Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by Ken_Els on wo 22-04-2015 at 10:09:55,87. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ken_Els\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 22-4-2015 10:15:21 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\MSXML 4.0 deleted successfully C:\Users\Els\AppData\Roaming\Apple Computer deleted successfully C:\Users\Ken_Els\AppData\Local\Adobe deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Aangifte inkomstenbelasting voor ondernemers 2014 ABCexplorer 1.6.1 Adobe Digital Editions 4.0 Adobe Reader XI (11.0.10) - Nederlands Adobe Refresh Manager Apple Application Support (32-bit) Apple Mobile Device Support Apple Software Update Avast Free Antivirus Bonjour Canon MP Navigator EX 2.0 Canon Utilities Solution Menu CanoScan LiDE 100 Scanner Driver D3DX10 FILEminimizer Pictures GNU Ghostscript 7.06 GNU Ghostscript Fonts Google Chrome Google Update Helper Google+ Auto Backup Inkjet Printer/Scanner Extended Survey Program iTunes Java 8 Update 45 Java Auto Updater Kobo Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Communicator 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Movie Maker Mozilla Maintenance Service Mozilla Thunderbird 31.6.0 (x86 en-US) MSVCRT MSVCRT110 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) neroxml NVIDIA-configuratiescherm 307.83 NVIDIA Grafisch stuurprogramma 307.83 NVIDIA Install Application NVIDIA Update 1.10.8 NVIDIA Update Components Photo Common Photo Gallery Picasa 3 QuickTime 7 Secure Download Manager Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft .NET Framework 4.5.1 (KB3037581) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2984939) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2956106) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965210) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2956103) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2899580) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2965284) 32-Bit Edition Spybot - Search & Destroy SpywareBlaster 5.0 Thomson TG122n Utility ThreeShipsPluginSetup Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2965207) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) VCRedistSetup Verzoek of wijziging voorlopige aanslag 2015 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WMA 9 Lossless to PCM Conversion Tool ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files\Thomson\TG122n\WlanWpsSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Thomson\TG122n\WlanCU.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\DllHost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe C:\Program Files\Spybot - Search & Destroy 2\SDSettings.exe C:\Users\Ken_Els\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Package Cache deleted C:\Users\Els\AppData\Local\Wondershare deleted C:\Users\Ken\AppData\Local\Wondershare deleted C:\Users\Ken\AppData\Local\CrashRpt deleted C:\Users\Ken_Els\AppData\Local\Wondershare deleted C:\Users\Ken_Els\AppData\Local\CrashRpt deleted C:\Windows\system32\config\systemprofile\Searches deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted "C:\Program Files\Common Files\Wondershare" deleted "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact" deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601) Memory (RAM): 2815 MB CPU Info: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz CPU Speed: 2197,6 MHz Sound Card: Luidsprekers (High Definition A | Display Adapters: NVIDIA GeForce 7100 / NVIDIA nForce 630i | NVIDIA GeForce 7100 / NVIDIA nForce 630i | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1280 X 1024 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter | NVIDIA nForce-netwerkcontroller CD / DVD Drives: 1x (D: | ) D: Optiarc DVD RW AD-7200S Ports: COM1 LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 149,0GB | E: 1397,3GB Hard Disks - Free: C: 44,3GB | E: 392,7GB Manufacturer *: FUJITSU SIEMENS // Phoenix Technologies Ltd. BIOS Info: AT/AT COMPATIBLE | 05/09/08 | FSC - 60000 Time Zone: West-Europa (standaardtijd) Motherboard *: FUJITSU SIEMENS D2740-A2 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Spybot - Search and Destroy disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Default Browser: Google Chrome 42.0.2311.90 Internet Explorer Version: 11.0.9600.17728 Google Chrome version: 42.0.2311.90 Adobe Reader version: 11.0.10.32 Sun Java version: 1.8.0_45 (32-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-04-10 16:12:47 29968EDF8EF795F91DD35A61988CC40C 43112 ----a-w- C:\Windows\avastSS.scr ====== C:\Users\Ken_Els\AppData\Local\Temp ==== 2015-04-21 08:55:26 EB3F8534322D883F4A61274210551662 43008 ----a-w- C:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyolyup.dll 2015-04-17 07:35:32 B0E2B7813094940E791B0D6123E782D8 562088 ----a-w- C:\Users\Ken\AppData\Local\Temp\jre-8u45-windows-au.exe 2015-04-09 08:02:48 E74E9B5F3C8803A34AB976836CECFE43 68096 ----a-w- C:\Users\Ken\AppData\Local\Temp\nsc11FC.tmp\DropboxNSISTools.dll 2015-04-09 08:02:17 B3A836DD11F71A1FEFC9F7BAE0E5D355 30208 ----a-w- C:\Users\Ken\AppData\Local\Temp\nsc11FC.tmp\UAC.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-04-15 20:01:25 DA5B856A037872BE089CA6967C7050C5 1237504 ----a-w- C:\Windows\System32\msxml3.dll 2015-04-15 20:01:25 78492CF3C3697FB5AF4EAABB2BAF8595 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2015-04-15 14:02:35 172D2960EF38795D2819A35268672F3D 305152 ----a-w- C:\Windows\System32\gdi32.dll 2015-04-15 14:02:34 33A60554882FDF59CDA3E1806370BBA1 249784 ----a-w- C:\Windows\System32\clfs.sys 2015-04-15 14:02:33 D824C1C235349B67E652A5CA70D1AA49 58880 ----a-w- C:\Windows\System32\clfsw32.dll 2015-04-15 14:02:16 76F800C6046B439799C3A4120A0B398A 576000 ----a-w- C:\Windows\System32\generaltel.dll 2015-04-15 14:02:16 5F823C55FB9761F1236AF48DFF630353 860160 ----a-w- C:\Windows\System32\appraiser.dll 2015-04-15 14:02:15 E51E2C5EED4CE667D2CF06E56AC6FF1C 896000 ----a-w- C:\Windows\System32\aeinv.dll 2015-04-15 14:02:15 98F09936B1C397987268D6F2F3D869DB 26112 ----a-w- C:\Windows\System32\acmigration.dll 2015-04-15 14:02:15 90D6FA9DB9502FC992D260DE4CB944C7 331264 ----a-w- C:\Windows\System32\devinv.dll 2015-04-15 14:02:15 896850F7D6E6E95DC5BE0F192E05CD0E 202752 ----a-w- C:\Windows\System32\aepdu.dll 2015-04-15 14:02:15 87D7FF1217B32CD069DAF079686F43AE 630784 ----a-w- C:\Windows\System32\invagent.dll 2015-04-15 14:02:14 EF63EDC07D444AC4B6E88CA6E2841737 159744 ----a-w- C:\Windows\System32\aepic.dll 2015-04-15 14:01:51 2E5F8CB2EDB36F404D0111471D934B70 1306112 ----a-w- C:\Windows\System32\ntdll.dll 2015-04-15 14:01:51 11896E75E1A118ABFAD126BEB650A189 3920824 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-04-15 14:01:49 A6A644BFAE31F111F35F8C3C7BA2A8A0 3976632 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2015-04-15 14:01:48 DB7CFA08957C94F6CFAA0DBB8BE4B906 550912 ----a-w- C:\Windows\System32\kerberos.dll 2015-04-15 14:01:48 CC1253300191D95BD97DFAFEFF2DF448 1061376 ----a-w- C:\Windows\System32\lsasrv.dll 2015-04-15 14:01:48 BC09159AFF6639DB2CB28058731199F0 248832 ----a-w- C:\Windows\System32\schannel.dll 2015-04-15 14:01:48 56977F27A96383E2A6C8BACEFC17E9CA 259584 ----a-w- C:\Windows\System32\msv1_0.dll 2015-04-15 14:01:48 4611A40E1A94E6EBE9885EA609F3D13E 400896 ----a-w- C:\Windows\System32\srcore.dll 2015-04-15 14:01:48 0C01746013943D7E7EE86B920ADFB50D 262656 ----a-w- C:\Windows\System32\rstrui.exe 2015-04-15 14:01:47 FFE76FCFE98544EAD36591569E6E31AD 15872 ----a-w- C:\Windows\System32\sspisrv.dll 2015-04-15 14:01:47 C557EB6CD735B4EE5076EA289B02CEAC 6656 ----a-w- C:\Windows\System32\apisetschema.dll 2015-04-15 14:01:47 C0693456929F40833B9CC36C9CF7E3A8 146432 ----a-w- C:\Windows\System32\msaudite.dll 2015-04-15 14:01:47 B68B44D003D3FF5E245F6B3761496082 38912 ----a-w- C:\Windows\System32\csrsrv.dll 2015-04-15 14:01:47 A169307F0105183092F2AEDA9A8BD15D 43008 ----a-w- C:\Windows\System32\srclient.dll 2015-04-15 14:01:47 A057B61F8A553F6DA38563597FA3676B 65536 ----a-w- C:\Windows\System32\TSpkg.dll 2015-04-15 14:01:47 981CE3E3A653511799F4A862494B66A8 22528 ----a-w- C:\Windows\System32\lsass.exe 2015-04-15 14:01:47 6F8CEB8115737D2E049804B191AE41A9 50176 ----a-w- C:\Windows\System32\auditpol.exe 2015-04-15 14:01:47 6A9FFEF19C4F8F2E9082A50BB07ECDF1 22016 ----a-w- C:\Windows\System32\secur32.dll 2015-04-15 14:01:47 655C88135254C78E6FB66B6C2F6AC5DA 172032 ----a-w- C:\Windows\System32\wdigest.dll 2015-04-15 14:01:47 4B21D227B191A6305087BDD6BB19220F 60416 ----a-w- C:\Windows\System32\msobjs.dll 2015-04-15 14:01:47 485436C2A90318218777401FB973558C 69632 ----a-w- C:\Windows\System32\smss.exe 2015-04-15 14:01:47 47A1F23EE40C2389FCD53E9D5CEA3430 17408 ----a-w- C:\Windows\System32\credssp.dll 2015-04-15 14:01:47 2E0F849B7BF17969E45881FA4EB9B487 686080 ----a-w- C:\Windows\System32\adtschema.dll 2015-04-15 14:01:47 2DE438AE95C59FB33B3E4E34827C1100 221184 ----a-w- C:\Windows\System32\ncrypt.dll 2015-04-15 14:01:47 10214DD52E67433BEF72E1D75AE0F32F 100352 ----a-w- C:\Windows\System32\sspicli.dll 2015-04-15 14:01:32 D9E187C07D2E847B38A07EEDD4CC7967 685568 ----a-w- C:\Windows\System32\ie4uinit.exe 2015-04-15 14:01:32 BA897AB3BC3DBC25829946EBA487496C 30720 ----a-w- C:\Windows\System32\iernonce.dll 2015-04-15 14:01:32 9A2B138118A27A2EB3FE71EDB55ED142 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe 2015-04-15 14:01:32 92CF8BC1B198C01CDC55A1A91E510700 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2015-04-15 14:01:32 8CD57250F538CFFA0D5DCA9773AEDCAB 47616 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2015-04-15 14:01:31 EEC060949BC1863A30F72EB28D2C1E2F 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2015-04-15 14:01:31 89CACDF654626F1948BF6C19A6D610BE 342704 ----a-w- C:\Windows\System32\iedkcs32.dll 2015-04-15 14:01:31 8127C2EE2E287BB3AB7843F9923B62BD 1311232 ----a-w- C:\Windows\System32\urlmon.dll 2015-04-15 14:01:30 EC442CB6F2D08F4FAA6BA68A23B82383 689152 ----a-w- C:\Windows\System32\msfeeds.dll 2015-04-15 14:01:30 CA4F96D21BEF43DE9407210CFF76FCEA 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2015-04-15 14:01:30 B7BFB7C2970DF5E779FF729C037BD8E4 115712 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-04-15 14:01:30 A305BEDA0CD8304102BFBBA0EB2A48CA 620032 ----a-w- C:\Windows\System32\jscript9diag.dll 2015-04-15 14:01:30 2B5DD86A4B6E92E5A79C479C0652E727 418304 ----a-w- C:\Windows\System32\dxtmsft.dll 2015-04-15 14:01:30 1DFA1B4968C4E9E23CD6E68AF9CC063F 47104 ----a-w- C:\Windows\System32\jsproxy.dll 2015-04-15 14:01:30 01C2BB4C13E6E0AF50867BCE8EE8A03E 710144 ----a-w- C:\Windows\System32\ieapfltr.dll 2015-04-15 14:01:29 8A083313C1F7F50098D1D4F2FC092BD1 2052608 ----a-w- C:\Windows\System32\inetcpl.cpl 2015-04-15 14:01:28 8E30C9B4E16C23211F1DD02B517E4FA8 62464 ----a-w- C:\Windows\System32\iesetup.dll 2015-04-15 14:01:28 2396395B6F563158BEC2E0526D7F6CD2 168960 ----a-w- C:\Windows\System32\msrating.dll 2015-04-15 14:01:27 C46904F2E9E121A91DDDABB48D7648C3 1888256 ----a-w- C:\Windows\System32\wininet.dll 2015-04-15 14:01:27 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\System32\ieuinit.inf 2015-04-15 14:01:27 0A5B7C0B5A754BBACD53DFFA53A0E47B 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2015-04-15 14:01:26 CD91FE4F2718A88FC1C9C9C2E73EABB2 285696 ----a-w- C:\Windows\System32\dxtrans.dll 2015-04-15 14:01:26 94D64C343FE6341430A4C61BC490FEBF 478208 ----a-w- C:\Windows\System32\ieui.dll 2015-04-15 14:01:25 AE8A9FCDC135F681EFE9135929CF4A7B 12825600 ----a-w- C:\Windows\System32\ieframe.dll 2015-04-15 14:01:24 B55293D48979DADE6049944C252A3BDB 340992 ----a-w- C:\Windows\System32\html.iec 2015-04-15 14:01:23 D730BA653F9F95EC044F6636E6E45905 76288 ----a-w- C:\Windows\System32\mshtmled.dll 2015-04-15 14:01:23 BDE9AA78B575CDA7C946A725926021F7 1155072 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2015-04-15 14:01:22 DC155C2C14DC69EA400020CF92895873 64000 ----a-w- C:\Windows\System32\MshtmlDac.dll 2015-04-15 14:01:22 77104FDBBD821F2D73338D9370675EF3 2278400 ----a-w- C:\Windows\System32\iertutil.dll 2015-04-15 14:01:20 2F42037DD6F2831332653EB7F35D7E9A 19695616 ----a-w- C:\Windows\System32\mshtml.dll 2015-04-15 14:01:19 7776F3DA2B1AEDC2DA226F726B1E9A01 503296 ----a-w- C:\Windows\System32\vbscript.dll 2015-04-15 14:01:18 43A5A38E45F0D4FA02A0CCD51244AA17 4305408 ----a-w- C:\Windows\System32\jscript9.dll 2015-04-15 14:01:06 E981C27FA6C2F45C135DB4AF78D6FE1F 92672 ----a-w- C:\Windows\System32\wudriver.dll 2015-04-15 14:01:06 CFF96E0CE6F81F5968A6D61786642855 131584 ----a-w- C:\Windows\System32\wuauclt.exe 2015-04-15 14:01:06 C7E498E41D92CF8C2EAED9995781A7F7 29696 ----a-w- C:\Windows\System32\wups.dll 2015-04-15 14:01:06 9D68CE45935C439D5082ECB56902124D 566784 ----a-w- C:\Windows\System32\wuapi.dll 2015-04-15 14:01:06 751C4859FD46A1461B3FB57252F541D8 33792 ----a-w- C:\Windows\System32\wuapp.exe 2015-04-15 14:01:06 3096CA2455ECDEF83A90F2384BD305D3 3088384 ----a-w- C:\Windows\System32\wucltux.dll 2015-04-15 14:01:06 131BDD454DD1AA5BF732886DA6A3B0FA 11776 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll 2015-04-15 14:01:06 0430D8CE2C251BAD25CF809CEA3D2153 35328 ----a-w- C:\Windows\System32\wups2.dll 2015-04-15 14:01:06 031C03C9639CE0D294695968C68A5775 173056 ----a-w- C:\Windows\System32\wuwebv.dll 2015-04-15 14:01:05 7E5C454A3F986FEBAD075DB8D915917E 2020864 ----a-w- C:\Windows\System32\wuaueng.dll 2015-04-15 14:01:05 124FD729FB2B621EB32E9B34B8D49A34 50176 ----a-w- C:\Windows\System32\WinSetupUI.dll 2015-04-10 16:13:02 95111BFB2EB0C6FECE6873ACF2EA358D 291312 ----a-w- C:\Windows\System32\aswBoot.exe ====== C:\Windows\system32\drivers ===== 2015-04-15 14:01:48 D800E1EAF33630A1636BB21E8256AA92 137656 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-04-15 14:01:48 746F89CE0C6569C589E6AC4D3DA82D41 67512 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-04-15 14:00:58 487569E5DA56A5A432FF8AF6D3599CF9 514560 ----a-w- C:\Windows\System32\drivers\http.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-04-20 17:10:21 -------- d-----w- C:\Program Files\trend micro 2015-04-17 11:37:05 -------- d-----w- C:\Program Files\Common Files\Java 2015-04-13 16:05:59 -------- d-----w- C:\Program Files\iPod 2015-04-13 16:05:57 -------- d-----w- C:\Program Files\iTunes 2015-04-08 12:25:13 -------- d-----w- C:\Program Files\FILEminimizer Pictures 2015-04-03 09:17:02 -------- d-----w- C:\Program Files\Mozilla Thunderbird 2015-03-27 11:08:06 -------- d-----w- C:\Program Files\Common Files\ThreeShips Shared ======= C: ===== ====== C:\Users\Ken_Els\AppData\Roaming ====== 2015-04-08 12:25:20 -------- d-----w- C:\Users\Ken\AppData\Roaming\FILEminimizerPictures ====== C:\Users\Ken_Els ====== 2015-04-20 17:05:55 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Ken_Els\Downloads\RSIT.exe 2015-04-13 16:07:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-04-13 16:05:57 -------- d-----w- C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2015-04-08 12:25:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILEminimizer Pictures 3.0 ====== C: exe-files == 2015-04-20 17:10:22 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Ken_Els.exe 2015-04-20 17:05:55 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Ken_Els\Downloads\RSIT.exe 2015-04-17 10:38:14 F65FA872AB42C3F0DBDDE26DF9609F5C 159656 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\unpack200.exe 2015-04-17 10:38:14 EEF1E60EE8CD91EB27B465DF7D97D747 16296 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\rmiregistry.exe 2015-04-17 10:38:14 D7168BCC2877E533EB32E0E00DCEEAE6 51112 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\ssvagent.exe 2015-04-17 10:38:14 B406B32BDFDE96384C5F0A93D0090403 16296 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\tnameserv.exe 2015-04-17 10:38:14 B2ED82B1A6ACCED29498BB9BA43D430F 16296 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\servertool.exe 2015-04-17 10:38:14 6EE11615820FCCBC8879FD86DD033515 15784 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\rmid.exe 2015-04-17 10:38:13 EECA4389069973E098AC4A167D58DC47 30632 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\jabswitch.exe 2015-04-17 10:38:13 E830232219E9156AF3E7F0ACB1B85FC8 15784 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\ktab.exe 2015-04-17 10:38:13 C885370364208460FD31001113F2B2A2 15784 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\java-rmi.exe 2015-04-17 10:38:13 BDFE80354D388518D8C4E71F2734796D 15784 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\pack200.exe 2015-04-17 10:38:13 B175AD07294EB83FD12947B47B009D66 190888 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\java.exe 2015-04-17 10:38:13 9A78F5C33E24C55B7025416C79658759 16296 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\orbd.exe 2015-04-17 10:38:13 90D8F0F8665DFE0F5616902F8A0E8561 76712 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\jp2launcher.exe 2015-04-17 10:38:13 7AEB4F5D482E1167E1FE9A726584BCD6 68520 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe 2015-04-17 10:38:13 6045943DD4B9731735DB0774B25AE114 191400 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\javaw.exe 2015-04-17 10:38:13 57631CADE6FE87A131913D6241A5343A 15784 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\kinit.exe 2015-04-17 10:38:13 3C07B66A8BB9F028DC8EB87F84915DF0 15784 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\jjs.exe 2015-04-17 10:38:13 33EF14CDCDD35CB53D3C3FCB3C2819CC 15784 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\keytool.exe 2015-04-17 10:38:13 12F3D9FC2D1D68BB1C9AF782F94E4CF8 272296 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\javaws.exe 2015-04-17 10:38:13 11EEA5DB4A0B073867E3DCBCDBF12118 15784 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\klist.exe 2015-04-17 10:38:13 01E2DB324E5D3C31D1C31D7E3B9748CF 16296 ----a-w- C:\Program Files\Java\jre1.8.0_45\bin\policytool.exe 2015-04-17 07:35:32 B0E2B7813094940E791B0D6123E782D8 562088 ----a-w- C:\Users\Ken\AppData\Local\Temp\jre-8u45-windows-au.exe 2015-04-16 14:07:59 0D423A0CBEC984F3C08354C72E999FB1 11017296 ----a-w- C:\Program Files\Google\Update\Install\{FDA6B257-06AD-478C-92D1-032F96A1EBF8}\42.0.2311.90_41.0.2272.118_chrome_updater.exe 2015-04-16 14:07:59 0D423A0CBEC984F3C08354C72E999FB1 11017296 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\42.0.2311.90\42.0.2311.90_41.0.2272.118_chrome_updater.exe 2015-04-15 14:02:15 870CADF288DCA12B4E1D88FA0418146A 67768 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe 2015-04-15 14:01:51 11896E75E1A118ABFAD126BEB650A189 3920824 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-04-15 14:01:49 A6A644BFAE31F111F35F8C3C7BA2A8A0 3976632 ----a-w- C:\Windows\System32\ntkrnlpa.exe 2015-04-15 14:01:48 0C01746013943D7E7EE86B920ADFB50D 262656 ----a-w- C:\Windows\System32\rstrui.exe 2015-04-15 14:01:47 981CE3E3A653511799F4A862494B66A8 22528 ----a-w- C:\Windows\System32\lsass.exe 2015-04-15 14:01:47 6F8CEB8115737D2E049804B191AE41A9 50176 ----a-w- C:\Windows\System32\auditpol.exe 2015-04-15 14:01:47 485436C2A90318218777401FB973558C 69632 ----a-w- C:\Windows\System32\smss.exe 2015-04-15 14:01:32 D9E187C07D2E847B38A07EEDD4CC7967 685568 ----a-w- C:\Windows\System32\ie4uinit.exe 2015-04-15 14:01:32 9A2B138118A27A2EB3FE71EDB55ED142 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe 2015-04-15 14:01:31 EEC060949BC1863A30F72EB28D2C1E2F 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2015-04-15 14:01:31 9A9F2AC89AAE40A49D8D474FAD932C37 221184 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2015-04-15 14:01:30 B7BFB7C2970DF5E779FF729C037BD8E4 115712 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-04-15 14:01:29 DACC3142BF6317B7250F319AB435D128 469504 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2015-04-15 14:01:28 B3581F426DC500A51091CDD5BACF0454 815288 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-04-15 14:01:06 CFF96E0CE6F81F5968A6D61786642855 131584 ----a-w- C:\Windows\System32\wuauclt.exe 2015-04-15 14:01:06 751C4859FD46A1461B3FB57252F541D8 33792 ----a-w- C:\Windows\System32\wuapp.exe === C: other files == 2015-04-17 10:38:14 34AD992DE8D6023490DB5C9017FAE6E8 14130 ----a-w- C:\Program Files\Java\jre1.8.0_45\lib\deploy\ffjcext.zip 2015-04-15 14:02:34 33A60554882FDF59CDA3E1806370BBA1 249784 ----a-w- C:\Windows\System32\clfs.sys 2015-04-15 14:01:48 D800E1EAF33630A1636BB21E8256AA92 137656 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-04-15 14:01:48 746F89CE0C6569C589E6AC4D3DA82D41 67512 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-04-15 14:00:58 487569E5DA56A5A432FF8AF6D3599CF9 514560 ----a-w- C:\Windows\System32\drivers\http.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1558354063-1319679675-771687944-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Ken_Els\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Google+ Auto Backup"="C:\Users\Ken_Els\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart" "Spybot-S&D Cleaning"="C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean" [HKEY_USERS\S-1-5-21-1558354063-1319679675-771687944-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-1558354063-1319679675-771687944-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "SDTray"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" "Wondershare Helper Compact.exe"="C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Ken_Els\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Google+ Auto Backup"="C:\Users\Ken_Els\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart" "Spybot-S&D Cleaning"="C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean" ==== Startup Folders ====================== 2015-04-09 08:09:28 1139 ----a-w- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-12-08 12:57:25 1325 ----a-w- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KPN Up.lnk 2014-04-23 18:23:33 1941 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [23-04-2014 21:49] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [23-04-2014 21:49] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1558354063-1319679675-771687944-1000Core.job --a------ C:\Users\Ken_Els\AppData\Local\Google\Update\GoogleUpdate.exe [03-05-2014 15:14] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1558354063-1319679675-771687944-1000UA.job --a------ C:\Users\Ken_Els\AppData\Local\Google\Update\GoogleUpdate.exe [03-05-2014 15:14] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1558354063-1319679675-771687944-1000Core" [C:\Users\Ken_Els\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1558354063-1319679675-771687944-1000UA" [C:\Users\Ken_Els\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\{B6503C0E-1E28-4084-8752-5F0BE047613A}" [D:\SETUP.EXE] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\Windows\system32\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [10-04-2015 18:11] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Ken\AppData\Roaming\Thunderbird\Profiles\fuv929y6.default - British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org - Dictionnaires franais - %ProfilePath%\extensions\fr-dicollecte@dictionaries.addons.mozilla.org - Woordenboek Nederlands - %ProfilePath%\extensions\nl-NL@dictionaries.addons.mozilla.org - AboutConfig - %ProfilePath%\extensions\{412395cf-187c-40a2-bc8c-3ca45ccdb3e8} - Extra Folder Columns - %ProfilePath%\extensions\extra-cols@jminta_gmail.com.xpi - CompactHeader - %ProfilePath%\extensions\{58D4392A-842E-11DE-B51A-C7B855D89593}.xpi ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 42.0.2311.90 (Possible outdated, latest Stable version: 41.0.2272.118) [z-db] HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[20-03-2015 12:39] Google Slides - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Avast Online Security - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Bookmark Manager - Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Avast Online Security - Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Docs - Ken_Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Ken_Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Ken_Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Ken_Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf This information is used only for diagnosing the problem you are reporting is available only to someone investigating your report and is retained for no more than 30 days. - Ken_Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp Bookmark Manager - Ken_Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik Avast Online Security - Ken_Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Google Wallet - Ken_Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Ken_Els\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Els\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://www.google.com/" ] C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://www.google.nl/", "http://www.google.com/" ] C:\Users\Ken_Els\AppData\Local\Google\Chrome\User Data\Default\Preferences "startup_urls": [ "http://www.google.com/" ] ==== Chromium Fix ====================== C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics-translations.com_0.localstorage deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics-translations.com_0.localstorage-journal deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics.wikia.com_0.localstorage deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics.wikia.com_0.localstorage-journal deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.allthelyrics.com_0.localstorage deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.allthelyrics.com_0.localstorage-journal deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage-journal deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsmode.com_0.localstorage-journal deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689"}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully ==== HijackThis Entries ====================== C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe C:\Program Files\Spybot - Search & Destroy 2\SDSettings.exe O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Ken_Els\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Google+ Auto Backup] "C:\Users\Ken_Els\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1558354063-1319679675-771687944-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1558354063-1319679675-771687944-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\Thomson\TG122n\WlanCU.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\Thomson\TG122n\WlanWpsSvc.exe ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Google Update = "C:\Users\Ken_Els\AppData\Local\Google\Update\GoogleUpdate.exe" /c [Google Inc.] Google+ Auto Backup = "C:\Users\Ken_Els\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart [Google Inc.] Spybot-S&D Cleaning = "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [Safer-Networking Ltd.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [Avast Software s.r.o.] CanonSolutionMenu = C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [CANON INC.] GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [MS] NBKeyScan = "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [file not found] SDTray = "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" [Safer-Networking Ltd.] Wondershare Helper Compact.exe = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [file not found] QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Apple Inc.] iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [Oracle Corporation] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = avast! Online Security -> {HKLM...CLSID} = avast! Online Security \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [Avast Software s.r.o.] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {472083B0-C522-11CF-8763-00608CC02F24} = avast -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler -> {HKLM...CLSID} = Microsoft Office Outlook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL [MS] {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {2E9D3540-211C-11d0-A5F2-00A0248C37BE} = Nero Shell Extension Property Sheet -> {HKLM...CLSID} = Nero Shell Extension Property Sheet \InProcServer32\(Default) = C:\Program Files\ahead\Nero\neroshx.dll [file not found] {44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon32 -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM...CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> grooveLocalGWS\CLSID = {88FED34C-F0CA-4636-A375-3CB6248B04CD} -> {HKLM...CLSID} = Local Groove Web Services Protocol \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [MS] <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> wlpg\CLSID = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -> {HKLM...CLSID} = Album Download IE Asynchronous Pluggable Protocol Interface \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ SoftwareSASGeneration = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Ken_Els\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] MSLivePhotoAcqHWEventHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = Microsoft.LivePhotoAcqHWEventHandler HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] MSLiveVideoCameraArrivalCaptureWizard\ Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10 ProgID = WLXAutoPlayMgr.WLXHWEventHandler InitCmdLine = WLXVideoAcquireWizard HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22} -> {HKLM...CLSID} = WLXWEventHandler Class \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe" "%1" [Google Inc.] SpybotScanFiles\ Provider = Spybot - Search & Destroy InvokeProgID = SpybotFilesScanner InvokeVerb = scanfiles HKLM\SOFTWARE\Classes\SpybotFilesScanner\shell\scanfiles\command\(Default) = "C:\Program Files\Spybot - Search & Destroy 2\SDFiles.exe" [Safer-Networking Ltd.] WIA_{A4089EF2-D9C3-4065-B8F2-A41705307494}\ Provider = MP Navigator EX Ver2.0 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files\Canon\MP Navigator EX 2.0\mpnex20.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "Ken_Els" & "All Users" startup folders: --------------------------------------------------------- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++} Wireless Configuration Utility -> shortcut to: C:\Program Files\Thomson\TG122n\WlanCU.exe [empty string] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\Ken_Els\AppData\Local\Microsoft\Windows Sidebar\Settings.ini "C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget" Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Acrobat Update Task -> launches: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [Avast Software s.r.o.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] GoogleUpdateTaskUserS-1-5-21-1558354063-1319679675-771687944-1000Core -> launches: C:\Users\Ken_Els\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskUserS-1-5-21-1558354063-1319679675-771687944-1000UA -> launches: C:\Users\Ken_Els\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] {B6503C0E-1E28-4084-8752-5F0BE047613A} -> launches: D:\SETUP.EXE [file not found] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS] refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS] refreshgwxcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS] runappraiser -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RunAppraiser [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS] Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy Check for updates -> launches: "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose /background [Safer-Networking Ltd.] Refresh immunization -> launches: "C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe" /immunize /silent /autoclose [Safer-Networking Ltd.] Scan the system -> launches: "C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe" /scan /cleanclose [Safer-Networking Ltd.] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-1558354063-1319679675-771687944-1002 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 30 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoeken Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = Verz&enden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...CLSID} = &Onderzoeken \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] Avast Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [Avast Software s.r.o.] AvastVBox COM Service, AvastVBoxSvc, "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [Avast Software] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] Inkjet Printer/Scanner Extended Survey Program, IJPLMSVC, C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [null data] iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA Update Service Daemon, nvUpdatusService, "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [NVIDIA Corporation] Spybot-S&D 2 Security Center Service, SDWSCService, C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [Safer-Networking Ltd.] Spybot-S&D 2 Updating Service, SDUpdateService, "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" [Safer-Networking Ltd.] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] WlanWpsSvc, WlanWpsSvc, C:\Program Files\Thomson\TG122n\WlanWpsSvc.exe [null data] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Send To Microsoft OneNote Monitor\Driver = msonpmon.dll [MS] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Users\Els\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Els\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Ken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Ken_Els\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ken_Els\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Els\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Ken_Els\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=68 folders=47 15087489 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Els\AppData\Local\Temp emptied successfully C:\Users\Ken\AppData\Local\Temp will be emptied at reboot C:\Users\Ken_Els\AppData\Local\Temp will be emptied at reboot C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Ken_Els\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\Users\Ken\AppData\Local\Temp\RarSFX0" not found ==== EOF on wo 22-04-2015 at 10:49:03,11 ======================