Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Christ on di 19-05-2015 at 19:19:15,27. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Christ\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\WINDOWS\system32\wininit.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\WINDOWS\system32\dwm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\WINDOWS\system32\nvvsvc.exe C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe C:\WINDOWS\System32\svchost.exe -k utcsvc C:\WINDOWS\SysWOW64\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\dashost.exe c:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\SysWOW64\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe C:\WINDOWS\system32\taskhostex.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Windows\System32\skydrive.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Windows\System32\SettingSyncHost.exe C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Users\Christ\AppData\Local\Apps\2.0\1T2JCQ86.59K\EDE7RV97.KYP\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe C:\Program Files\Dell\DellDataVault\DellDataVault.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe C:\WINDOWS\system32\conhost.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\conhost.exe C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\conathst.exe C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\nacl64.exe C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\nacl64.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe C:\Windows\System32\RuntimeBroker.exe C:\Users\Christ\Desktop\zoek.exe C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\wbem\WmiApSrv.exe ==== System Restore Info ====================== 19-5-2015 19:21:39 Zoek.exe System Restore Point Created Successfully. ==== Windows Installer Info ====================== 64 Bit HP CIO Components Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E3C12FFDF79F4745981D8BC9EC48245]C:\WINDOWS\Installer\3669a4.msi Bing Bar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C6AC1163ACF500943A92A6111832CCCF]C:\WINDOWS\Installer\366adc.msi BufferChm [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\286FF0AF07CC75C439DC2E673F7E35E7]C:\WINDOWS\Installer\3669cb.msi Copy [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FF664EB97B078AD408C7BDC46301DFAA]C:\WINDOWS\Installer\366a98.msi D3DX10 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BD4C90EC03660F46A13E87A329932FA]C:\Windows\Installer\4c9ad.msi Dell Data Vault [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DFEE55E22612D7A41985DE0B0365306A]C:\WINDOWS\Installer\3a6c5e.msi Dell Digital Delivery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DB84369BD0B63E24081BAF768160B7EF]c:\Windows\Installer\4c987.msi Dell SupportAssistAgent [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8C84378274B863C4FA8244A1B3D77822]C:\WINDOWS\Installer\5e2be.msi Dell Update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3214A31771497FF4CA410F006D0C7CDA]C:\Windows\Installer\4ca00.msi Destinations [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB4027DB46DDE994B955A682C2FDF44A]C:\WINDOWS\Installer\366aa0.msi DeviceDiscovery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\87BB85415CD10CB49B3AB246F4A51850]C:\WINDOWS\Installer\366a89.msi DJ_AIO_06_F2400_SW_Min [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ABEC8E1DB2CE73B4798B8CA76F036210]C:\WINDOWS\Installer\366a4e.msi F2400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\931F0F0640C0C9D4C9C6ED3F7566AB3B]C:\WINDOWS\Installer\3669e3.msi Fotogalerie [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1C49DBC351ABC88488B88DDD92C66CCD]C:\Windows\Installer\4c9e6.msi Galerie de photos [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EC8CC64409E07F44DA0D77B442E30F09]C:\Windows\Installer\4c9d7.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\WINDOWS\Installer\206c4f.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC]C:\WINDOWS\Installer\bd2c0.msi GPBaseService2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6F7443BB35599AA469E0D05B13C07597]C:\WINDOWS\Installer\366ac3.msi HP Update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FC03D219E93F13B4DAA921C3B697E42E]C:\WINDOWS\Installer\366ad4.msi HPPhotoGadget [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F3124EAC797FD934DBE9977BD111B53E]C:\WINDOWS\Installer\366a5c.msi HPProductAssistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1026B0516E9EBFD469E0CCDB35BFDDDE]C:\WINDOWS\Installer\366abb.msi HPSSupply [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\588A53CAF8F075847BADE6D8BF346E3B]C:\WINDOWS\Installer\366aa8.msi Intel(R) Rapid Storage Technology [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D296F39D4C0DEE4B9EF56C7D19595EF]C:\Windows\Installer\4c983.msi Intelİ Trusted Connect Service Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\350BFA98343AFE64794E5D39DA17486E]c:\Windows\Installer\4c979.msi LabelPrint [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C971C95CD8669A946BAE1012CCCF2134]C:\Windows\Installer\85fb.msi MarketResearch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\88AF063D8C7141F46BF731AA9F06B721]C:\WINDOWS\Installer\366acb.msi Media Suite [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\42C6FBF1Df1C10144AB2C065F4E9E897]C:\Windows\Installer\8626.msi Microsoft Application Error Reporting [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400100000000F01FEC]C:\Windows\Installer\4c99e.msi Microsoft Office Access MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109510031400000000000F01FEC]C:\WINDOWS\Installer\c1382.msi Microsoft Office Excel MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109610031400000000000F01FEC]C:\WINDOWS\Installer\c1337.msi Microsoft Office Groove MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109AB0031400000000000F01FEC]C:\WINDOWS\Installer\c133f.msi Microsoft Office InfoPath MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109440031400000000000F01FEC]C:\WINDOWS\Installer\c1392.msi Microsoft Office Office 64-bit Components 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A20000000100000000F01FEC]C:\WINDOWS\Installer\c13ad.msi Microsoft Office OneNote MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000041091A0031400000000000F01FEC]C:\WINDOWS\Installer\c138a.msi Microsoft Office Outlook Connector [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004159180031400000000000F01FEC]C:\WINDOWS\Installer\b98f0.msi Microsoft Office Outlook MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10031400000000000F01FEC]C:\WINDOWS\Installer\c1350.msi Microsoft Office PowerPoint MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109810031400000000000F01FEC]C:\WINDOWS\Installer\c132e.msi Microsoft Office Professional Plus 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004119110000000000000000F01FEC]C:\WINDOWS\Installer\c13e1.msi Microsoft Office Proof (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10031400000000000F01FEC]C:\WINDOWS\Installer\c1358.msi Microsoft Office Proof (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC]C:\WINDOWS\Installer\c1370.msi Microsoft Office Proof (French) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC]C:\WINDOWS\Installer\c1368.msi Microsoft Office Proof (German) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC]C:\WINDOWS\Installer\c1360.msi Microsoft Office Proofing (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109C20031400000000000F01FEC]C:\WINDOWS\Installer\c1378.msi Microsoft Office Publisher MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109910031400000000000F01FEC]C:\WINDOWS\Installer\c139b.msi Microsoft Office Shared 64-bit MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A20031400100000000F01FEC]C:\WINDOWS\Installer\c1347.msi Microsoft Office Shared MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60031400000000000F01FEC]C:\WINDOWS\Installer\c1326.msi Microsoft Office Word MUI (Dutch) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109B10031400000000000F01FEC]C:\WINDOWS\Installer\c13a4.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\WINDOWS\Installer\2b0ab.msi Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D034B0FAA6BD374B960AAD30DF10D8B]C:\Windows\Installer\4c9b6.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\8622.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]C:\Windows\Installer\8600.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98]C:\Windows\Installer\8616.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\WINDOWS\Installer\2869c9.msi Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1926E8D15D0BCE53481466615F760A7F]c:\Windows\Installer\4853e.msi Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]c:\Windows\Installer\862c.msi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BEA594979BAED93C82408E6FE57CE7A]c:\WINDOWS\Installer\2478ce.msi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A95FF38022A7A3CBE8D50CBBABA178]c:\WINDOWS\Installer\2478f1.msi Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5B4408EA3ACFEBE4CA87F03B6A8ECD67]C:\Windows\Installer\4c9cb.msi Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\85D9CC30231B0CC45A12F46306AA347C]C:\Windows\Installer\4c9e9.msi Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93ADBAB5FC16EE1499D204456B46A9B9]C:\Windows\Installer\4c9f8.msi Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9F77C6DEE7D4C744E90CA912D2705553]C:\Windows\Installer\4c9bc.msi Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AC64971A5E810FC4D8555AD60874818F]C:\Windows\Installer\4c9da.msi MSVCRT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6C64DD86500CEF47BA082BB611A1FF1]C:\Windows\Installer\4c992.msi MSVCRT110 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8CDD41E806AE81E43B3E917301D4B5AD]C:\Windows\Installer\4c995.msi MSVCRT110_amd64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F187AF9E08E3993428A5DAE3112CC877]C:\Windows\Installer\4c998.msi Nero 8 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D678B5A9009ABAA45B75ED28B74EE6C6]C:\WINDOWS\Installer\e7c5.msi neroxml [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB940C659E972054EB7A79453A6EF0B9]C:\WINDOWS\Installer\53de8a6.msi NVIDIA PhysX [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EBF2823CF538D8489AC11A5E51F9F4B]C:\Windows\Installer\323a9.msi Office 15 Click-to-Run Extensibility Component [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C80000000000000000F01FEC]C:\WINDOWS\Installer\126531.msi Office 15 Click-to-Run Licensing Component [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109F80000000100000000F01FEC]C:\WINDOWS\Installer\12647b.msi Office 15 Click-to-Run Localization Component [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00005109C80031400000000000F01FEC]C:\WINDOWS\Installer\1264b7.msi Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3F03045F6B41D234391687CD1B749302]C:\Windows\Installer\4c9d4.msi Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\411F888D735784D4FA30D59A8CD25704]C:\Windows\Installer\4c9f2.msi Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\455DF347F37A8EF4EBB72C381D26799F]C:\Windows\Installer\4c9c5.msi Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C8F3021E43FF86944A5A4B1F8F35D3BA]C:\Windows\Installer\4c9e3.msi Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47499F033EBE43140AB26FDC83FC2E34]C:\Windows\Installer\4c9b9.msi Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7017C6CF27D71A140A13C37E1551B9BA]C:\Windows\Installer\4c9f5.msi Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C22AC76FF11C37544860757FB50AB615]C:\Windows\Installer\4c9c8.msi Power2Go [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D84D78A2FDF3df1479DC1A3E07FEFF2E]C:\Windows\Installer\8604.msi PowerDirector [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2D6F4B0BEA2FA1544969F6F2A698B723]C:\Windows\Installer\8609.msi PowerDVD [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\63AEB64B17B0E4A4EA1478426134AFA0]C:\Windows\Installer\861a.msi Qualcomm Atheros Bluetooth Suite (64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1BF4A48A307DBD84980E866B94D98210]C:\Windows\Installer\4c97f.msi QuickTransfer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C490715E6B60F914F8DFFEF475791203]C:\WINDOWS\Installer\366a70.msi Scan [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C88D1A60201E7254FA0792FF7DFA12A5]C:\WINDOWS\Installer\11872e.msi Skype Click to Call [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9A1221D6FB710CE4182F723DE03C7010]C:\WINDOWS\Installer\a0511.msi SkypeT 7.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0AB19942EE0FDA44C98CE55CA0CE6F7B]C:\WINDOWS\Installer\a0508.msi SolutionCenter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B78DD5CB341041D4AA6E79016941CDB6]C:\WINDOWS\Installer\366ab3.msi Status [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436520B5B5D7D8B4EBA297341CFCD2D5]C:\WINDOWS\Installer\366a81.msi Toolbox [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25F0F292D26B17E429B1986A28042210]C:\WINDOWS\Installer\118726.msi TrayApp [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D36E13DCDF74C1941871FC02D1A0AF5B]C:\WINDOWS\Installer\366a79.msi Visual Studio C++ 10.0 Runtime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\422F2144948316443A9EEDFED8527209]C:\WINDOWS\Installer\b3961.msi WebReg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8DF49EE825F536443A0481D561231885]C:\WINDOWS\Installer\3669da.msi Windows Live [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FFA318D8D19D0EE428F19B10CFE298AF]C:\Windows\Installer\4c9d1.msi Windows Live Communications Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A9BB4540A7A24124DBFF39F7A717A144]C:\Windows\Installer\4c9a7.msi Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3AB5F096BED5DC2469B26F78EE95AF7A]C:\Windows\Installer\4c9e0.msi Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9F6A430C9656B1943BFB5F1D25127A80]C:\Windows\Installer\4c9ef.msi Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C9B13F7B57780054E8D9A6EBA91EC74F]C:\Windows\Installer\4c9c2.msi Windows Live Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5DC424C50AEE3D45BAD9F1F941E3DCA]C:\Windows\Installer\4c99b.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0DFE6B9C10F4ABB4384793DA993ADE27]C:\Windows\Installer\4c9b3.msi Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\512BD8A6DCB777340B51E254143A7E6C]C:\Windows\Installer\4c9aa.msi Windows Live SOXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D3B0C7EF9B051594EB873A12BC8F5625]C:\Windows\Installer\4c9a4.msi Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DCA246A8A3EC32A48A1B0A7FBE212B41]C:\Windows\Installer\4c9a1.msi Windows Live UX Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4F1DBCC4CEECA254C98B6465B4053151]C:\Windows\Installer\4c9b0.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\188272810CFCD4349A575EEB4402A60A]C:\Windows\Installer\4c9ec.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\664A2AA41308A304286335104B3E19BF]C:\Windows\Installer\4c9bf.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9DB399099D7CF2C45BC6F2A7EFDBC40D]C:\Windows\Installer\4c9ce.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C465727B3D74A374CAE94FEBB7B15D3D]C:\Windows\Installer\4c9dd.msi ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\NeroInstall.bak deleted successfully C:\Program Files\McAfee deleted successfully C:\Users\Christ\AppData\Roaming\Logitech deleted successfully C:\Users\Christ\AppData\Roaming\RmLRN deleted successfully C:\Users\Christ\AppData\Roaming\Solvusoft deleted successfully C:\Users\Christ\AppData\Roaming\Zro deleted successfully C:\Users\Christ\AppData\Local\MediaShow deleted successfully C:\Users\Christ\AppData\Local\PackageStaging deleted successfully C:\Users\Christ\AppData\Local\softthinks deleted successfully ==== Checking Systemdrive for Symlinks ====================== Volume in drive C is OS Volume Serial Number is B4F1-0A70 Directory of C:\ 22-08-2013 16:45 Documents and Settings [C:\Users] 0 File(s) 0 bytes Directory of C:\ProgramData 22-08-2013 16:45 Application Data [C:\ProgramData] 22-08-2013 16:45 Desktop [C:\Users\Public\Desktop] 22-08-2013 16:45 Documents [C:\Users\Public\Documents] 22-08-2013 16:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 22-08-2013 16:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users 22-08-2013 16:45 All Users [C:\ProgramData] 22-08-2013 16:45 Default User [C:\Users\Default] 0 File(s) 0 bytes Directory of C:\Users\All Users 22-08-2013 16:45 Application Data [C:\ProgramData] 22-08-2013 16:45 Desktop [C:\Users\Public\Desktop] 22-08-2013 16:45 Documents [C:\Users\Public\Documents] 22-08-2013 16:45 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 22-08-2013 16:45 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Christ 16-01-2015 21:45 Application Data [C:\Users\Christ\AppData\Roaming] 16-01-2015 21:45 Cookies [C:\Users\Christ\AppData\Local\Microsoft\Windows\INetCookies] 16-01-2015 21:45 Local Settings [C:\Users\Christ\AppData\Local] 16-01-2015 21:45 Menu Start [C:\Users\Christ\AppData\Roaming\Microsoft\Windows\Start Menu] 16-01-2015 21:45 Mijn documenten [C:\Users\Christ\Documents] 16-01-2015 21:45 NetHood [C:\Users\Christ\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 16-01-2015 21:45 Netwerkprinteromgeving [C:\Users\Christ\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 16-01-2015 21:45 Recent [C:\Users\Christ\AppData\Roaming\Microsoft\Windows\Recent] 16-01-2015 21:45 SendTo [C:\Users\Christ\AppData\Roaming\Microsoft\Windows\SendTo] 16-01-2015 21:45 Sjablonen [C:\Users\Christ\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Christ\AppData\Local 16-01-2015 21:45 Application Data [C:\Users\Christ\AppData\Local] 16-01-2015 21:45 Geschiedenis [C:\Users\Christ\AppData\Local\Microsoft\Windows\History] 16-01-2015 21:45 Temporary Internet Files [C:\Users\Christ\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Christ\AppData\Local\Microsoft\Windows 16-01-2015 21:45 Temporary Internet Files [C:\Users\Christ\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Christ\AppData\Local\Microsoft\Windows\INetCache 16-01-2015 21:46 Content.IE5 [C:\Users\Christ\AppData\Local\Microsoft\Windows\INetCache\IE\] 0 File(s) 0 bytes Directory of C:\Users\Christ\AppData\Local\Microsoft\Windows\INetCache\Low 18-01-2015 12:50 Content.IE5 [C:\Users\Christ\AppData\Local\Microsoft\Windows\INetCache\Low\IE\] 0 File(s) 0 bytes Directory of C:\Users\Christ\AppData\Roaming\Microsoft\Windows\Start Menu 16-01-2015 21:45 Programma's [C:\Users\Christ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 File(s) 0 bytes Directory of C:\Users\Christ\OneDrive\Afbeeldingen\Camera-album\croon foto's 06-07-2014 16:37 (28.794) CHRIST - Afb0079.jpg 06-07-2014 16:37 (26.753) CHRIST - Afb0081.jpg 06-07-2014 16:37 (34.926) CHRIST - Afb0082.jpg 3 File(s) 90.473 bytes Directory of C:\Users\Christ\OneDrive\Afbeeldingen\Camera-album\croon foto's\croon feest 14-2-2007 10-10-2009 00:13 (270.827) CHRIST - Croon.jpg 1 File(s) 270.827 bytes Directory of C:\Users\Christ\OneDrive\Afbeeldingen\Camera-album\croon foto's\Etentje geslaagd 22-12-2007 15:41 (62.651) Erwin van de Broek.jpg 22-12-2007 15:41 (67.146) Fons Grummels.jpg 22-12-2007 15:41 (84.642) Gerrit de Koning.jpg 22-12-2007 15:41 (51.582) groep 1 764.jpg 22-12-2007 15:41 (41.453) groep 1 765.jpg 22-12-2007 15:41 (55.026) groep 1 766.jpg 22-12-2007 15:41 (49.273) groep 1 767.jpg 22-12-2007 15:41 (46.858) groep 1 768.jpg 22-12-2007 15:41 (49.447) groep 1 769.jpg 22-12-2007 15:41 (47.836) groep 1 770.jpg 22-12-2007 15:41 (50.846) groep 1 771.jpg 22-12-2007 15:41 (51.508) groep 1 772.jpg 22-12-2007 15:41 (50.508) groep 1 773.jpg 22-12-2007 15:41 (45.097) groep 1 774.jpg 22-12-2007 15:41 (87.543) groep 1 775.jpg 22-12-2007 15:41 (56.711) groep 1 776.jpg 22-12-2007 15:41 (44.374) groep 1 777.jpg 22-12-2007 15:41 (51.593) groep 1 778.jpg 22-12-2007 15:41 (54.432) groep 1 779.jpg 22-12-2007 15:41 (58.405) groep 1 780.jpg 22-12-2007 15:41 (67.179) groep 1 781.jpg 22-12-2007 15:41 (51.687) groep 1 782.jpg 22-12-2007 15:41 (63.147) M T S Leraar.jpg 22-12-2007 15:41 (60.023) W B.jpg 24 File(s) 1.348.967 bytes Directory of C:\Users\Christ\OneDrive\Afbeeldingen\Diverse Foto's 06-07-2014 13:31 (698.388) Afb0038.jpg 06-07-2014 13:34 (463.650) Afb0054.jpg 06-07-2014 13:37 (42.026) Afb0067.jpg 06-07-2014 13:36 (30.522) Afb0113.jpg 06-07-2014 16:34 (15.376) Afb0114.jpg 15-06-2008 11:13 (3.598) cher.jpg 15-06-2008 11:14 (3.273) images.jpg 03-07-2014 18:32 (13.877) lelie cees.-1.jpg 03-07-2014 18:33 (11.769) lelie cees.-2.jpg 03-07-2014 18:32 (12.763) lelie cees.jpg 15-06-2008 11:13 (5.096) sonny.jpg 11 File(s) 1.300.338 bytes Directory of C:\Users\Christ\OneDrive\E-mailbijlagen 01-05-2015 20:17 (68.056) 15050102731881_f0rt3v5p8326aaub_1.pdf 1 File(s) 68.056 bytes Directory of C:\Users\Christ\OneDrive\Muziek 25-04-2015 15:23 (6.406.298) 01-Bella Maria.mp3 1 File(s) 6.406.298 bytes Directory of C:\Users\Christ\OneDrive\Muziek\Vicky Leandros - The Singles[1] 25-04-2015 15:24 (8.211.620) Vicky Leandros - CD1 - 023 - Die Bouzouki Klang Durch Die Sommernacht.mp3 25-04-2015 15:24 (5.807.288) Vicky Leandros - CD1 - 024 - St. Tropez (Gitarren Bei Nacht).mp3 25-04-2015 15:24 (8.764.684) Vicky Leandros - CD2 - 001 - Meine Freunde Sind Die Tr„ume.mp3 25-04-2015 15:24 (7.922.176) Vicky Leandros - CD2 - 002 - Auf Wiedersehn, Ihr Freunde Mein.mp3 25-04-2015 15:24 (9.359.764) Vicky Leandros - CD2 - 003 - Theo, Wir Fahr'n Nach Lodz.mp3 25-04-2015 15:24 (8.021.356) Vicky Leandros - CD2 - 004 - Du Lasst Mir Meine Welt ('Quando Ti Lascio').mp3 25-04-2015 15:24 (8.241.640) Vicky Leandros - CD2 - 005 - Rot Ist Die Liebe.mp3 25-04-2015 15:24 (8.239.552) Vicky Leandros - CD2 - 006 - Ja, Ja Der Peter, Der Ist Schlau.mp3 25-04-2015 15:24 (11.914.432) Vicky Leandros - CD2 - 007 - Ich Liebe das Leben.mp3 25-04-2015 15:24 (8.628.964) Vicky Leandros - CD2 - 008 - Tango d'Amor.mp3 25-04-2015 15:24 (8.553.796) Vicky Leandros - CD2 - 009 - Weisst du, Woraus Die Tr„ume Sind.mp3 25-04-2015 15:24 (8.420.164) Vicky Leandros - CD2 - 010 - Drehorgelmann.mp3 25-04-2015 15:24 (8.997.496) Vicky Leandros - CD2 - 011 - Auf Dem Mond da Blhen Keine Rosen.mp3 25-04-2015 15:24 (10.176.172) Vicky Leandros - CD2 - 012 - Kali Nichta (Gute Nacht).mp3 25-04-2015 15:24 (9.177.064) Vicky Leandros - CD2 - 013 - Bye Bye My Love.mp3 25-04-2015 15:24 (8.552.752) Vicky Leandros - CD2 - 014 - Wer Weint Den Schon Um Einen Mann.mp3 25-04-2015 15:24 (10.425.688) Vicky Leandros - CD2 - 015 - Ich Bin Fr Dich Da (I'll Put You Together Again).mp3 25-04-2015 15:24 (9.354.544) Vicky Leandros - CD2 - 016 - Kinder Der Sonne.mp3 25-04-2015 15:24 (8.919.196) Vicky Leandros - CD2 - 017 - Love's Alive.mp3 25-04-2015 15:24 (9.035.080) Vicky Leandros - CD2 - 018 - Je T'Aime Mon Amour.mp3 25-04-2015 15:24 (14.423.164) Vicky Leandros - CD2 - 019 - Verloren Zijn We Niet.mp3 25-04-2015 15:24 (9.259.540) Vicky Leandros - CD2 - 020 - Ver Van Het Leven (Jenseits Von Eden).mp3 06-02-2010 16:02 (824.162) Vicky Leandros - The Singles+ - A-Seite2.jpg 06-02-2010 16:03 (1.201.912) Vicky Leandros - The Singles+ - B-Seite.jpg 24 File(s) 202.432.206 bytes Directory of C:\Users\Default 22-08-2013 16:45 Application Data [C:\Users\Default\AppData\Roaming] 22-08-2013 16:45 Cookies [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies] 22-08-2013 16:45 Local Settings [C:\Users\Default\AppData\Local] 22-08-2013 16:45 My Documents [C:\Users\Default\Documents] 22-08-2013 16:45 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 22-08-2013 16:45 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 22-08-2013 16:45 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 22-08-2013 16:45 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 22-08-2013 16:45 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 22-08-2013 16:45 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local 22-08-2013 16:45 Application Data [C:\Users\Default\AppData\Local] 22-08-2013 16:45 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 22-08-2013 16:45 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local\Microsoft\Windows 22-08-2013 16:45 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\Default\Documents 22-08-2013 16:45 My Music [C:\Users\Default\Music] 22-08-2013 16:45 My Pictures [C:\Users\Default\Pictures] 22-08-2013 16:45 My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\Public\Documents 22-08-2013 16:45 My Music [C:\Users\Public\Music] 22-08-2013 16:45 My Pictures [C:\Users\Public\Pictures] 22-08-2013 16:45 My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Directory of C:\Users\UpdatusUser 23-02-2014 01:16 Application Data [C:\Users\UpdatusUser\AppData\Roaming] 23-02-2014 01:16 Cookies [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\INetCookies] 23-02-2014 01:16 Local Settings [C:\Users\UpdatusUser\AppData\Local] 23-02-2014 01:16 My Documents [C:\Users\UpdatusUser\Documents] 23-02-2014 01:16 NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 23-02-2014 01:16 PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 23-02-2014 01:16 Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent] 23-02-2014 01:16 SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo] 23-02-2014 01:16 Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu] 23-02-2014 01:16 Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\UpdatusUser\AppData\Local 23-02-2014 01:16 Application Data [C:\Users\UpdatusUser\AppData\Local] 23-02-2014 01:16 History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History] 23-02-2014 01:16 Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows 23-02-2014 01:16 Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\INetCache] 0 File(s) 0 bytes Directory of C:\Users\UpdatusUser\Documents 23-02-2014 01:16 My Music [C:\Users\UpdatusUser\Music] 23-02-2014 01:16 My Pictures [C:\Users\UpdatusUser\Pictures] 23-02-2014 01:16 My Videos [C:\Users\UpdatusUser\Videos] 0 File(s) 0 bytes Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache 21-01-2015 20:00 Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\] 0 File(s) 0 bytes Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache 21-01-2015 20:00 Content.IE5 [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\] 0 File(s) 0 bytes Total Files Listed: 65 File(s) 211.917.165 bytes 69 Dir(s) 824.603.545.600 bytes free ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4100087890-3028816571-2610552428-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-4100087890-3028816571-2610552428-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_USERS\S-1-5-21-4100087890-3028816571-2610552428-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_USERS\S-1-5-21-4100087890-3028816571-2610552428-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully ==== Installed Programs ====================== 64 Bit HP CIO Components Installer Audacity 1.3.0 Bing Bar BufferChm Copy CyberLink LabelPrint 2.5 CyberLink Media Suite 10 CyberLink Media Suite Essentials CyberLink Power2Go 8 CyberLink PowerDirector 10 CyberLink PowerDVD 12 D3DX10 Definition Update for Microsoft Office 2010 (KB3015642) 32-Bit Edition Dell Backup and Recovery Dell Data Vault Dell Digital Delivery Dell SupportAssist Dell SupportAssistAgent Dell System Detect Dell Update Dell WLAN and Bluetooth Client Installation Destinations DeviceDiscovery DJ_AIO_06_F2400_SW_Min F2400 Fotogalerie Galerie de photos Google Chrome Google Update Helper GPBaseService2 GrabIt 1.7.2 Beta 6 (build 1008) HP Customer Participation Program 14.0 HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 HP Imaging Device Functions 14.0 HP Solution Center 14.0 HP Update HPDiagnosticAlert HPPhotoGadget HPProductAssistant HPSSupply Intel(R) Management Engine Components Intel(R) Rapid Storage Technology Intelİ Trusted Connect Service Client MarketResearch Microsoft Application Error Reporting Microsoft Office 2013 voor Thuisgebruik en Studenten - nl-nl Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 64-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft OneDrive Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 MyDriveConnect 4.0.2.2123 MyHarmony Nero 8 neroxml Norton 360 NVIDIA-configuratiescherm 347.52 NVIDIA 3D Vision stuurprogramma 347.52 NVIDIA Grafisch stuurprogramma 347.52 NVIDIA HD Audio-stuurprogramma 1.3.33.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.13.0604 NVIDIA Stereoscopic 3D Driver NVIDIA Update 10.4.0 NVIDIA Update Components NVIDIA Update Core Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component Photo Common Photo Gallery Qualcomm Atheros Bluetooth Suite (64) QuickTransfer Realtek Card Reader Realtek High Definition Audio Driver Scan Security Update for Microsoft Excel 2010 (KB2965240) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2965242) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2999412) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2999420) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553428) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2965237) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Shop for HP Supplies Skype Click to Call SkypeT 7.0 SolutionCenter Status Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD Toolbox TrayApp Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition Update for Microsoft Office 2010 (KB2965291) 32-Bit Edition Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition Update for Microsoft Office 2010 (KB2999439) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2965295) 32-Bit Edition Update for Microsoft Outlook 2010 (KB3015585) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2965292) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition Visual Studio C++ 10.0 Runtime WebReg Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not found C:\PROGRA~2\NeroInstall.bak not found C:\Program Files (x86)\MyDrive Connect deleted C:\PROGRA~2\AskTBar deleted C:\Users\Christ\AppData\Roaming\ParetoLogic deleted C:\Users\Christ\AppData\Roaming\DriverCure deleted C:\PROGRA~3\ParetoLogic deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\SysNative\roboot64.exe deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE" deleted "C:\Program Files (x86)\Microsoft\BingBar" not deleted "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0" not deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 8143 MB CPU Info: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz CPU Speed: 3109,2 MHz Sound Card: Luidsprekers / koptelefoons (Re | Display Adapters: NVIDIA GeForce GT 625 (OEM) | NVIDIA GeForce GT 625 (OEM) Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Dell Wireless 1705 802.11b/g/n (2.4GHZ) | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVD+-RW GHB0N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 919,6GB | F: 931,0GB | G: 500,5MB | X: 2,0GB | Y: 9,2GB Hard Disks - Free: C: 767,9GB | F: 437,2GB | G: 474,8MB | X: 1,7GB | Y: 727,5MB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | | DELL - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: Dell Inc. 088DT1 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Norton 360 Premier Edition On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Norton 360 Premier Edition disabled (Outdated) Firewall: Norton 360 Premier Edition disabled Default Browser: Google Chrome 42.0.2311.152 Internet Explorer Version: 11.0.9600.17801 Google Chrome version: 42.0.2311.152 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2015-05-07 16:45:37 992826A14A16BFFCA75DBC19F832C41A 136 ----a-w- C:\WINDOWS\ODBC.INI ====== C:\Users\Christ\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-05-16 16:02:32 A8B72561E67739D416C4BB3A62EC7331 102608 ----a-w- C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-16 09:40:17 3250046189DF6429ECD93D9B483C62C7 1943040 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll 2015-05-16 09:39:56 CB07788DF1639ED547F645403BECD759 141824 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2015-05-16 09:39:54 7C29FBB11679B9B4F08D5AA771DABD90 358912 ----a-w- C:\WINDOWS\SysWOW64\schannel.dll 2015-05-16 09:39:52 96111DD5552A2A1DC02FC090EF80AF2D 324096 ----a-w- C:\WINDOWS\SysWOW64\certcli.dll 2015-05-16 09:39:52 0FDCB0931B57280D59942556A6706372 21504 ----a-w- C:\WINDOWS\SysWOW64\sdbinst.exe 2015-05-16 09:39:51 697177C5242095DBDB3A3B52DD27C400 1207296 ----a-w- C:\WINDOWS\SysWOW64\dbghelp.dll 2015-05-16 09:39:51 69304975B8DF00BDC9567AAAF97791F2 1812992 ----a-w- C:\WINDOWS\SysWOW64\SRH.dll 2015-05-16 09:39:51 3C2B9089839D283DD6F91CF5F0748D1D 2985984 ----a-w- C:\WINDOWS\SysWOW64\dbgeng.dll 2015-05-16 09:39:51 032D9982B72E4F9A9B62A43B4CEDB072 1969664 ----a-w- C:\WINDOWS\SysWOW64\wpdshext.dll 2015-05-16 09:39:49 95AB9B30166221ED22E43290D47198CD 364544 ----a-w- C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-05-16 09:39:48 F601DD8702FB90928A4069AAF3329D2D 1560576 ----a-w- C:\WINDOWS\SysWOW64\DWrite.dll 2015-05-16 09:39:46 D74445161E58644309F858342F5E265C 19691008 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll 2015-05-16 09:39:45 0E22CD36FC3292CB812CC46CBCFD8444 12828672 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll 2015-05-16 09:39:42 CB5F450D21B9D76B7F01D006E4AEDB40 1882112 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll 2015-05-16 09:39:42 C525258A00ECFB4CE089F54C163268C3 2278400 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll 2015-05-16 09:39:42 6E2B4875B968324E5844F35A37A79260 4305920 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll 2015-05-16 09:39:41 F2DB87F164BC13AB8EF90FBF5D866B65 664576 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll 2015-05-16 09:39:41 C2EB0AA5570CF8BC881B36EE55A59337 688640 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll 2015-05-16 09:39:41 C1A32612710492D0C3339E46EC15E333 504320 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll 2015-05-16 09:39:41 AA2F2D55DEF98007839D0189D721D70B 1310208 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll 2015-05-16 09:39:41 07E82A31808C8BC053D1DE547082C58F 341504 ----a-w- C:\WINDOWS\SysWOW64\html.iec 2015-05-16 09:39:40 CFCB89C0FE8EF502A7934C0D20E5DBD6 76288 ----a-w- C:\WINDOWS\SysWOW64\mshtmled.dll 2015-05-16 09:39:40 8004E2E3D4DFEE81D6E102C537568AEC 327168 ----a-w- C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-05-16 09:39:40 7B4FA4B41FBDBB12C5038FCB6E6652AA 285696 ----a-w- C:\WINDOWS\SysWOW64\dxtrans.dll 2015-05-16 09:39:40 136687227F11CE928CB05F4FD90319AC 2052608 ----a-w- C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-05-16 09:39:39 F7F090E8B59FEFC50BE6F2A1ABB1ED5D 230400 ----a-w- C:\WINDOWS\SysWOW64\webcheck.dll 2015-05-16 09:39:39 D8CAF4753CD2456C761E6761F2C713EE 128000 ----a-w- C:\WINDOWS\SysWOW64\iepeers.dll 2015-05-16 09:39:39 48143005C6FCE6D252162EE371532063 880128 ----a-w- C:\WINDOWS\SysWOW64\inetcomm.dll 2015-05-16 09:39:38 63A2E3E9C771B1D4D7D84942D6FCB661 710144 ----a-w- C:\WINDOWS\SysWOW64\ieapfltr.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-05-16 16:02:32 5461373AB510F4C22CE61EB7965BE8F2 124112 ----a-w- C:\WINDOWS\Sysnative\PresentationCFFRasterizerNative_v0300.dll 2015-05-16 09:40:17 3DB29814EA5A2091425200B58E25BA15 2256896 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll 2015-05-16 09:39:57 4658D596725A71521971054D3AF1DCD0 2819584 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers.dll 2015-05-16 09:39:56 7E36F0698777668A09DD316E59807E0E 172544 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Input.Inking.dll 2015-05-16 09:39:54 62E3FCC2789CA52AA8A59122FDFCE26E 429568 ----a-w- C:\WINDOWS\Sysnative\schannel.dll 2015-05-16 09:39:53 9D17F78BB04A3EF67426AFD087660188 410017 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml 2015-05-16 09:39:53 9703EC57F5BBB94F89CA80A5D0C12221 1429504 ----a-w- C:\WINDOWS\Sysnative\diagtrack.dll 2015-05-16 09:39:53 4C0E8295772A78291A0E256882A0D0E2 36864 ----a-w- C:\WINDOWS\Sysnative\UtcResources.dll 2015-05-16 09:39:52 CBB2FE432D81825C174A65DCE538A610 1441792 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2015-05-16 09:39:52 952D277678FC177CA8549B92A01C4C2C 24576 ----a-w- C:\WINDOWS\Sysnative\sdbinst.exe 2015-05-16 09:39:52 2DDC7AE2C753033E5EC95F3358358043 445440 ----a-w- C:\WINDOWS\Sysnative\certcli.dll 2015-05-16 09:39:51 E0C7813A97CA7947FF5C18A8F3B61A45 410128 ----a-w- C:\WINDOWS\Sysnative\services.exe 2015-05-16 09:39:51 8442CC9A31FC381255B98D615E49EF82 2162176 ----a-w- C:\WINDOWS\Sysnative\SRH.dll 2015-05-16 09:39:51 48CC2698381AA1F6FBE0D78507281B40 4417536 ----a-w- C:\WINDOWS\Sysnative\dbgeng.dll 2015-05-16 09:39:51 161156327265FB02A820506B98DA7A07 1491456 ----a-w- C:\WINDOWS\Sysnative\dbghelp.dll 2015-05-16 09:39:51 0F5DF8F08C138D9E1DE88984FEAA1B96 1696256 ----a-w- C:\WINDOWS\Sysnative\wevtsvc.dll 2015-05-16 09:39:51 0BB6089A1AEE468209FE22E29E6B87BD 2067968 ----a-w- C:\WINDOWS\Sysnative\wpdshext.dll 2015-05-16 09:39:50 053EF531F55B508343BB3CA91386C1C7 186368 ----a-w- C:\WINDOWS\Sysnative\dpapisrv.dll 2015-05-16 09:39:49 B023C38663271E79FC2A9B63F6FE6417 445440 ----a-w- C:\WINDOWS\Sysnative\PhotoMetadataHandler.dll 2015-05-16 09:39:48 7719BBE3BDA2171FF0955171D9460D26 4180480 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2015-05-16 09:39:48 6C068E7207F183FF3647E45D2599E80C 1387008 ----a-w- C:\WINDOWS\Sysnative\FntCache.dll 2015-05-16 09:39:48 4829F2EFACF23F63D6D85B7F1084FB70 1996800 ----a-w- C:\WINDOWS\Sysnative\DWrite.dll 2015-05-16 09:39:46 C31D57F7A58FACDA2671075CEBA75199 24971776 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2015-05-16 09:39:45 E061B5A1D0F9BBACA41149201ADF4A3B 14401536 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2015-05-16 09:39:43 79A4C71CD8B610DE9F66B72B5654C450 6025728 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2015-05-16 09:39:42 F0289B3A341429117696F0279DA977B6 2352128 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2015-05-16 09:39:42 843D063E75B19188759CBEC82828BCB1 2885120 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2015-05-16 09:39:41 F918BE3C5ACA0B6485D725CC1A5348DC 2125824 ----a-w- C:\WINDOWS\Sysnative\inetcpl.cpl 2015-05-16 09:39:41 ED4EB5A0CDD251A17B946C515CB94D70 1547264 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2015-05-16 09:39:41 E20B5098C8707B2CF0858024568234FF 801280 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2015-05-16 09:39:41 C1D6BD834E69E8F77C8B4DDFCEE073F6 417792 ----a-w- C:\WINDOWS\Sysnative\html.iec 2015-05-16 09:39:41 B85ECB91C88F6E74045061B7F7DDEFA2 584192 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2015-05-16 09:39:41 63061A0826839DE8F5B4713976C99F1B 816640 ----a-w- C:\WINDOWS\Sysnative\jscript.dll 2015-05-16 09:39:41 5EDC6AF7589B65C89CB1154B3377D0C4 720384 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2015-05-16 09:39:41 1921A72BF1273BED72E569EF1F1A0611 92160 ----a-w- C:\WINDOWS\Sysnative\mshtmled.dll 2015-05-16 09:39:40 EB9FCD39D65E23380CB2C2F0E6F2ED53 316928 ----a-w- C:\WINDOWS\Sysnative\dxtrans.dll 2015-05-16 09:39:40 8541124139D68239B1EDE3E490367A6C 107520 ----a-w- C:\WINDOWS\Sysnative\inseng.dll 2015-05-16 09:39:40 1D610F215769E4FF56C7B1847DE4B86D 633856 ----a-w- C:\WINDOWS\Sysnative\ieui.dll 2015-05-16 09:39:40 0D2B130C7B5BCEC85D7A789A4338F9B7 262144 ----a-w- C:\WINDOWS\Sysnative\webcheck.dll 2015-05-16 09:39:39 AB8DF81AC1BF4546C3102469B840009E 145408 ----a-w- C:\WINDOWS\Sysnative\iepeers.dll 2015-05-16 09:39:39 673582881DAC4B27E9368BC8834507DD 374272 ----a-w- C:\WINDOWS\Sysnative\iedkcs32.dll 2015-05-16 09:39:39 49B1935F131A44CD29857D6900CB643F 800768 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2015-05-16 09:39:39 14673D16D433373898FE3006C5A01157 1032704 ----a-w- C:\WINDOWS\Sysnative\inetcomm.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2015-05-16 09:40:24 95B0179BDA907252025DEEA183699FB3 467776 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2015-05-16 09:40:15 272A62B660A48AEF366F8A1836CED19F 57856 ----a-w- C:\WINDOWS\Sysnative\drivers\bthhfenum.sys 2015-05-16 09:39:56 FE14D249D39368CA62D8DA6BC94AC694 80384 ----a-w- C:\WINDOWS\Sysnative\drivers\ahcache.sys 2015-05-16 09:39:52 5E5AB950693F2C6D6ACBEE3A74697ED7 561928 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2015-05-16 09:39:51 C54B6B2170BF628FD42F799A66956D75 239424 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2015-05-16 09:39:51 95E295FD19F80B3AD33629B5AEFEC9C7 154432 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys 2015-05-16 09:39:49 C61EAF8E1E4B2F62BA4FDF457440B2C6 316416 ----a-w- C:\WINDOWS\Sysnative\drivers\udfs.sys 2015-04-20 17:04:38 E16E2431516D904CED3946AD3FF8C86B 854 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.INF 2015-04-20 17:04:38 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.SYS 2015-04-20 17:04:38 7846ED59291A134CC5DD017C6EC7B433 8222 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.CAT ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-05-18 16:54:00 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Christ\AppData\Roaming ====== 2015-05-19 17:00:40 -------- d-----r- C:\Users\Christ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-04-20 17:18:15 -------- d-----w- C:\Users\Christ\AppData\Local\NPE ====== C:\Users\Christ ====== 2015-05-16 09:19:01 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp ====== C: exe-files == 2015-05-19 16:38:59 464D0BB92C5BD20AF4DFC0CC6E5BD245 1923224 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\winword.exe 2015-05-19 16:38:56 D480690AF313CFF51348BA5D40682EE9 7879384 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CMigrate.exe 2015-05-19 16:38:53 9C517E27D1715B3DA99DA458E7642718 5762776 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CMigrate.exe 2015-05-19 16:38:53 73B46339150F02E9A0594F104EB3621C 39592 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\appsharinghookcontroller64.exe 2015-05-19 16:38:50 20A0267F79C6A5669D78BCFA59E19065 83184 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe 2015-05-19 16:38:47 79ACB90AAB79073C016FF19530B6961D 1763496 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\onenote.exe 2015-05-19 16:38:46 A46AB052C131542B7771F10FF4140EBB 25719456 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excel.exe 2015-05-19 16:38:45 52B5C1654397D3779D3FC40A909235DC 21938840 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe 2015-05-19 16:38:44 C04313FB05B248F0E610066EE3D4407F 498880 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msouc.exe 2015-05-19 16:38:44 6993C9023D5D976D92C8B2886B58C7DF 4522176 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\graph.exe 2015-05-19 16:38:44 0E4787C04EA620FD3220078A1B0BCF60 517360 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\iecontentservice.exe 2015-05-19 16:38:34 8AB2EA7948940795A6156EE34832EF53 1130200 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe 2015-05-19 16:38:09 AF67D6EA66D8653069AA16D00602C2E7 569592 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE 2015-05-18 16:54:02 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Christ.exe 2015-05-16 13:21:59 EB81815F1628247337DCF5C44A137366 869192 ----a-w- C:\Users\Christ\AppData\Local\Google\Chrome\User Data\SwReporter\3.20.1\software_reporter_tool.exe 2015-05-16 09:40:14 57ABF04B01CBA20B76F3EE89C18C6612 474624 ----a-w- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe 2015-05-16 09:39:52 952D277678FC177CA8549B92A01C4C2C 24576 ----a-w- C:\Windows\System32\sdbinst.exe 2015-05-16 09:39:52 0FDCB0931B57280D59942556A6706372 21504 ----a-w- C:\Windows\SysWOW64\sdbinst.exe 2015-05-16 09:39:51 E0C7813A97CA7947FF5C18A8F3B61A45 410128 ----a-w- C:\Windows\System32\services.exe 2015-05-16 09:39:41 5EDC6AF7589B65C89CB1154B3377D0C4 720384 ----a-w- C:\Windows\System32\ie4uinit.exe 2015-05-16 09:39:18 3E4D0668C6E0AFD10AFF52C134AC3CC8 2138112 ----a-w- C:\Program Files\Windows Journal\Journal.exe 2015-05-16 09:31:38 D308FEE17FBACB94C2E27067AE2C57A6 1044048 ----a-w- C:\Program Files (x86)\Google\Update\Install\{0EAC79ED-A956-46D0-9195-66D7D8A280A1}\42.0.2311.152_42.0.2311.135_chrome_updater.exe 2015-05-16 09:31:38 D308FEE17FBACB94C2E27067AE2C57A6 1044048 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\42.0.2311.152\42.0.2311.152_42.0.2311.135_chrome_updater.exe 2015-05-16 09:26:27 F6EEE6848E933962E12E7B3F25C73C88 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateBroker.exe 2015-05-16 09:26:27 6732C4A894855042FD3618406B6BBD48 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe 2015-05-16 09:26:27 0894890F30B5F6510DF953BC50B5504F 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateWebPlugin.exe 2015-05-16 09:26:16 C990A8EAD57DA59FA8156CC02D3B7DA5 931408 ----a-w- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateSetup.exe 2015-05-16 09:26:14 BB3045B399D898061B926B447C446E05 127816 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdateComRegisterShell64.exe 2015-05-16 09:26:14 6509A96DAE25340772B51AC020CB1094 304968 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe 2015-05-16 09:26:11 C990A8EAD57DA59FA8156CC02D3B7DA5 931408 ----a-w- C:\Program Files (x86)\Google\Update\Install\{98AD5084-2E4D-4A41-929A-7BDEEA905F9A}\GoogleUpdateSetup.exe 2015-05-16 09:26:11 C990A8EAD57DA59FA8156CC02D3B7DA5 931408 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.27.5\GoogleUpdateSetup.exe 2015-05-16 09:26:11 8715A0D10CFFC8DEE923957F07DAA042 244040 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe 2015-05-16 09:26:11 0C03FB91E17987EED93F60007B08DAA0 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleUpdate.exe 2015-05-16 09:22:46 2C82F8728CEBAF45F8D31983A43B2B32 7668424 ----a-w- C:\Users\Christ\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe 2015-05-16 09:22:46 2C82F8728CEBAF45F8D31983A43B2B32 7668424 ----a-w- C:\Users\Christ\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\OneDriveSetup.exe 2015-05-16 09:22:42 470F38CEE0842E1F5FE579C30D717A0E 149704 ----a-w- C:\Users\Christ\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncConfig.exe === C: other files == 2015-05-16 09:40:24 95B0179BDA907252025DEEA183699FB3 467776 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS 2015-05-16 09:40:15 272A62B660A48AEF366F8A1836CED19F 57856 ----a-w- C:\Windows\System32\drivers\bthhfenum.sys 2015-05-16 09:39:56 FE14D249D39368CA62D8DA6BC94AC694 80384 ----a-w- C:\Windows\System32\drivers\ahcache.sys 2015-05-16 09:39:52 5E5AB950693F2C6D6ACBEE3A74697ED7 561928 ----a-w- C:\Windows\System32\drivers\cng.sys 2015-05-16 09:39:51 C54B6B2170BF628FD42F799A66956D75 239424 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2015-05-16 09:39:51 95E295FD19F80B3AD33629B5AEFEC9C7 154432 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2015-05-16 09:39:49 C61EAF8E1E4B2F62BA4FDF457440B2C6 316416 ----a-w- C:\Windows\System32\drivers\udfs.sys 2015-05-16 09:39:48 7719BBE3BDA2171FF0955171D9460D26 4180480 ----a-w- C:\Windows\System32\win32k.sys 2015-05-16 09:34:35 9C52F7E032EFF526DC04AF86508E7ADE 15370 ----a-w- C:\ProgramData\PCDr\6584\AddOnDownloaderCache\zipped\873c94c8-114d-4d39-a36a-14d636c6e7f3.zip 2015-05-16 09:34:34 7EB4119B0A444FB77A789BF3CAD61F8E 62152 ----a-w- C:\ProgramData\PCDr\6584\AddOnDownloaderCache\zipped\48db0c93-e691-44fc-9c6b-a61e60525cfe.zip 2015-05-16 09:22:41 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\Christ\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\CollectOneDriveLogs.bat ======== System Restore Points ======== RP20: 16-5-2015 12:47:34 - Windows Update RP21: 19-5-2015 18:53:19 - Norton 360 Registry Clean ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-4100087890-3028816571-2610552428-1002\Software\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe" "DellSystemDetect"="C:\Users\Christ\AppData\Local\Apps\2.0\1T2JCQ86.59K\EDE7RV97.KYP\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "NBKeyScan"="C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" "OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe" "DellSystemDetect"="C:\Users\Christ\AppData\Local\Apps\2.0\1T2JCQ86.59K\EDE7RV97.KYP\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4P1" "RtHDVBg_PushButton"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" ==== Startup Folders ====================== 2015-01-25 12:33:09 1318 ----a-w- C:\Users\Christ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk 2015-01-16 20:25:36 1131 ----a-w- C:\Users\Christ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk 2015-01-19 19:07:50 2121 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16-01-2015 22:16] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16-01-2015 22:16] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\WINDOWS\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe] "C:\WINDOWS\SysNative\tasks\Dell SupportAssistAgent AutoUpdate" [C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe"] "C:\WINDOWS\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\Dell\SupportAssist\sessionchecker.exe"] "C:\WINDOWS\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\Dell\SupportAssist\uaclauncher.exe"] "C:\WINDOWS\SysNative\tasks\RtHDVBg_PushButton" ["C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"] "C:\WINDOWS\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{D7894B5D-0AFE-4BFE-AB0C-32C4150BA74D}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe] "C:\WINDOWS\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn" [19-05-2015 19:00] ==== Chromium Look ====================== Google Chrome Version: 42.0.2311.152 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions iikflkcanblccfahdhdonehdalibjnif - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14-07-2014 18:22] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx[05-03-2015 10:45] Google Slides - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Bejeweled - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm Google Docs - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Elite Unzip - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea Elite Unzip - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn Bookmark Manager - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik An awesome tetris game for the moments when you need to kill the boredom. - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieicmdpibfnjbmjolkmohnelljmjomoj Norton Identity Safe - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Norton Security Toolbar - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Tisto - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh Norton Safe Search as default for Chrome - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl Google Wallet - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Christ\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.kpnvandaag.nl/", "startup_urls": [ "http://www.kpnvandaag.nl/#Overzicht" ] ==== Chromium Fix ====================== C:\Users\Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea deleted successfully C:\Users\Christ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{8110806F-C1A7-42D9-AC8F-22DD09FEFD38}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {8110806F-C1A7-42D9-AC8F-22DD09FEFD38} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\Users\Christ\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Christ\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Christ\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Christ\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4100087890-3028816571-2610552428-1002\Software\Microsoft\Internet Explorer\SearchScopes\{8110806F-C1A7-42D9-AC8F-22DD09FEFD38} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8110806F-C1A7-42D9-AC8F-22DD09FEFD38} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8110806F-C1A7-42D9-AC8F-22DD09FEFD38} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\UpdatusUser\Desktop\Audacity 1.3 Beta.lnk - C:\Program Files (x86)\Audacity 1.3 Beta\audacity.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\HP Solution Center.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe C:\Users\Public\Desktop\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero8\Nero Home\NeroHome.exe -ScParameter=65 C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65 C:\Users\Public\Desktop\Winkel voor HP-benodigheden.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\SupportAssist\PC Checkup.lnk - C:\Program Files\Dell\SupportAssist\pcdlauncher.exe -startingpage pccheckup -lloc pccheckup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\SupportAssist\SupportAssist.lnk - C:\Program Files\Dell\SupportAssist\pcdlauncher.exe -lloc dsc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360\Norton 360.lnk - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\uistub.exe /win8 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype voor bureaublad.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\TomTom MyDrive Connect.lnk - C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe "-startda" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\Verwijder MyDriveConnect.lnk - C:\Program Files (x86)\MyDrive Connect\Uninstall MyDriveConnect.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom\Verwijder TomTom MyDrive Connect.lnk - C:\Program Files (x86)\MyDrive Connect\Uninstall TomTom MyDrive Connect.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Uninstall List x64 ====================== 64 Bit HP CIO Components Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}] Audacity 1.3.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Audacity 1.3 Beta_is1] Bing Bar [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3611CA6C-5FCA-4900-A329-6A118123CCFC}] BufferChm [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}] Copy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}] CyberLink LabelPrint 2.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}] CyberLink Media Suite 10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}] CyberLink Media Suite Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}] CyberLink Power2Go 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}] CyberLink PowerDirector 10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}] CyberLink PowerDVD 12 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}] D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}] Dell Backup and Recovery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}] Dell Data Vault [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}] Dell Digital Delivery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}] Dell SupportAssist [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC-Doctor for Windows] Dell SupportAssistAgent [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{287348C8-8B47-4C36-AF28-441A3B7D8722}] Dell System Detect [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\73f463568823ebbe] Dell Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{713A4123-9417-4FF7-AC14-F000D6C0C7AD}] Dell WLAN and Bluetooth Client Installation [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28006915-2739-4EBE-B5E8-49B25D32EB33}] Destinations [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}] DeviceDiscovery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}] DJ_AIO_06_F2400_SW_Min [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8CEBA-EC2B-4B37-97B8-C87AF6302601}] F2400 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60F0F139-0C04-4D9C-9C6C-DEF35766BAB3}] Fotogalerie [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}] Galerie de photos [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{446CC8CE-0E90-44F7-ADD0-774B243EF090}] Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] GPBaseService2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB3447F6-9553-4AA9-960E-0DB5310C5779}] GrabIt 1.7.2 Beta 6 (build 1008) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GrabIt_is1] HP Customer Participation Program 14.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HPExtendedCapabilities] HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCDD692B-172D-440A-9A1B-501C71D72CC8}] HP Imaging Device Functions 14.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions] HP Solution Center 14.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools] HP Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}] HPDiagnosticAlert [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}] HPPhotoGadget [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CAE4213F-F797-439D-BD9E-79B71D115BE3}] HPProductAssistant [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}] HPSSupply [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}] Intel(R) Management Engine Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}] Intel(R) Rapid Storage Technology [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{409CB30E-E457-4008-9B1A-ED1B9EA21140}] Intel(R) Rapid Storage Technology [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}] Intelİ Trusted Connect Service Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89AFB053-A343-46EF-97E4-D593AD7184E6}] MarketResearch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D360FA88-17C8-4F14-B67F-13AAF9607B12}] Microsoft Office 2013 voor Thuisgebruik en Studenten - nl-nl [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HomeStudentRetail - nl-nl] Microsoft Office Professional Plus 2010 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUSR] Microsoft OneDrive [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}] Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}] Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)] Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3FF59A46-2208-3A7A-BC8E-5DC0BBBA1A87}] Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{03CC9D58-B132-4CC0-A521-4F3660AA43C7}] Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BABDA39-61CF-41EE-992D-4054B6649A9B}] Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A17946CA-18E5-4CF0-8D55-A56D804718F8}] Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}] Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}] MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}] MSVCRT110 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}] MSVCRT110_amd64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9FA781F-3E80-4399-825A-AD3E11C28C77}] MyDriveConnect 4.0.2.2123 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyDriveConnect] MyHarmony [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\036a0e4fc6a247ec] Nero 8 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A5B876D-A900-4AAB-B557-DE827BE46E6C}] neroxml [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}] Norton 360 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\N360] NVIDIA-configuratiescherm 347.52 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] NVIDIA 3D Vision stuurprogramma 347.52 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] NVIDIA Grafisch stuurprogramma 347.52 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] NVIDIA HD Audio-stuurprogramma 1.3.33.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] NVIDIA PhysX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}] NVIDIA PhysX System Software 9.13.0604 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] NVIDIA Stereoscopic 3D Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIAStereo] NVIDIA Update 10.4.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] NVIDIA Update Components [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update] NVIDIA Update Core [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{743FD554-A73F-4FE8-BE7B-C283D16297F9}] Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D888F114-7537-4D48-AF03-5DA9C82D7540}] Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}] Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F54030F3-14B6-432D-9361-78DCB1473920}] Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30F99474-EBE3-4134-A02B-F6CD38CFE243}] Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F67CA22C-C11F-4573-8406-57F75BA06B51}] Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC6C7107-7D72-41A1-A031-3CE751159BAB}] Qualcomm Atheros Bluetooth Suite (64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A84A4FB1-D703-48DB-89E0-68B6499D2801}] QuickTransfer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E517094C-06B6-419F-8FFD-EF4F57972130}] Realtek Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] Scan [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{06A1D88C-E102-4527-AF70-29FFD7AF215A}] Shop for HP Supplies [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Shop for HP Supplies] Skype Click to Call [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}] SkypeT 7.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] SolutionCenter [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}] Status [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}] Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD] Toolbox [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{292F0F52-B62D-4E71-921B-89A682402201}] TrayApp [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}] Visual Studio C++ 10.0 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4412F224-3849-4461-A3E9-DEEF8D252790}] WebReg [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8EE94FD8-5F52-4463-A340-185D16328158}] Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}] Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0454BB9A-2A7A-4214-BDFF-937F7A711A44}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C034A6F9-6569-491B-B3BF-F5D15221A708}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite] Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}] Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}] Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE7C0B3D-50B9-4951-BE78-A321CBF86552}] Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}] Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CCBD1F4-CEEC-452A-9CB8-46564B501315}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18272881-CFC0-434D-A975-E5BE44206AA0}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4AA2A466-8031-403A-8236-5301B4E391FB}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}] ==== HijackThis Entries ====================== F3 - REG:win.ini: load=C:\Users\Christ\LOCALS~1\Temp\mslotwma.com F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [MyDriveConnect.exe] C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Christ\AppData\Local\Apps\2.0\1T2JCQ86.59K\EDE7RV97.KYP\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Startup: Verzenden naar OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.dell.com O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe O23 - Service: BingBar Service (BBSvc) - Unknown owner - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe (file missing) O23 - Service: BBUpdate - Unknown owner - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe (file missing) O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\SysWOW64\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [Nero AG] OfficeSyncProcess = "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [MS] MyDriveConnect.exe = C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [file not found] DellSystemDetect = C:\Users\Christ\AppData\Local\Apps\2.0\1T2JCQ86.59K\EDE7RV97.KYP\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [QualcommİAtherosİ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} IAStorIcon = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [Intel Corporation] RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [Realtek Semiconductor] RtHDVBg = "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1 [Realtek Semiconductor] RtHDVBg_PushButton = "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM [Realtek Semiconductor] NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [NVIDIA Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} HP Software Update = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard] BCSSync = "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS] NBKeyScan = "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [Nero AG] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\(Default) = Skype for Business Click to Call BHO -> {HKLM...CLSID} = Skype for Business Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [MS] {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Norton Identity Protection -> {HKLM...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [Symantec Corporation] -> {HKLM...Wow...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [Symantec Corporation] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM...CLSID} = Skype Click to Call for Internet Explorer \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS] -> {HKLM...Wow...CLSID} = Skype Click to Call for Internet Explorer \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [MS] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [MS] -> {HKLM...Wow...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Norton Identity Protection -> {HKLM...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [Symantec Corporation] -> {HKLM...Wow...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [Symantec Corporation] {6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Norton Vulnerability Protection -> {HKLM...Wow...CLSID} = Norton Vulnerability Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [Symantec Corporation] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM...CLSID} = Skype Click to Call for Internet Explorer \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS] -> {HKLM...Wow...CLSID} = Skype Click to Call for Internet Explorer \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] DBARFileBackuped\(Default) = {831cebdd-6baf-4432-be76-9e0989c14aef} -> {HKLM...CLSID} = DBROverlayIconBackuped.DBROverlayIconBackuped Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [Softthinks SAS] DBARFileNotBackuped\(Default) = {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} -> {HKLM...CLSID} = DBROverlayIconNotBackuped.DBROverlayIconNotBackuped Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [Softthinks SAS] DBRShellOverlayBackupFile\(Default) = {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} -> {HKLM...CLSID} = DBROverlayIconBackuped.DBROverlayIconBackuped Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [Softthinks SAS] DBRShellOverlayModifiedBackupFile\(Default) = {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} -> {HKLM...CLSID} = DBROverlayIconNotBackuped.DBROverlayIconNotBackuped Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [Softthinks SAS] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] OverlayExcluded\(Default) = {4433A54A-1AC8-432F-90FC-85F045CF383C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [Symantec Corporation] OverlayPending\(Default) = {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [Symantec Corporation] OverlayProtected\(Default) = {476D0EA3-80F9-48B5-B70B-05E677C9C148} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [Symantec Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\WINDOWS\system32\nvshext.dll [NVIDIA Corporation] {B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension -> {HKLM...CLSID} = AppShellPage Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [QualcommİAtherosİ] {C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu -> {HKLM...CLSID} = ContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtContextMenu.dll [QualcommİAtherosİ] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...CLSID} = Werkruimten \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext -> {HKLM...CLSID} = Ondernemingsprojecten \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] {CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONFILTER.DLL [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office15\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office15\msoshext.dll [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\VISSHE.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office15\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office15\msoshext.dll [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...Wow...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\VISSHE.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONFILTER.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...Wow...CLSID} = Werkruimten \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...Wow...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...Wow...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...Wow...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...Wow...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM...Wow...CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...Wow...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler -> {HKLM...Wow...CLSID} = NeroDigitalIconHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] {7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler -> {HKLM...Wow...CLSID} = NeroDigitalPropSheetHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} = NeroCoverEd Live Icons -> {HKLM...Wow...CLSID} = NeroCoverEdLiveIcons Class \InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <> ("" [file not found]) Security Packages = "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\ {ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider -> {HKLM...CLSID} = AthCredentialProvider \InProcServer32\(Default) = AthCredentialProvider.dll [QualcommİAtherosİ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {1ee7337f-85ac-45e2-a23c-37c753209769}\(Default) = Smartcard WinRT Provider -> {HKLM...CLSID} = Smartcard WinRT Provider \InProcServer32\(Default) = C:\WINDOWS\system32\SmartcardCredentialProvider.dll [MS] {ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider -> {HKLM...CLSID} = AthCredentialProvider \InProcServer32\(Default) = AthCredentialProvider.dll [QualcommİAtherosİ] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> skypec2c\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM...CLSID} = Skype Click to Call for IE Pluggable Protocol \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F} -> {HKLM...CLSID} = AppShellPage Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [QualcommİAtherosİ] BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [Symantec Corporation] CLVDShellExt\(Default) = {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [Cyberlink] Cover Designer\(Default) = {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} -> {HKLM...Wow...CLSID} = NeroCoverEdContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} -> {HKLM...CLSID} = IEContextMenu Class \InProcServer32\(Default) = "C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\NavShExt.dll" [Symantec Corporation] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {100BD527-7304-4b7f-BEE2-26D97B04EBA4}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] {9ef1900c-cf6c-476a-99be-384b8847985c}\(Default) = DBRShellExtension.DBRShellExtension -> {HKLM...CLSID} = DBRShellExtension.DBRShellExtension Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll [Softthinks SAS] HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\ NBShellHook\(Default) = {100BD527-7304-4b7f-BEE2-26D97B04EBA4} -> {HKLM...Wow...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\ BuPropertySheet\(Default) = {B59987EA-25FE-44B4-8802-E4DE67073D8C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [Symantec Corporation] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} -> {HKLM...CLSID} = FTShellContext Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [QualcommİAtherosİ] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {9ef1900c-cf6c-476a-99be-384b8847985c}\(Default) = DBAR -> {HKLM...CLSID} = DBRShellExtension.DBRShellExtension Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll [Softthinks SAS] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} -> {HKLM...CLSID} = Ath_CopyHook \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\FolderViewImpl.dll [QualcommİAtherosİ] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\WINDOWS\system32\nvshext.dll [NVIDIA Corporation] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler -> {HKLM...Wow...CLSID} = NeroDigitalColumnHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [Symantec Corporation] Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} -> {HKLM...CLSID} = IEContextMenu Class \InProcServer32\(Default) = "C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\NavShExt.dll" [Symantec Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] {100BD527-7304-4b7f-BEE2-26D97B04EBA4}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ NBShellHook\(Default) = {100BD527-7304-4b7f-BEE2-26D97B04EBA4} -> {HKLM...Wow...CLSID} = NBShellHook Class \InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoRun = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoFolderOptions = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoControlPanel = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ EnableCursorSuppression = (REG_DWORD) dword:0x00000001 {unrecognized setting} DisableTaskMgr = (REG_DWORD) dword:0x00000000 {unrecognized setting} DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Christ\OneDrive\Afbeeldingen\Diverse Foto's\IMG_0877.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\WINDOWS\system32\Bubbles.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ CyberLink Media Suite10.1HandleCDBurningOnArrival\ Provider = Media Suite Essentials InvokeProgID = BlankCD InvokeVerb = PlayWithCyberLink Media Suite10.1 HKLM\SOFTWARE\Classes\BlankCD\shell\PlayWithCyberLink Media Suite10.1\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10.1HandleDVDBurningOnArrival\ Provider = Media Suite Essentials InvokeProgID = BlankDVD InvokeVerb = PlayWithCyberLink Media Suite10.1 HKLM\SOFTWARE\Classes\BlankDVD\shell\PlayWithCyberLink Media Suite10.1\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10.1MixedContentOnArrival\ Provider = Media Suite Essentials InvokeProgID = MixedContent InvokeVerb = PlayWithCyberLink Media Suite10.1 HKLM\SOFTWARE\Classes\MixedContent\shell\PlayWithCyberLink Media Suite10.1\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10.1PlayMusicFilesOnArrival\ Provider = Media Suite Essentials InvokeProgID = MusicFiles InvokeVerb = PlayWithCyberLink Media Suite10.1 HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithCyberLink Media Suite10.1\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10.1PlayVideoFilesOnArrival\ Provider = Media Suite Essentials InvokeProgID = VideoFiles InvokeVerb = PlayWithCyberLink Media Suite10.1 HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithCyberLink Media Suite10.1\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10.1ShowPicturesOnArrival\ Provider = Media Suite Essentials InvokeProgID = Picture InvokeVerb = PlayWithCyberLink Media Suite10.1 HKLM\SOFTWARE\Classes\Picture\shell\PlayWithCyberLink Media Suite10.1\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe" "%L" [CyberLink Corp.] MSFhConfigBackup\ Provider = @C:\WINDOWS\system32\fhautoplay.dll,-100 InvokeProgID = FHConfig.AutoPlayHandler InvokeVerb = config HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPromptEachTime\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTime HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSPromptEachTimeNoContent\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTimeNoContent HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] NeroAutoPlay8AudioToNeroDigital\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay8 InvokeVerb = AudioToNeroDigital_PlayCDAudioOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L [Nero AG] NeroAutoPlay8CDAudio\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = CDAudio_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD [Nero AG] NeroAutoPlay8CopyCD\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay8 InvokeVerb = CopyCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:DiscCopy %L [Nero AG] NeroAutoPlay8DataDisc_CD\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = DataDisc_CD_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L [Nero AG] NeroAutoPlay8DataDisc_DVD\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = DataDisc_DVD_HandleDVDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:DVD %L [Nero AG] NeroAutoPlay8LaunchNeroStartSmart\ Provider = Nero StartSmart InvokeProgID = Nero.AutoPlay8 InvokeVerb = LaunchNeroStartSmart_HandleDVDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleDVDBurningOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe /AutoPlay [Nero AG] NeroAutoPlay8PlayAudioCD\ Provider = Nero ShowTime InvokeProgID = Nero.AutoPlay8 InvokeVerb = PlayAudioCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L [Nero AG] NeroAutoPlay8PlayDVD\ Provider = Nero ShowTime InvokeProgID = Nero.AutoPlay8 InvokeVerb = PlayDVD_PlayVideoFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L [Nero AG] NeroAutoPlay8RipCD\ Provider = Nero Burning ROM InvokeProgID = Nero.AutoPlay8 InvokeVerb = RipCD_PlayCDAudioOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L [Nero AG] NeroAutoPlay8TranscodeVideo\ Provider = Nero Recode InvokeProgID = Nero.AutoPlay8 InvokeVerb = TranscodeVideo_PlayDVDMovieOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero Recode\Recode.exe /New:CopyDVDVideo [Nero AG] NeroAutoPlay8VideoCapture\ Provider = Nero Vision ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\Nero\Nero8\Nero Vision\NeroVision.exe" /New:VideoCapture HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] NeroAutoPlay8ViewPhotos\ Provider = Nero PhotoSnap Viewer InvokeProgID = Nero.AutoPlay8 InvokeVerb = ViewPhotos_ShowPicturesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe / [Nero AG] PDirDVArrival\ Provider = PowerDirector ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.exe" /DV HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] Power2Go8.0HandleBDBurningOnArrival\ Provider = Power2Go 8 InvokeProgID = BlankBD InvokeVerb = PlayWithPower2Go8.0 HKLM\SOFTWARE\Classes\BlankBD\shell\PlayWithPower2Go8.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe" "%L" [CyberLink Corp.] Power2Go8.0HandleCDBurningOnArrival\ Provider = Power2Go 8 InvokeProgID = BlankDVD InvokeVerb = PlayWithPower2Go8.0 HKLM\SOFTWARE\Classes\BlankDVD\shell\PlayWithPower2Go8.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe" "%L" [CyberLink Corp.] Power2Go8.0PlayCDAudioOnArrival\ Provider = Power2Go 8 InvokeProgID = AudioCD InvokeVerb = PlayWithPower2Go8.0 HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go8.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe" /AudioRipper "%L" [CyberLink Corp.] PowerDVD12.0MixedContentOnArrival\ Provider = PowerDVD 12 InvokeProgID = MixedContent InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\MixedContent\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" LOCALAUTOPLAY MIXCONTENT "%L" [CyberLink Corp.] PowerDVD12.0PlayCDAudioOnArrival\ Provider = PowerDVD 12 InvokeProgID = AudioCD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY CD "%L" [CyberLink Corp.] PowerDVD12.0PlayDVDMovieOnArrival\ Provider = PowerDVD 12 InvokeProgID = EnDVD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\EnDVD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY DVD "%L" [CyberLink Corp.] PowerDVD12.0PlayMusicFilesOnArrival\ Provider = PowerDVD 12 InvokeProgID = MusicFiles InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" LOCALAUTOPLAY AUDIO "%L" [CyberLink Corp.] PowerDVD12.0PlaySuperVideoCDMovieOnArrival\ Provider = PowerDVD 12 InvokeProgID = SVCD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY VCD "%L" [CyberLink Corp.] PowerDVD12.0PlayVideoCDMovieOnArrival\ Provider = PowerDVD 12 InvokeProgID = VCD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY VCD "%L" [CyberLink Corp.] PowerDVD12.0PlayVideoFilesOnArrival\ Provider = PowerDVD 12 InvokeProgID = VideoFiles InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" LOCALAUTOPLAY VIDEO "%L" [CyberLink Corp.] PowerDVD12.0ShowPicturesOnArrival\ Provider = PowerDVD 12 InvokeProgID = Picture InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\Picture\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" LOCALAUTOPLAY PHOTO "%L" [CyberLink Corp.] Startup items in "Christ" & "All Users" startup folders: -------------------------------------------------------- C:\Users\Christ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} OneNote 2010 Schermopname en Snel starten -> shortcut to: C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [MS] Verzenden naar OneNote -> shortcut to: C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [MS] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp {++} HP Digital Imaging Monitor -> shortcut to: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Co.] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks CLMLSvc_P2G8 -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [CyberLink] CLVDLauncher -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [CyberLink Corp.] Dell SupportAssistAgent AutoUpdate -> launches: C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe AutoUpdate [null data] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] Microsoft Office 15 Sync Maintenance for CHRIST-Christ Christ -> launches: C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [MS] Microsoft OneDrive Auto Update Task-S-1-5-21-4100087890-3028816571-2610552428-1002 -> launches: %localappdata%\Microsoft\OneDrive\OneDrive.exe [MS] Norton WSC Integration -> (HIDDEN!) launches: "C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe" /taskschd [Symantec Corporation] PCDEventLauncherTask -> launches: "C:\Program Files\Dell\SupportAssist\sessionchecker.exe" [PC-Doctor, Inc.] PCDoctorBackgroundMonitorTask -> launches: "C:\Program Files\Dell\SupportAssist\uaclauncher.exe" -backgroundmon scripts\backgroundmon.xml -st PCDoctorBackgroundMonitorTask --ignoresecondarysplash --runsilently [PC-Doctor, Inc.] RtHDVBg_PushButton -> launches: "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM [Realtek Semiconductor] SystemToolsDailyTest -> launches: "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently [file not found] User_Feed_Synchronization-{D7894B5D-0AFE-4BFE-AB0C-32C4150BA74D} -> (HIDDEN!) launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS] {24665715-8766-4358-A186-FA2401D56572} -> launches: C:\WINDOWS\system32\pcalua.exe -a E:\setup.exe -d E:\ [MS] C:\Windows\System32\Tasks\Microsoft\Office Office Automatic Updates -> launches: C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False [MS] Office ClickToRun Service Monitor -> launches: C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService [MS] C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework .NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] .NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] .NET Framework NGEN v4.0.30319 64 Critical -> (HIDDEN!) launches: {613fba38-a3df-4ab8-9674-5604984a299a} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] .NET Framework NGEN v4.0.30319 Critical -> (HIDDEN!) launches: {de434264-8fe9-4c0b-a83b-89ebeebff78e} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\AppID SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666} -> {HKLM...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS] -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent /increment [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1} -> {HKLM...CLSID} = Proactive Scan \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66} -> {HKLM...CLSID} = BthSQM \InProcServer32\(Default) = C:\WINDOWS\System32\BthSQM.dll [MS] Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\kernelceip.dll [MS] Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F} -> {HKLM...CLSID} = Data Integrity Scan \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888} -> {HKLM...CLSID} = DsmRefreshTask Class \InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup SilentCleanup -> launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint Diagnostics -> launches: {5b6b6834-34f0-49b9-ad4e-81d4994c7a74} -> {HKLM...CLSID} = Disk Footprint Diagnostics Task \InProcServer32\(Default) = C:\WINDOWS\system32\DfpCommon.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A} -> {HKLM...CLSID} = FhTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3} -> {HKLM...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS] -> {HKLM...Wow...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371} -> {HKLM...CLSID} = PerfTrack TaskHandler class \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PI Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209} -> {HKLM...CLSID} = Device Installation Group Policy Task Handler \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS] Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b} -> {HKLM...CLSID} = Device Installation Reboot Dialog Task \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS] Plug and Play Cleanup -> launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF} -> {HKLM...CLSID} = Plug and Play Maintenance Task \InProcServer32\(Default) = C:\Windows\System32\pnpclean.dll [MS] Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools MRT_HB -> launches: C:\WINDOWS\system32\MRT.exe /EHB /Q [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Servicing StartComponentCleanup -> launches: 752073A1-23F2-4396-85F0-8FDB879ED0ED [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} -> {HKLM...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] BackupTask -> (HIDDEN!) launches: {60A4C78C-E2B8-4E6E-876F-DA203B02C05E} -> {HKLM...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20} -> {HKLM...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS] refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS] refreshgwxcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS] runappraiser -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RunAppraiser [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43} -> {HKLM...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS] FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA} -> {HKLM...CLSID} = FamilySafety.WebSync \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS] IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SkyDrive Idle Sync Maintenance Task -> launches: {bf6c1e47-86ec-4194-9ce5-13c15dcb2001} [InProcServer32 entry not found] Routine Maintenance Task -> launches: {1b1f472e-3221-4826-97db-2c2324d389ae} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC} -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler Idle Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8} -> {HKLM...CLSID} = Maintenance Configurator \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9} -> {HKLM...CLSID} = Time Synchronization Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS] SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone SynchronizeTimeZone -> launches: %windir%\system32\tzsync.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TPM Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate Scheduled Start -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS] Scheduled Start With Network -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WOF WIM-Hash-Management -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1} -> {HKLM...CLSID} = WOF Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders Work Folders Logon Synchronization -> launches: {97d47d56-3777-49fb-8e8f-90d7e30e1a1e} -> {HKLM...CLSID} = Work Folder Logon Trigger Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] Work Folders Maintenance Work -> launches: {63260bce-a3fb-4a34-aa51-d4d8e877b62b} -> {HKLM...CLSID} = Work Folder Maintenance Task Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WS Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC} -> {HKLM...CLSID} = WinStore Tile Badge Updater \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS] License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS] Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E} -> {HKLM...CLSID} = WinStore License Sync task \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS] WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS] WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\WSService.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\Norton 360 Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe /analyze [Symantec Corporation] Norton Error Processor -> launches: C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe /submit [Symantec Corporation] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-4100087890-3028816571-2610552428-1002 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar -> {HKLM...CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [Symantec Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar -> {HKLM...Wow...CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [Symantec Corporation] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = Se&nd to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [MS] {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\ ButtonText = Skype for Business Click to Call MenuText = Skype for Business Click to Call CLSIDExtension = {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> {HKLM...CLSID} = Skype for Business Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = OneNote Lin&ked Notes MenuText = OneNote Lin&ked Notes CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call settings CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...CLSID} = Skype Click to Call settings \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = Se&nd to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = OneNote Lin&ked Notes MenuText = OneNote Lin&ked Notes CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...Wow...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call settings CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...Wow...CLSID} = Skype Click to Call settings \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Andrea RT Filters Service, AERTFilters, C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [Andrea Electronics Corporation] AtherosSvc, AtherosSvc, "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe" [Windows (R) Win 7 DDK provider] BBUpdate, BBUpdate, C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [file not found] Cyberlink RichVideo Service(CRVS), RichVideo, "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [CyberLink] Dell Data Vault, DellDataVault, "C:\Program Files\Dell\DellDataVault\DellDataVault.exe" [Dell Inc.] Dell Data Vault Wizard, DellDataVaultWiz, "C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe" [Dell Inc.] Dell Digital Delivery Service, DellDigitalDelivery, "c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [null data] Dell SupportAssist Agent, SupportAssistAgent, "C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" [null data] Diagnostics Tracking Service, DiagTrack, C:\WINDOWS\System32\svchost.exe -k utcsvc {C:\WINDOWS\system32\diagtrack.dll [MS]} HP CUE DeviceDiscovery-service, hpqddsvc, C:\WINDOWS\system32\svchost.exe -k hpdevmgmt {C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [Hewlett-Packard Co.]} hpqcxs08, hpqcxs08, C:\WINDOWS\system32\svchost.exe -k hpdevmgmt {C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [Hewlett-Packard Co.]} Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "c:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation] Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [Intel Corporation] Intel(R) Management and Security Application Local Management Service, LMS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [Intel Corporation] Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data] Microsoft Office ClickToRun Service, ClickToRunSvc, "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [MS] Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [Nero AG] Net Driver HPZ12, Net Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\Windows\System32\HPZinw12.dll [Hewlett-Packard]} Network Connection Broker, NcbService, C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\WINDOWS\System32\ncbservice.dll [MS]} Norton 360, N360, "C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\diMaster.dll" /prefetch:1 [Symantec Corporation] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation] NVIDIA Update Service Daemon, nvUpdatusService, "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [NVIDIA Corporation] PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, C:\WINDOWS\SysWOW64\IoctlSvc.exe [Prolific Technology Inc.] Pml Driver HPZ12, Pml Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\Windows\System32\HPZipm12.dll [Hewlett-Packard]} Realtek Audio Service, RtkAudioService, C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [Realtek Semiconductor] Skype Click to Call PNR Service, c2cpnrsvc, "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [MS] Skype Click to Call Updater, c2cautoupdatesvc, "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [MS] SoftThinks Agent Service, SftService, "C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe" [SoftThinks SAS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> MCODS, <> mcpltsvc, (title not found) <> SystemEventsBroker, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> MCODS, <> mcpltsvc, (title not found) <> SystemEventsBroker, Service <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor MG5400 series\Driver = CNMLMBB.DLL [CANON INC.] hpf3l70v.dll\Driver = hpf3l70v.dll [Hewlett-Packard Company] ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Christ\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Christ\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Christ\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Christ\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Christ\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5909 folders=2012 105380573 bytes) ==== Empty Temp Folders ====================== C:\Users\Christ\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Christ\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Microsoft\BingBar" not found "C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on di 19-05-2015 at 19:39:16,05 ======================