-----w- C:\Users\Blijham\AppData\Roaming\IObit 2015-02-14 08:00:30 -------- d-----w- C:\Users\Blijham\AppData\Roaming\uTorrent ====== C:\Users\Blijham ====== 2015-03-07 16:07:53 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Blijham\Downloads\RSITx64 (2).exe 2015-03-07 16:06:45 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Blijham\Downloads\RSITx64 (1).exe 2015-03-07 16:04:41 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Blijham\Downloads\RSITx64.exe 2015-03-07 09:36:19 -------- d-----w- C:\ProgramData\F-Secure 2015-03-06 19:06:01 -------- d-----w- C:\Users\Blijham\Start Menu 2015-03-06 14:38:18 68AF0DEBC5CDFD53095F22A300E1FF33 39739064 ----a-w- C:\Users\Blijham\Downloads\Windows-KB890830-x64-V5.21.exe 2015-03-06 12:02:26 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2015-03-06 11:44:36 -------- d-----w- C:\ProgramData\IObit 2015-03-06 07:28:38 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\Blijham\Downloads\mbam-setup-2.0.4.1028.exe ====== C: exe-files == 2015-03-07 16:07:53 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Blijham\Downloads\RSITx64 (2).exe 2015-03-07 16:06:45 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Blijham\Downloads\RSITx64 (1).exe 2015-03-07 16:05:53 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Blijham.exe 2015-03-07 16:04:41 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Blijham\Downloads\RSITx64.exe 2015-03-07 09:36:19 A4DC16D3794BA39FBBACE5FF9BDFF14F 4960704 ----a-w- C:\Users\Blijham\AppData\Local\F-Secure\stubdl\ziggoonlinescanner.exe 2015-03-06 14:38:18 68AF0DEBC5CDFD53095F22A300E1FF33 39739064 ----a-w- C:\Users\Blijham\Downloads\Windows-KB890830-x64-V5.21.exe 2015-03-06 14:08:41 28CA7D1BB9FBFCA2B529D885E61491D8 933664 ----a-w- C:\Users\Blijham\AppData\Roaming\IObit\IObit Uninstaller\PPUninstallertemp.exe 2015-03-06 14:08:39 D950F6C1C056BD7CE1BF461CFA3137EB 776992 ----a-w- C:\Users\Blijham\AppData\Roaming\IObit\IObit Uninstaller\UninstallDisplaytemp.exe 2015-03-06 14:08:39 83B208F0FC5015586E23AFD04ECD72C5 1824032 ----a-w- C:\Users\Blijham\AppData\Roaming\IObit\IObit Uninstaller\UninstallPromotetemp.exe 2015-03-06 14:08:37 5D2AF40D165791C24C28DB24D1AE086E 588576 ----a-w- C:\Users\Blijham\AppData\Roaming\IObit\IObit Uninstaller\Install_PintoStartMenutemp.exe 2015-03-06 13:46:44 4D5D8058F17C873B4F0792678BAA6534 34080 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe 2015-03-06 13:45:32 C66C3AEF4073303F2483BF5AC4A72B6A 7959184 ----a-w- C:\ProgramData\IObit\ASCDownloader\ASC8\Smart Defrag 3.exe 2015-03-06 13:45:18 F65796D1361A609A05015A18F1A06ACF 27767920 ----a-w- C:\ProgramData\IObit\ASCDownloader\ASC8\IObit Malware Fighter.exe 2015-03-06 12:03:54 FF1D400BC82C8DBB7C51556B3F979A04 413472 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{68479CCA-90E5-4849-B734-2BF563774296}\setup.exe 2015-03-06 12:03:23 A9004AE582ED6FD7A7CED3B21479B564 3424728 ----a-w- C:\Program Files\NVIDIA Corporation\Control Panel Client\NvGpuUtilization.exe 2015-03-06 12:03:23 92204560799E8D7BA38CE2FC3520C6AC 2448160 ----a-w- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 2015-03-06 12:03:23 895191100DF3C0D675D2937604423CDF 6866264 ----a-w- C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe 2015-03-06 12:03:23 4003EDA23E7A9C2991E78E77A8C1C3D1 62296 ----a-w- C:\Program Files\NVIDIA Corporation\Display\nvsmartmaxapp.exe 2015-03-06 12:03:23 3D30F92FF480015CE585FF93D20ADFE6 63264 ----a-w- C:\Program Files\NVIDIA Corporation\Display\nvsmartmaxapp64.exe 2015-03-06 12:03:23 1B9BDC1A7BDF9DD585EAE2EBC817A636 1203656 ----a-w- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 2015-03-06 12:03:15 FF1D400BC82C8DBB7C51556B3F979A04 413472 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{31AD676E-F9D6-4DED-8B04-D69794D579AB}\setup.exe 2015-03-06 12:02:38 869EB4AF9C510FEB3445BCAB3D578E08 404768 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{AFB04B12-A6BB-4604-91BC-8AC868B21157}\setup.exe 2015-03-06 12:00:00 AFCB7E123130A9A7F81385877C2C3220 338776 ----a-w- C:\Program Files\NVIDIA Corporation\NVSMI\nvidia-smi.exe 2015-03-06 11:59:57 A52151126AD90BFA1A288AD3FB62C127 229320 ----a-w- C:\Program Files\NVIDIA Corporation\NVSMI\nvdebugdump.exe 2015-03-06 11:59:45 2389B4628E5A3F52EAD40A7DCC385B3F 842528 ----a-w- C:\Program Files\NVIDIA Corporation\NVSMI\MCU.exe 2015-03-06 11:59:44 583D93BDCCAB390ED24EC2684B806CE7 441120 ----a-w- C:\Program Files\NVIDIA Corporation\Drs\dbInstaller.exe 2015-03-06 11:59:08 869EB4AF9C510FEB3445BCAB3D578E08 404768 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{60ACA6CE-2700-458C-BCB0-1552B6AE83D2}\setup.exe 2015-03-06 11:58:59 869EB4AF9C510FEB3445BCAB3D578E08 404768 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\installer.{2660ABCC-C638-44AB-9AC4-D6FE694ED4DE}\setup.exe 2015-03-06 11:44:53 449751F4C1ECAE6E649BFF6C5AAA6E52 10604648 ----a-w- C:\ProgramData\IObit\ASCDownloader\ASC8\Driver Booster.exe 2015-03-06 07:28:38 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\Blijham\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-04 06:14:44 7C83E887E8DFD5FEA0E06D7116B99360 1742928 ----a-w- C:\Users\Blijham\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe === C: other files == 2015-03-07 08:53:56 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\prelim.bat 2015-03-07 08:53:56 E49F9C309DC32E854A081507B89EBE39 11201 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\runvalues.bat 2015-03-07 08:53:56 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\TDL4.bat 2015-03-07 08:53:56 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\medfos.bat 2015-03-07 08:53:56 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\surfvox.bat 2015-03-07 08:53:56 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\searchlnk.bat 2015-03-07 08:53:56 883C768ADFD65F6C4968BD852B8D45E5 14924 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\get.bat 2015-03-07 08:53:56 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\firefox.bat 2015-03-07 08:53:56 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\ev_clear.bat 2015-03-07 08:53:56 56CE326F6AAE3CF1709D332C04E8F9F1 191237 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\misc.bat 2015-03-07 08:53:56 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\ask.bat 2015-03-07 08:53:56 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\iexplore.bat 2015-03-07 08:53:56 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\delfolders.bat 2015-03-07 08:53:56 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\mws.bat 2015-03-07 08:53:56 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\Blijham\AppData\Local\Temp\jrt\chrome.bat 2015-03-06 14:10:45 1C3421007C7227865AD82AA6FBCBA08C 103 ----a-w- C:\Users\Blijham\AppData\Local\Temp\utt455.tmp.bat 2015-03-06 14:10:33 F2F18BC5529FFD6B9B22B18972E10202 68 ----a-w- C:\Users\Blijham\AppData\Local\Temp\HYDD46F.tmp.1425651033\HTA\install.1425651033.zip 2015-03-06 14:10:23 F2F18BC5529FFD6B9B22B18972E10202 68 ----a-w- C:\Users\Blijham\AppData\Local\Temp\HYDADEB.tmp.1425651023\HTA\install.1425651023.zip 2015-03-06 12:00:01 2232AE1BB51A96A7381A2CA17DF12E24 12866008 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys 2015-03-06 11:58:35 E366A5681C50785D4ED04FCFD65C3415 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2015-03-06 11:57:11 B6EBAD9D72DA681E1976AD51DE1B73F5 34544 ----a-w- C:\Windows\System32\drivers\Smb_driver_Intel.sys 2015-03-06 11:56:33 6EEB253FABF511192D05841B47A15FF9 458960 ----a-w- C:\Windows\System32\drivers\k57nd60a.sys 2015-03-06 11:45:44 E5805896A55D4166C20F216249F40FA3 26528 ----a-w- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS ======== System Restore Points ======== RP737: 17-2-2015 20:42:25 - Windows Update RP738: 21-2-2015 9:01:11 - Windows Update RP739: 27-2-2015 15:35:59 - Windows Update RP740: 28-2-2015 8:21:35 - Windows Update RP741: 3-3-2015 21:00:15 - Windows Update RP742: 4-3-2015 6:56:19 - Windows Update RP743: 6-3-2015 12:52:03 - Driver Booster : Broadcom NetLink (TM) Gigabit Ethernet RP744: 7-3-2015 8:41:06 - Windows Update RP745: 7-3-2015 11:20:57 - F-Secure malware removal RP746: 7-3-2015 19:04:36 - zoek.exe restore point ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1057498486-3272655960-1594907610-1001\Software\Microsoft\Windows\CurrentVersion\Run] "HP Officejet 6600 (NET)"="C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe -deviceID CN29H4KH7R05RN:NW -scfn HP Officejet 6600 (NET) -AutoStart 1" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "BackupManagerTray"="C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe -h -k" "Camera Assistant Software"="C:\Program Files (x86)\Video Web Camera\traybar.exe" "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "RemoteControl8"="c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Reader Application Helper"="C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "HP Officejet 6600 (NET)"="C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe -deviceID CN29H4KH7R05RN:NW -scfn HP Officejet 6600 (NET) -AutoStart 1" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Users\\Blijham\\AppData\\Local\\Smartbar\\Application\\Resources\\crdlil.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" "cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "Acer ePower Management"="C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\Users\\Blijham\\AppData\\Local\\Smartbar\\Application\\Resources\\crdlil64.dll" ==== Startup Folders ====================== 2013-01-10 19:06:25 1920 ----a-w- C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Officejet 6600 (netwerk).lnk 2010-01-16 14:16:12 2015 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04-02-2015 20:37] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-10-2014 06:10] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21-10-2014 06:10] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\0" [c:\program files (x86)\internet explorer\iexplore.exe] "C:\Windows\SysNative\tasks\4876" [wscript.exe C:\Users\Blijham\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Blijham)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\hpUrlLauncher.exe_{4FB4ED47-D9D6-4624-BED2-C4580A0B8772}" [C:\Program Files\HP\HP Officejet 6600\Bin\utils\hpUrlLauncher.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\Start Registry Reviver" [C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe] "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Blijham" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\SysNative\tasks\Recovery Management\Burn Notification" [C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Notification.exe] ==== Firefox Extensions ====================== ExtDir: C:\Users\Blijham\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi ==== Firefox Plugins ====================== ==== Deleted Firefox Extensions ====================== C:\Users\Blijham\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\trtv3@trtv.com.xpi deleted ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.115 (Possible outdated, latest Stable version: 41.0.2272.76) Google Slides - Blijham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Blijham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Blijham\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Blijham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Blijham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Blijham\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Default-Search_IM - Blijham\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdollibnabgdadlcijhlcgkhepfeggh Google Wallet - Blijham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Blijham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Blijham\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal deleted successfully C:\Users\Blijham\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdollibnabgdadlcijhlcgkhepfeggh deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://tikotin.com" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com" "Start Page Redirect Cache"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com" "Start Page Redirect Cache"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\Users\Blijham\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Blijham\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1057498486-3272655960-1594907610-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Blijham\Desktop\Mahjongg.lnk - C:\Users\Blijham\Documents\MAHJONGG ANCIENT MAYAS NL 2Lions-Team\MahjonggAncientMayas_og.exe C:\Users\Blijham\Desktop\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Photoshop Elements 7.0.lnk - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\Photoshop Elements 7.0.exe C:\Users\Public\Desktop\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\CollageIt.lnk - C:\Program Files (x86)\CollageIt\CollageIt.exe C:\Users\Public\Desktop\Dolby Setting.lnk - C:\Program Files (x86)\CONEXANT\CDShortCut\CDShortCut.exe C:\Users\Public\Desktop\Fotoshow.lnk - C:\Program Files\Fotoservice\Kruidvat fotoservice\Fotoshow.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://tikotin.com --use-spdy=off C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk - C:\Program Files (x86)\HP\HP Officejet 6600\ePrintCenterShortcut.url C:\Users\Public\Desktop\HP Officejet 6600.lnk - C:\Program Files (x86)\HP\HP Officejet 6600\Bin\HP Officejet 6600.exe C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe C:\Users\Public\Desktop\Kruidvat fotoservice.lnk - C:\Program Files\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe -ScParameter=30002 C:\Users\Public\Desktop\Packard Bell MyBackup.lnk - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManager.exe C:\Users\Public\Desktop\Reader for PC.lnk - C:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe C:\Users\Public\Desktop\User's Guide (Packard Bell InfoCentre).lnk - C:\Program Files (x86)\Packard Bell\InfoCentre\InfoCtr.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Officejet 6600 (netwerk).lnk - C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN29H4KH7R05RN;CONNECTION=NW;MONITOR=1; ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://tikotin.com --use-spdy=off C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kruidvat fotoservice\Fotoshow.lnk - C:\Program Files\Fotoservice\Kruidvat fotoservice\Fotoshow.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kruidvat fotoservice\Kruidvat fotoservice Uninstall.lnk - C:\Program Files\Fotoservice\Kruidvat fotoservice\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kruidvat fotoservice\Kruidvat fotoservice.lnk - C:\Program Files\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe ==== shortcuts in Quick Launch ====================== C:\Users\Blijham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CollageIt.lnk - C:\Program Files (x86)\CollageIt\CollageIt.exe C:\Users\Blijham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Blijham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Blijham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Blijham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Blijham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel.lnk - C:\Windows\Installer\{90280413-6000-11D3-8CFE-0050048383C9}\xlicons.exe C:\Users\Blijham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Blijham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Blijham\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Mail.lnk - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== shortcuts After Repair ====================== C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Uninstall List x64 ====================== @Home Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\@Home Components] 64 Bit HP CIO Components Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}] Acrobat.com [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{287ECFA4-719A-2143-A09B-D6A12DE54E40}] Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A2BCA9F1-566C-4805-97D1-7FDC93386723}] Adobe AIR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR] Adobe Flash Player 16 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Photoshop Elements 7.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5511C07D-A83C-45AD-92B6-42DF99729A3C}] Adobe Photoshop Elements 7.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB6075D9-F912-40AE-BEA6-E590DA24F16B}] Adobe Photoshop Elements 7.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop Elements 7] Adobe Reader 9.5.5 MUI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-A91000000001}] Adobe Shockwave Player 11.6 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player] Advertising Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{b2ec4a38-b545-4a00-8214-13fe0e915e6d}] ALPS Touch Pad Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}] Backup Manager Basic [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{72B776E5-4530-4C4B-9453-751DF87D9D93}] Basissoftware voor HP Officejet 6600 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{73C04D75-ED71-46D7-BF90-32711EFACC69}] Broadcom Gigabit NetLink Controller [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}] CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner] CollageIt 1.9.3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D9757258-30B2-496E-86F2-84920C5858E1}_is1] Conexant HD Audio [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_AUDIO_HDA] CyberLink PowerDVD 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}] CyberLink PowerDVD 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}] D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}] Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Earth [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] HP FWUpdateEDO2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}] HP Officejet 6600 Haelp [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C818BA3A-226F-4ED0-9CEF-96A0DF300211}] HP Photo Creations [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo Creations] HP Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}] I.R.I.S. OCR [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}] Identity Card [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Identity Card] ImagXpress [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}] Intel© Matrix Storage Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}] Java 7 Update 71 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF}] Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}] Kruidvat fotoservice [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kruidvat fotoservice] Launch Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LManager] Mesh Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}] Messenger Companion [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8142D25E-028A-4563-86ED-5755783C8029}] Microsoft .NET Framework 4.5.1 (Nederlands) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043] Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Antimalware Service NL-NL Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}] Microsoft Office Live Add-in 1.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}] Microsoft Office Suite Activation Assistant [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}] Microsoft Office XP Professional met FrontPage [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90280413-6000-11D3-8CFE-0050048383C9}] Microsoft Security Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{996D32B6-F629-4764-894B-CB24D9C19051}] Microsoft Security Client NL-NL Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DC911ADF-7B60-40F2-A112-FB1EB6402D07}] Microsoft Security Essentials [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}] Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}] Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{071c9b48-7c32-4621-a0ac-3f809523288f}] Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}] Microsoft Works [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}] MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}] MSVCRT_amd64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] MyDriveConnect 3.3.0.1502 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyDriveConnect] Nero 9 Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8ed5c8a6-2aee-40dd-8df4-26cd57921222}] Nero ControlCenter [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}] Nero ControlCenter [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f4041dce-3fe1-4e18-8a9e-9de65231ee36}] Nero DiscSpeed [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{869200db-287a-4dc0-b02b-2b6787fbcd4c}] Nero DiscSpeed Help [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{cc019e3f-59d2-4486-8d4b-878105b62a71}] Nero DriveSpeed [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33cf58f5-48d8-4575-83d6-96f574e4d83a}] Nero DriveSpeed Help [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e5c7d048-f9b4-4219-b323-8bdb01a2563d}] Nero Express Help [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83202942-84b3-4c50-8622-b8c0aa2d2885}] Nero InfoTool [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{fbcdfd61-7dcf-4e71-9226-873ba0053139}] Nero InfoTool Help [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20400dbd-e6db-45b8-9b6b-1dd7033818ec}] Nero Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e8a80433-302b-4ff1-815d-fcc8eac482ff}] Nero Online Upgrade [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{dba84796-8503-4ff0-af57-1747dd9a166d}] Nero StartSmart [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7748ac8c-18e3-43bb-959b-088faea16fb2}] Nero StartSmart Help [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2348b586-c9ae-46ce-936c-a68e9426e214}] Nero StartSmart OEM [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}] NeroExpress [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{595a3116-40bb-4e0f-a2e8-d7951da56270}] neroxml [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}] NetDiag [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NetDiag] NVIDIA-configuratiescherm 340.52 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] NVIDIA Drivers [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers] NVIDIA HD Audio-stuurprogramma 1.3.18.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] NVIDIA PhysX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1C4551A6-4743-4093-91E4-1477CD655043}] Packard Bell InfoCentre [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Packard Bell InfoCentre] Packard Bell MyBackup [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}] Packard Bell Power Management [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3DB0448D-AD82-4923-B305-D001E521A964}] Packard Bell Recovery Management [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F811A54-5A09-4579-90E1-C93498E230D9}] Packard Bell Registration [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Packard Bell Registration] Packard Bell Updater [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}] PackardBell ScreenSaver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PackardBell Screensaver] Photo Editor 1.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PhotoToolkit_is1] Pixum Fotoboek [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pixum Fotoboek] Reader for PC [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}] Realtek USB 2.0 Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{96AE7E41-E34E-47D0-AC07-1091A8127911}] Sibelius Scorch (ActiveX Only) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{868291A4-229E-4795-B0B0-E60E87AF53CD}] Star Defender 4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}] Video Web Camera [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12A1B519-5934-4508-ADBD-335347B0DC87}] Visual Studio 2010 x64 Redistributables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{21B133D6-5979-47F0-BE1C-F6A6B304693F}] Visual Studio 2012 x64 Redistributables [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}] Visual Studio 2012 x86 Redistributables [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}] Visual Studio C++ 10.0 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4412F224-3849-4461-A3E9-DEEF8D252790}] VLC media player 2.0.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player] Welcome Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Packard Bell Welcome Center] Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A07C35B-8384-4DA4-9A95-442B6C89A073}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite] Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}] Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{944E73EF-857E-4F71-9DC4-CD059D7ADDEF}] Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}] Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}] Windows Live Language Selector [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{027E5FAB-1476-4C59-AAB4-32EF28520399}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D588365A-AE39-4F27-BDAE-B4E72C8E900C}] Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C32CE55C-12BA-4951-8797-0967FDEF556F}] Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3F4143A1-9C21-4011-8679-3BC1014C6886}] Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DECDCB7C-58CC-4865-91AF-627F9798FE48}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{48294D95-EE9A-4377-8213-44FC4265FB27}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}] Windows Live Messenger Companion Core [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}] Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA54F80E-261C-41A2-A855-549A144F2F59}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BD262D0-B788-4546-A0A5-F4F56EC3834B}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}] Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}] Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}] Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83C292B7-38A5-440B-A731-07070E81A64F}] Windows Live Remote Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF6D988A-EEA0-4277-AAB8-158E086E439B}] Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C9F05151-95A9-4B9B-B534-1760E2D014A5}] Windows Live Remote Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}] Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}] Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}] Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}] Windows Live Sync [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD19EDD9-1632-4002-9212-7478E4BA0423}] Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7E017923-16F8-4E32-94EF-0A150BD196FE}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}] Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{14B441B7-774D-4170-98EA-A13667AE6218}] WinRAR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver] ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\237AA359BFA99C94484AF769ACA080AD deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FF2528C-11C9-02DA-ECFD-026CD000F264} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7346C3D6-DD82-C6FF-B56A-48E7BF3A6CC9} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83434D71-1D8B-FBEE-DC69-19149784F588} deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kruidvat fotoservice deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\24BEB46CD52B4764BB550499BC271001 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [HP Officejet 6600 (NET)] "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN29H4KH7R05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1 O4 - HKCU\..\Run: [MyDriveConnect.exe] "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Inktwaarschuwingen controleren - HP Officejet 6600 (netwerk).lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\Users\Blijham\AppData\Local\Smartbar\Application\Resources\crdlil.dll O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} HP Officejet 6600 (NET) = "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN29H4KH7R05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1 [Hewlett-Packard Co.] MyDriveConnect.exe = "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" [TomTom] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} IAAnotif = C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [Intel Corporation] cAudioFilterAgent = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [Conexant Systems, Inc.] Apoint = C:\Program Files\Apoint2K\Apoint.exe [Alps Electric Co., Ltd.] Acer ePower Management = C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [Acer Incorporated] MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} Adobe Reader Speed Launcher = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [Adobe Systems Incorporated] BackupManagerTray = "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k [NewTech Infosystems, Inc.] Camera Assistant Software = "C:\Program Files (x86)\Video Web Camera\traybar.exe" [Chicony] LManager = C:\Program Files (x86)\Launch Manager\LManager.exe [Dritek System Inc.] RemoteControl8 = "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [CyberLink Corp.] Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] Reader Application Helper = C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [Sony Corporation] HP Software Update = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [Hewlett-Packard] SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] (Default) = (empty string) [file not found] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office10\msohev.dll [MS] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ <> AppInit_DLLs = C:\Users\Blijham\AppData\Local\Smartbar\Application\Resources\crdlil64.dll [file not found] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\ <> AppInit_DLLs = C:\Users\Blijham\AppData\Local\Smartbar\Application\Resources\crdlil.dll [file not found] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS] ShellConverter\(Default) = {30A4E07E-068A-4d91-8F05-691283A1336B} -> {HKLM...CLSID} = ShellConverter Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll [Online Media Technologies Ltd.] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = c:\PROGRA~1\MICROS~2\shellext.dll [MS] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoActiveDesktopChanges = (REG_DWORD) dword:0x00000000 {not in GPedit.msc under Computer Configuration| Prevent enabling or disabling Active Desktop or changing its configuration} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} DisableTaskMgr = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = c:\windows\system32\PACKAR~1.SCR (PackardBell.scr) [Acer] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AdobePhotoshopElements7ShowPicturesOnArrival\ Provider = Adobe Photoshop Elements 7.0 InvokeProgID = PhotoshopElements.Application.7 InvokeVerb = launch HKLM\SOFTWARE\Classes\PhotoshopElements.Application.7\shell\launch\command\(Default) = "c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PseProxy.exe" -v "%1" [Adobe Systems Incorporated] Fotoimport5-38\ Provider = Fotoimporteerder InvokeProgID = Fotoimport5-38 InvokeVerb = play HKLM\SOFTWARE\Classes\Fotoimport5-38\shell\play\command\(Default) = "C:\Program Files\Fotoservice\Kruidvat fotoservice\Fotoimporteerder.exe" -startDirectory %1 [null data] Fotoschau5-38\ Provider = Fotoshow InvokeProgID = Fotoschau5-38 InvokeVerb = play HKLM\SOFTWARE\Classes\Fotoschau5-38\shell\play\command\(Default) = "C:\Program Files\Fotoservice\Kruidvat fotoservice\Fotoshow.exe" -d %1 [null data] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] NeroAutoPlay9CDAudio\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = CDAudio_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = c:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:AudioCD [Nero AG] NeroAutoPlay9CopyCD\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = CopyCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = c:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy [Nero AG] NeroAutoPlay9DataDisc\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = DataDisc_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = c:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:ISODisc [Nero AG] NeroAutoPlay9LaunchNeroStartSmart\ Provider = Nero StartSmart InvokeProgID = Nero.AutoPlay8 InvokeVerb = LaunchNeroStartSmart_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = c:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe /AutoPlay [Nero AG] PDVD8PlayCDAudioOnArrival\ Provider = PowerDVD 8 InvokeProgID = AudioCD InvokeVerb = PlayWithPowerDVD8 HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD8\Command\(Default) = "c:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe" "%L" [CyberLink Corp.] PDVD8PlayDVDMovieOnArrival\ Provider = PowerDVD 8 InvokeProgID = DVD InvokeVerb = PlayWithPowerDVD8 HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD8\Command\(Default) = "c:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe" "%L" [CyberLink Corp.] PDVD8PlaySVCDOnArrival\ Provider = PowerDVD 8 InvokeProgID = SVCD InvokeVerb = PlayWithPowerDVD8 HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD8\Command\(Default) = "c:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe" "%L" [CyberLink Corp.] PDVD8PlayVCDMovieOnArrival\ Provider = PowerDVD 8 InvokeProgID = VCD InvokeVerb = PlayWithPowerDVD8 HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD8\Command\(Default) = "c:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe" "%L" [CyberLink Corp.] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] Startup items in "Blijham" & "All Users" startup folders: --------------------------------------------------------- C:\Users\Blijham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} Inktwaarschuwingen controleren - HP Officejet 6600 (netwerk) -> shortcut to: C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN29H4KH7R05RN;CONNECTION=NW;MONITOR=1; [MS] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++} Microsoft Office -> shortcut to: C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [MS] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks 0 -> launches: c:\program files (x86)\internet explorer\iexplore.exe [MS] 4876 -> launches: wscript.exe C:\Users\Blijham\AppData\Local\Temp\launchie.vbs //B [MS] Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] Driver Booster SkipUAC (Blijham) -> launches: C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe /skipuac [file not found] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] hpUrlLauncher.exe_{4FB4ED47-D9D6-4624-BED2-C4580A0B8772} -> launches: C:\Program Files\HP\HP Officejet 6600\Bin\utils\hpUrlLauncher.exe https://h30495.www3.hp.com/printers/add?jumpID=in_instKarnak5%2F&cc=nl&modelName=HP%20Officejet%206600&serialNo=CN29H4KH7R&serialNo_Extra=05RN&modelID=CZ155A&serviceID=23010&invitation=no&printerCloudID=8k_dqenvru22zsflcjyeta [Hewlett-Packard Co.] SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe /addGadget [MS] Start Registry Reviver -> launches: C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe -autorun [file not found] Uninstaller_SkipUac_Blijham -> launches: C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer [file not found] {5D5FCF7C-7D71-4592-A648-38DB062B9602} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Blijham\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=tugs [MS] {77E692A8-22D3-40C2-B391-FA0D8011EDA3} -> launches: C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S [MS] {7F6296D0-2BEB-49F9-93F9-59E6453CB9B3} -> launches: C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ [MS] C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware Microsoft Antimalware Scheduled Scan -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS] MpIdleTask -> launches: c:\Program Files\Microsoft Security Client\MpCmdRun.exe -IdleTask -TaskName MpIdleTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS] LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS] Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\Recovery Management Burn Notification -> launches: C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Notification.exe [null data] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-1057498486-3272655960-1594907610-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {0000036B-C524-4050-81A0-243669A86B9F}\ ButtonText = @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 CLSIDExtension = {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} -> {HKLM...Wow...CLSID} = Windows Live Messenger Companion Command Bar Button \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [MS] {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Acer ePower Service, ePowerSvc, C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [Acer Incorporated] Adobe Active File Monitor V7, AdobeActiveFileMonitor7.0, c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [Adobe Systems Incorporated] GRegService, Greg_Service, C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [Acer Incorporated] Intel(R) Matrix Storage Event Monitor, IAANTMON, C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [Intel Corporation] Microsoft Antimalware Service, MsMpSvc, "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS] Microsoft Netwerkinspectie, NisSrv, "c:\Program Files\Microsoft Security Client\NisSrv.exe" [MS] NTI IScheduleSvc, NTI IScheduleSvc, C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [NewTech Infosystems, Inc.] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] Updater Service, Updater Service, C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [Acer] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> MsMpSvc, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> MsMpSvc, Service <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ HP 5D12 Status Monitor\Driver = hpinksts5D12LM.dll [Hewlett-Packard Co.] HP Discovery Port Monitor (HP Officejet 6600)\Driver = HPDiscoPM5D12.dll [Hewlett-Packard Co.] LIDIL hpzlllhn\Driver = hpzlllhn.dll [Hewlett-Packard Company] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Blijham\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Blijham\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=70 folders=37 7239323 bytes) ==== Empty Temp Folders ====================== C:\Users\Blijham\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Blijham\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 07-03-2015 at 19:40:49,81 ======================