Logfile of random's system information tool 1.10 (written by random/random) Run by Véronique at 2015-05-21 21:45:45 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 221 GB (77%) free of 288 GB Total RAM: 3936 MB (11% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:46:07, on 21/05/2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.17356) Boot mode: Normal Running processes: C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Users\Dokter\AppData\Local\gmsd_be_199\upgmsd_be_199.exe C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Dokter\AppData\Local\SmartWeb\SmartWebHelper.exe C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe C:\Program Files (x86)\gmsd_be_199\gmsd_be_199.exe C:\Program Files (x86)\Edu App\bin\EduApp.expext.exe C:\Program Files (x86)\gmsd_be_199\gmsd_be_199.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe C:\Program Files\trend micro\Véronique.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://be.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10028_BE_150518__yaie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336&q={searchTerms} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hp&ts=1431963878&z=f9e15a9a193351fdb09b751g1zec0gft1qbcfb2m4t&from=cor&uid=WDCXWD3200BEVT-08A23T1_WD-WXG1A31N3336N3336 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Edu App 1.0.0.7 - {ebfbdd44-c0e0-4f63-a8e6-ee5f34765238} - C:\Program Files (x86)\Edu App\EduAppbho.dll O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [WinCheck] C:\Users\Dokter\AppData\Local\D831B801-1432149605-11CB-A2B6-C4FDB65A6E5B\bnsb2706.exe O4 - HKLM\..\Run: [SmartWeb] C:\Users\Dokter\AppData\Local\SmartWeb\SmartWebHelper.exe O4 - HKLM\..\Run: [gmsd_be_199] "C:\Program Files (x86)\gmsd_be_199\gmsd_be_199.exe" O4 - HKLM\..\RunOnce: [upgmsd_be_199.exe] C:\Users\Dokter\AppData\Local\gmsd_be_199\upgmsd_be_199.exe -runonce O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_052FD0D7E121C86B81E529B22E0D4608] "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: crossbrowse.lnk = C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe O4 - Startup: SmartWeb.lnk = Dokter\AppData\Local\SmartWeb\SmartWebHelper.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe O23 - Service: OmegaSoft Card Reader Server (CardReaderServer) - Unknown owner - C:\Program Files (x86)\OmegaSoft\Card Reader\OSCRDSVC.EXE O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Crash Portal (fegukygy) - Unknown owner - C:\Users\Dokter\AppData\Roaming\D831B801-1432142357-11CB-A2B6-C4FDB65A6E5B\nsw8439.tmpfs O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Cut Broadband (gupycegy) - Unknown owner - C:\Users\Dokter\AppData\Roaming\D831B801-1432142357-11CB-A2B6-C4FDB65A6E5B\jnswB463.tmp O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing) O23 - Service: Infonaut 1.10.0.14 Client Service (insvc_1.10.0.14) - Infonaut - C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LavasoftTcpService - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Unknown owner - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Carbon Copy Image Editor (rycimizu) - Unknown owner - C:\Users\Dokter\AppData\Roaming\D831B801-1432142357-11CB-A2B6-C4FDB65A6E5B\hnsbCD80.tmp O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: IE Search Set (SearchProtectionService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing) O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Update Edu App - Unknown owner - C:\Program Files (x86)\Edu App\updateEduApp.exe O23 - Service: Util Edu App - Unknown owner - C:\Program Files (x86)\Edu App\bin\utilEduApp.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14729 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-24233de9-7db3-485c-85db-0a9d0db719f0 -SystemEventPortName:HostProcess-8730ec60-0c13-48fd-b1ad-b7aedcc08b80 -IoCancelEventPortName:HostProcess-ffaa0824-c5a9-4881-bfbb-f13f820856e4 -NonStateChangingEventPortName:HostProcess-eb0a7bb6-4c5c-4b6c-89af-9a2532f9fd4e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e9eb9fda-4341-42bc-8eb5-6289b33129c2 -DeviceGroupId: C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe 29524144 "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" \??\C:\Windows\system32\conhost.exe "15158041771016557147-1485056257-17136201921642641796-2168140421340547621-1250990469 "C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "taskhost.exe" taskeng.exe {DA42D4DA-84DA-4F3B-8FDB-9E727BCBF358} C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe" "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe "C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe" "C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-6.exe" /rawdata=aW3fWUbjg/jS5bi8TmGRpof2VoBZHGBcZxlhVfyifLk8Y6Zz1RYvpYoDSVqzzdurza2qQqrXdrUL3hz5tEdmfMQXkPhvOGpv5aenWW+tqNM26296h8EBMBgpBv/X9w0eTO1nmm03q+kgCi0ucQ+/I+mwoSupWnjAeNwqc76HPTopYPm73+ovoX6nsrZkEkjKT3p4fjjwLoPDdCdT5HJGApRIQDPaiRCBbzwW5LFJvMV8lf6g1nWg6rJdX3Z1lEIqnIlYt/0iMo9s7axhWTPiJAErRiOh71kUKzJr2ldMF7Ssh/0v5pmmK9yJWRytCThegs+bUPYxwJSF2SJ+ZBUMX1U83Dd806oiryAFdaACasfNnk9HgoxYplyLxpAkTEwxMN+lOnQLsDx+Lsy1OJrYAVQpb3K3Aad0+h9e1xtcxSiexflDkPVMZxxahaeoJ6DWGjPSFkm6yZKvV1XX/B4Yg4KmAsl0KELHG9rheLW7HMcOBbU1Okp+htYXNoao0+Kapohy3GsSrEv5MlIf+KRfLQXiJsfVevLyQsIjnQS4u9C3kD+1Y/xVMMGgMMTl6au50BYvVO2prH3U9iOYJtuhLpQHhGS69wDX82z4JMr61LrO+/zqy1F1PMyOvgojBG0XBrA1R5EnS2aSwt8WH+vxE1wD0mItzcbMCf3j7PCmS3Jsf9w7AQPPA/fFFz+HK9SeyF92iRQ81/5kcpY3nQqT0cI6iJ/oXcPjm40XAxrkeVppM0uozjjHJ//HC6TRjKtnR3nQgUQr7rCqSBtKCM4083SaFIsJzJ1o7sgm3YcSpx1XsvZav7vnwMsjC9edgiSRA8R3U785+nckhNpO+1fRXGSKNdloR+I4arBrzl0eo8Aarl440LNaS+NxKUVGuyNHNkpIB4jOBW1xwpy0tZNM8PsYKKIz0GWJbHX16BcjRZSAflHMVyKK1ZqWtfbsmVoNBjz23+6Iw6bgj2e8w0rhLYPMND4e5B+I+f6DGxbRWtBuKr+OtNxA/c3z9sv41VabueV4kk+XxAe5lf559TXU6FwriR/Z2Klu4ALmqOtIOIoLzKGs56v/CnJ0d2AdsRmTY/ZwAutptpuG5obbysZEz8x7OEqvAHsOhYn2J22BkRtnNqZ+/d9hvZyBWV8eM9w0NpSZzJl1HyQAfk2oAY2Nbi8w0t2K/HZclHyV8/fKksuP5wXGayr+m3vk9wHWNsH1w910RfnufkK2aUpxIREzo01GGljYJ20+3UHjPspKYNp70lfwfWij516oFEIBjWWa33UuL9oucIXTREBdNzrEDyRle/WUFSQx+FsMxem4jJmfPVSnil9EjHsAnPwyQhJn+LN2G7+Ij+HpS4B2/Q2BkroxJaFvOC/zhO2fEPz98KFJA+tHb9RE4pNP4qYe5weJRIiiRGG2y8KYPP90IUlF4IoAi577HBKG0N+ZeGLeDH2DDBouzVp96UYrsEf4h1VJq1u6jW2dSNrAWspR2qdD6mP5YHXoJZm5rIrP/KXdSHKY8x8ip7JWIr7MhhW4qvpoZBuWG5KKUCdFFk2/fO+Jvlg8/8znApGKK8/BfPXkkXVnD0cFVYN89xGRHqCik8XltTKrpHt39Bt0ra4I0PW065OJX8gu/WcAb6mGknL3JAeSDX8wTfF5udYzcZGnV2UohSE6xvzZ//vMr1SvV59nt2YOcQNcLaR3pOUx9geO+CVO6eBXB41hs75Qc3S4XVANqpLBgvb9I/tbLiCiEDeoo+8HwqO1HFrDIXK4YARYB9o4phv6zm1aQYLIlmszpdWJonyewNVxLsxQwWnPnDQCyNB2WfJM3kpXMT0/oGQEP6WNKG9E071XQbFp58YbJIb4PIxQSCuBGIqqnfII4oErjjsuaoomgMOi3oZFNly3h7e8t+0wpMTnwiYZGF4SsXfutEBjAEdq10IwJ/hPCXV0IMz/r+g4JGLCvvJIN1qtjiKoHNbsUDJ7KwLuwWbokaDaYviY2DaY8wAQGpwy640wGIFlw4Y2pcj7QCdLsBUTHVcQwfvHc2VX/jfFEW+suBBMJGvdLho478HYQBTrs3r0vOUHICN1w7qNPKdWtkiCLR9YPE4dpoNflEN0vvddyWEQaw4rn+cpg8spb6k1+4lE+AgqiPXbCOJUhcgdoNBzhelDmcUJS6IGD/TxSa29TZxlwwRWe7gWK9qY8bZDVaSThKxNAMWRaSnM+gB5kdquOe+CwkYgX4UO+7Qu/LPYuwwWq2K5cJ2exJpJDiFUlcoWRGzG6cAhw+9E9Dti3TsOlclGKNFRVHDNdj2zlQaSg49/+Q5+ysRL28oDzCwzRez2IUcp/9UmqAHwotUyFYqBIqqtbn0U7pXw+XWC5Tbax3cYNRQKAbPZzTMECTbRO1ZxX10TaKFV2JLpBJrWjPQT2q6+54dvY7WVfgy47Mw+roDpJ3BLEj0FpnjX9etxlHA8y9yNp/yrAKcvbH180+87wPGL/s0oFs15DJVqRom3yF6R4XBNjUIzaabJIs7McWYIZnqcTbm+o/SACZ5UUv3qwml7rGJcdS3OAkugszNG5dJq "C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-1-6.exe" /rawdata=AlM4QHCjW6HTjcmYPgfTddnZwa00WOhb3Zr45y/7RLdId/Yqgttjl+wAqw6DEE3kra0+Po61SV4ewkQ6oqpZefww6UmVG6Khevu8lPPLhtVYVSA07cQAIOulzPIB8eHKpCpDZagze8yl64n1v2E5Q4yAcKXaUsadr7lw+bMyki2u+kqj1/UlfUgMhqGFe7X7K93GDLIUb8Ct8EaxtValuqnXGsrCIivuxu6YNSMp9v0ZwSGsQn7mQIGgyf5gfA0yfoqHzp5jQ19KnFKzl4/irdVjUpBXAOLKbTneiSyXXaPc7y36Iaa6quROtqba0mn9Muvh9BGNSH++D5mKFOkxTzGxvtE6gcIHv7tJ8DjQyahjIcOdP6MuvxdjwtP7aZ6dTAo7PIfhcSIOlelMtZ9ltzH9hrHGsrkNXgUkNYpUVQRuBLf3c8QpgINcLJzPC+u/t7raMZ2dKYpvcIqy3HB2AHAKCjC2/qeJkDmMiA4/PJ3tBd2zRLiMrPjBl7QYEasPCa0vNt99j6L3SwleowuA9OePq/QNjeD/YCTrL81HXq3r4kBu38pRc7ObVkuYuGlhCiQZ38W44uvYCpfJGNEOIs/cfP1psHreF3LK35i/QSvwoYd3PpCbjIh0Dp2UoSsxVjHawfeyrv3fqLTOi9irA7qKuWjHG4d1LlwuIwluJdh2iG/2IH9e5rTcyaTc+VB/hePAN48YPc4IrNs40HgPI4JZVE5VYdoWBC/K2FF/Bzjey8/iyXKZ+1U7jN2Xwza1eCp1I17cDz0wpINMI85cpWs+DI7y2PxlBsYM5mlQBeFIM74EcxVUK2YJTWlJckdw1DsWe0TWdWishhq59KCngKS/yEKa5RCVEeZbr5lxD4/nwvAyMHWTrmjB8gOC6vUjiRwFZK3RIx4PStSs8M2Y5rNFq9UiOjNuCqsym7xGeWdU67Jn39yyqK4hQn9avZZZNeKrmTAkPtACQ/rPsfF+2lpfM646hDJgR7iBrnM1xez9pWACelF6nhtFWqW2Pj+tXRyWJ0/SxEQtMTepqvGQBlY9KKkAnYX+7JP/IOclQv2Zrv/HL+3IllCJRdWBr9tiVRVscRLbeKRvjY8kEfYI/ZRjrIS4WINXTLEKm0VeaXBwcg1tGLzg9c2M2OFeTI8APxoAV/kNzna2C5BqrD1IXbKKtwvIc8r0l73PGeFoWbSxxrHADncUDwJxuVk8u7C4aHlRiqWhHcZcjfH+GBDVT3ZfWnWDx5scAWX119HA7im1ALAKWQHo5Q7x2CzPNdqxi9oYdQf+z08AHKBkakIMSsEkSfQUiRbS6A39ph1K0uYXMyhxz9EHZwDByrrSd1KLqkAPDuHD6cjrY0Y8igYo2A== C:\Windows\System32\svchost.exe -k utcsvc "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" C:\Users\Dokter\AppData\Roaming\D831B801-1432142357-11CB-A2B6-C4FDB65A6E5B\nsw8439.tmpfs C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Dokter\AppData\Roaming\D831B801-1432142357-11CB-A2B6-C4FDB65A6E5B\jnswB463.tmp "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe" "C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe" "C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe" "C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe" "C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe" "C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe" C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" "C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe" "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" C:\Users\Dokter\AppData\Roaming\D831B801-1432142357-11CB-A2B6-C4FDB65A6E5B\hnsbCD80.tmp "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE" WLIDSvcM.exe 4536 "C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe" /TUStart /pid:4236 C:\Windows\system32\wbem\unsecapp.exe -Embedding C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files (x86)\Edu App\bin\utilEduApp.exe" "C:\Users\Dokter\AppData\Local\gmsd_be_199\upgmsd_be_199.exe" -runhelper "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" --minimize "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac "C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "C:\Users\Dokter\AppData\Local\SmartWeb\SmartWebHelper.exe" "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --type=gpu-process --channel="4116.0.1336003898\2094433957" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,17,38 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2321 --ignored=" --type=renderer " /prefetch:822062411 "C:\Program Files (x86)\gmsd_be_199\gmsd_be_199.exe" C:\Windows\system32\wbem\unsecapp.exe -Embedding "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\Edu App\updateEduApp.exe" /ieg bb8b5957-47b4-408d-bca3-7b4315479bdc /is reckfpBE "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" C:\Windows\system32\svchost.exe -k SDRSVC "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" "C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe" "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe" -nk -tt_on "taskhost.exe" "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc "C:\Program Files (x86)\gmsd_be_199\gmsd_be_199.exe" /wbn http://wbn.regiedepub.com/cgi-bin/wbnads/render.cgi?cid=3136471937&rid=8FBF2B35750146AD9D23A56D30FBF254&template=wb-01_300x250#wbnotifier "C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe" /c "C:\Program Files (x86)\Edu App\bin\EduApp.PurBrowse64.exe" /l false /s false /c "Edu App" /t "C:\Program Files (x86)\Edu App\bin\TEMP" /i "http://apieduapphomecom-a.akamaihd.net/gsrs?is=reckfpBE&bp=PB3&g=00000000-0000-0000-0000-000000000000" /d {3f1219df-4a4d-40a3-9537-f2a95f4016b3}Gw64 /p 93c7d074-1f78-417d-9561-70ecf9b8ad42:firefox /p d4f8ac69-06f8-42d5-8d3e-20e54fd688c0:chrome /p bb8b5957-47b4-408d-bca3-7b4315479bdc:iexplore /h cdn.sharedaddomain.com,cdn.sharedaddomain2.com 0 10 "C:\Program Files (x86)\Edu App\bin\bau" true \??\C:\Windows\system32\conhost.exe "-1632992110165774083806270039-17599953121951224488158102357618535358561943559361 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="5204.0.1029158607\577328913" "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 5204 "\\.\pipe\gecko-crash-server-pipe.5204" plugin "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe" --proxy-stub-channel=Flash8316.552A4398.29635 --host-broker-channel=Flash8316.552A4398.13974 --host-pid=8316 --host-npapi-version=28 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll" "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe" --channel=8296.0044F8A8.944518818 --proxy-stub-channel=Flash8316.552A4398.29635 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll" --host-npapi-version=28 --type=renderer taskeng.exe {788C361C-2CE1-4C40-82BE-5828710322B8} C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding "C:\Users\Dokter\Downloads\RSITx64(1).exe" "C:\Program Files\PC-Doctor\pcdrcui.exe" -backgroundmon scripts\backgroundmon.xml -st PCDoctorBackgroundMonitorTask ======Scheduled tasks folder====== C:\Windows\tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-1-6.job - C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-1-6.exe /rawdata=AlM4QHCjW6HTjcmYPgfTddnZwa00WOhb3Zr45y/7RLdId/Yqgttjl+wAqw6DEE3kra0+Po61SV4ewkQ6oqpZefww6UmVG6Khevu8lPPLhtVYVSA07cQAIOulzPIB8eHKpCpDZagze8yl64n1v2E5Q4yAcKXaUsadr7lw+bMyki2u+kqj1/UlfUgMhqGFe7X7K93GDLIUb8Ct8EaxtValuqnXGsrCIivuxu6YNSMp9v0ZwSGsQn7mQIGgyf5gfA0yfoqHzp5jQ19KnFKzl4/irdVjUpBXAOLKbTneiSyXXaPc7y36Iaa6quROtqba0mn9Muvh9BGNSH++D5mKFOkxTzGxvtE6gcIHv7tJ8DjQyahjIcOdP6MuvxdjwtP7aZ6dTAo7PIfhcSIOlelMtZ9ltzH9hrHGsrkNXgUkNYpUVQRuBLf3c8QpgINcLJzPC+u/t7raMZ2dKYpvcIqy3HB2AHAKCjC2/qeJkDmMiA4/PJ3tBd2zRLiMrPjBl7QYEasPCa0vNt99j6L3SwleowuA9OePq/QNjeD/YCTrL81HXq3r4kBu38pRc7ObVkuYuGlhCiQZ38W44uvYCpfJGNEOIs/cfP1psHreF3LK35i/QSvwoYd3PpCbjIh0Dp2UoSsxVjHawfeyrv3fqLTOi9irA7qKuWjHG4d1LlwuIwluJdh2iG/2IH9e5rTcyaTc+VB/hePAN48YPc4IrNs40HgPI4JZVE5VYdoWBC/K2FF/Bzjey8/iyXKZ+1U7jN2Xwza1eCp1I17cDz0wpINMI85cpWs+DI7y2PxlBsYM5mlQBeFIM74EcxVUK2YJTWlJckdw1DsWe0TWdWishhq59KCngKS/yEKa5RCVEeZbr5lxD4/nwvAyMHWTrmjB8gOC6vUjiRwFZK3RIx4PStSs8M2Y5rNFq9UiOjNuCqsym7xGeWdU67Jn39yyqK4hQn9avZZZNeKrmTAkPtACQ/rPsfF+2lpfM646hDJgR7iBrnM1xez9pWACelF6nhtFWqW2Pj+tXRyWJ0/SxEQtMTepqvGQBlY9KKkAnYX+7JP/IOclQv2Zrv/HL+3IllCJRdWBr9tiVRVscRLbeKRvjY8kEfYI/ZRjrIS4WINXTLEKm0VeaXBwcg1tGLzg9c2M2OFeTI8APxoAV/kNzna2C5BqrD1IXbKKtwvIc8r0l73PGeFoWbSxxrHADncUDwJxuVk8u7C4aHlRiqWhHcZcjfH+GBDVT3ZfWnWDx5scAWX119HA7im1ALAKWQHo5Q7x2CzPNdqxi9oYdQf+z08AHKBkakIMSsEkSfQUiRbS6A39ph1K0uYXMyhxz9EHZwDByrrSd1KLqkAPDuHD6cjrY0Y8igYo2A== C:\Windows\tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-1-7.job - C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-1-7.exe /rawdata=SQLBrD04yUrRPwm3kAXFEC1fKEMXdgcHwXDRfwkmzHf9BiVoKo3VqTmdcpnT59ew3aey8qb01L+Udr7dv/74QfvfUWh6gSoGnEJbpC2vlux4TQOJT3ClrwkqhsxB7UM19tTqUojuYvFBi13T8epHrtW5vizXDX93MZDFTwZlmZFGW/zMhuAVrktZjV6RtpnhX3jGoZ9aAJIE8ROdCvpqhVEB1aB6oDlPQwezBCtuEYprnJa+mGG4j/O+EIkrS/bgOuWsRFfBiWgC1hCmj5tJMujLKMq8M5uNcGPgD7vsz9aXnN26xP4IZCTW11Irg3tP3FI8JWgxjVbdnFoHxQSkdCWeg+C4cAAVlfGoPHGCDe6sAft/4Qc1/6OgwTtrkdhsRQA+Z4R6N0294AiB4WTLFWy1XQE2sxbHBgYHHZkBF/9c6fFRy4D2NCu5ur7AGHmenvJDockzHZobV6RY1Q2rtSuTgP2zKG2nyBCKCaJZxwBMbhLBkQV1dtGRjwZFVBZVQub/UNhtO5rqzpKtb9W/6yAV8F1ewza2iyfOMXjAJpGmw0Pu8oR2S5MrJOPcWt/1UACB1rLt64z476u02Z+9USX+aDKZhMEmIS2ACoH8r+ib9Ai8fdj4YjdoIh4HWv3V9/dQF9K8thkeGwhgmD0OiMZHjQn1uWw13I6aMFGev9e9qmHRXwVaTCki+5LsHXt3YEhMBG6KTljZcYigag3pozd8O470xi42lUweuxokheitK23od3wfrRHKhtjRpXbarQuQUEf6+bFfm369dhwrr4GsGZ+OTxkT48ZVdkWHw8ZrcSNzx0MVr3gOXTEh8lu1NRxwkH4DpMBswbfqLf4+nl/RiLMRV1a0TNSRODR1lQvR7qMMn32AdtBXvZogED6a4FR7XpOTh4y+tEPIWbM8TmgdRfklTbs1E+j79W+4XG+K7mvr51CA2S+ElArW5hZ3szq6SrFDr+m7HmG0tpfAyhbReTQD3otYG8q+yELsbgc1LHmqTYr/nKn1Jnnp7FRWKnRrnB6ZnmBtNt045CFf4gQj+VZ/pngjNoiWwrK/AGpRVfiIpEAh3tUdKAiQpE82s4dDxFmBFqhd1Ns+n+9Ig2aJCcY2EKNyzTAMmdqd1VUsA6aehHIArSR3ccdZE+xNKPKvzHEfoCtSkNDPS5lHCRMjlocegyQL0dPOck1ayFkGPeYfGB8unHRctPqMNoAUKS4Pafk5sPi9A7z0PqG2/1Q6Pa9a9L9pxuW8Jre6byFMaZs2DUoqCQAc0pwmQeml2T8jRdWAP7sUkQsvfhSMAmFwu/q2clNZ3gb5AZ+HDioJH7wQoPKrgIalwLRfwDn+Z1XLfKXNF1M0tLeN4vTU5ZthKub8yjsMnwwvC1306DpgK8vA4vffEQZ9vqy+wVXbqmF3XAzG2TElsgVlsfrhEagFMfxtEcSk7OJPpLwdr70LSRVboODsfqnbEktwbIWOSvNuNo/+z5WHrGC8Zs9QaD1/yUEr7yWYD6vqekD8rt80MRulhMrUWer18DTbzZYb C:\Windows\tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-10_user.job - C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-10.exe /rawdata=cGhZIpg3rrjEEoGk9H0jVPJeMq3p8A+20sfpbi5ae+zfDMbRPwLnuoTd0eDjATOxlJpxBVUXaYcVf1rOz3RPssil8IQPHs+583P7PZ39wu4iuAR6byhToSV3seDPPDjXy+naHFZokwfFpTRBQ/fYV4BNbPslu0ZzNKffmJQC7BeiMfNX6BjhrLXbDNANcnrVYT56PF2M8rrXklxHCy7xnMll8IpugMvGrUrxD1HMCRcIGk4FuLFtXNjcyjWTvEI7M3eH0dlQRRzs15WIUa2ATyc2xnIKv1ZSFOtNEgFGiiGFlNW4hOb+NnmggBLv5AzqD3y8CMZ5LmVyHDvvc1SDCV+SDZBIIyyOT5w2SpEmMN1fFLc0IpMGpG2+0OUhyUjLhVTD+u5bE3TyBLx/XYDMLvSJoWsDePTX1fUGBII2FuqBvyG0sL+pVVfTTh0KRvHjnhXKrBtId7m+VxGjkZ85pRJicA/u+w9xtd9oK4mAXJyslV8bgO7Xxa5RBbAD3wUqX9TPdH3xnp/W0xMWqV7gonkdD8WQHEQQVF61kV6OEOrFlwbemSUdQ7hrVXqK+bZc6bgHl0ByemHohU8+TDYkqO9nK9cThU9hayz5sSSodNHzJglHGBNSOnMrchTnvual6v4lc3mdEcd1VpZ1rHQg18rWU6Qi5PXS8RSWr6DDHvOilhexSl9XkYZBrfQHD0c5x47R+MaZ5hZ6VX11uGv1/ym3gTj8eJrdZRNDNnL17Vw7+Po4YVvciAZlqTL+S+KdWG3zsXJTNBNKNRM5YNLYilyApyPBK6N76AaOOzNDLKDe5lnZj//MsyAjQ73IfrFfMYQGovprhgdHAweY/nRwtg== C:\Windows\tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-3.job - C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-3.exe /rawdata=Y6OsvRcDMXyYl61vKd7i8/eFYbH3VNVcEs95RyrH6PE89cW7+jAhIPeS2Nh0lqUiQL6oy1c1DP9OklruLcF2OCDoZ2lVOpJ4mijwSaI42oBjurG3cj00MHN1iZBU1t/wioAg8POgMthkZ0nwYNUuH6x+n7IdSmCSIcShDFNoXvduCHT+2nx4b4BOcXAXn4QZFgCe/Pfd7rCZeBk5iCGMaXfxFZ/8p2qkCzTbVnStfCxe2avVshPyw107YJY4nzecEnLmxTv9/+KB5wQA31JdrqBlLl5I/xHwe7CS+egtl2Eh3KZrEwlV6+cqxa1k8VOCGwUuuylCWPDQOdB+s8OzzbqzM006eLSrchbcGVuADCScbGwze/kms3PJau3wZWfUuOB4Tp1ZZEDCmQlcpCooo+Cu/MHeXjYFPbwjkK/JrwRP894RK/qA6LbT1G3HJ4ArLB8TCI12suQ9kbFPxXJZLzZfa8eWX6Dg70qFODuPS11sXPZvSWGn0nTD+0ihVIEJgLV2X94M0xItnJxbER1RCHrHpUELv2RJA7SuJhk+NNYyhdFU/0CAOyyz7lkV/dNaXt3JC9tE96QjGX4huEfuxf4uZ/R9+7vAMKUT1+EcDNO+NpOrFzqOkY1DIAPpntVfnQJhYkUw91P10fvbGVSHLr8UEn4Q/E0IV1ClDffu62IO+qVZVBbnc0HwMp540E+eW7h+j1TWSY2vxLQEV/GiK9ciaicW2RzD7kkP+YJU4sLezTIjNpAxxJYIJNKR4gdDp9aqXrZEdme7Uj8I3KHipx+ZjwYmqAYBFsp8Yn4An7uiw7KdQn2iku3qt+BqGsO6s598ygAyUmO19zw+sZOji6uICky7EasX5BwyHIiISPeiTVdo6+sz5Goi/qsMhjjJIAl7vDCukgbtc9Na1E32hwG+AwtBikjunFPiUL/9oj5nu0jkzlLeFitBpB9zVipbiNx/rK5rkYt+P8QA4KABl/8xA56/8Vk032t4M/D8BopYVkWrYxs+r/TBwHBgZ5LOS/PxAUIAWTr/g21oiz21D2nbgDAY2xouSr+Uex4sMdbuxsOeAhPMOBNfVicbnfu84QAsl5fZt5M59iGtFXeM4WgDVAWs7kGSn8/oKWXNstitx94Nq9g78rPEXNiu6yxCuZgjzgSUtz17TlhAwFp+78XjaYDrV0rQo+mf8BGrhreAEW841O902jHF05LghK2v/heZ4+iznEc1z014x+i4ZqxWLVNmIHunlO1UBjLh+MX3NUXpK5uVe18YGHcC0clEEfaZt7YL/NdF0Py3fdh48uONu0FZgsGgJCz372IRd1EilN9/KE/X1+xW2f2FV0uXOMuAgWnX/HTysCtDZ439jDCKEPzbWnzNKZIRGueQ0A9i5oCaX3bBPMwkjlLiRGap1XvTbfXUyGMRYnrWAp7Y1l6dgGZbcLoQeklFjQX0mnB2Qx7ywA1+H6TIYyO585MrkZtVzsDo4QHuhIC1I1yS3iENq9W91U0giGLcxkVkqLyovveBqRlaQAx72sx6Jdt4yCVhws5uZOr/xwTHPVSR0FPU6ZFOa2Ko5WfkUYrTttv6IbxMRg64HX0kTMnYtB9/SurAb0l90G5TcRLCqBIolQKJMR2y4Fj/pqaLgQXCONLOGcCbKb0OWAZARyEZRVAJH9HZLrsddp3ZBURseS1LuMVazbxArOaOdQlHGsQlalI1/+jPWXooKE9B6ZQcOkfO2zMvr6UOEfeqa84iy9PrtKRcM6x09Zhi/IGhxH2oGWd6IQ6PQ97F0nxGXi/GI+2aj2xK/G67sjmSzsDq2EG32wIOKY1gAwwA7/v5E+hbc7MtaqgFJwJZy0OLSvmn77GVc7shQaqgkWYVqN3CHzGtKxKZcEJUu2LAkmQjrggnBkiCaG9b37xy+XWzxXdAX37sIkqH18gf4wi3CRET5kJNfd2O0Kq8WGivyzL4jlWrGuryYGzgrfXjp7Z2QGB6EdysRfFw3A4RGuQMVB6lKuM1in1PkSv+Xocuf+y1Z4zfaxB11V/fGrbKc09TU7uOVowQ C:\Windows\tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-4.job - C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-4.exe /rawdata=m94Yu1XXsz7l7hMosB7Nah9JDbMdMVMCdlQBH5/uKjKa65nduJqost8LUkHFonjfsiXU9GrTN3wJTr6rHpVPl7JTogUdEm4Tj6yJ4TbnbRNCySv3IFuKGRWz4eFepk/12YRUilY4sm2k4rxn5HqgJVxciAu3iWOjEXEFLD9ZQC8kZ4bBM8YJlIZeovYhdLL20F5WkUzHJgs2/PvzqXfQrNZO1ce96QiHsa40MZWtVW4D4tSBWo229TNY/7gPm+awrSSLiWJQu+YpszMinIlWS1RUm1oN/01VYlvEJQGdw7Eo+ee66MsMgBYHF9agDCRF0ULCC+irVwOHJghEyx25GDElRvLOmaEI1AL1C690PyJbqYhE7+TI1Adi7hL79p9DshDznqRNupgPJSa4ok9N/vaTO01nEqwZ+6OF7CEs5ZmYyu83xlOq4T31h6QOWwya/RgeS+k4JAK7Bwu61G8mfYtPv9AS0y24tyfn//7WnoRsBj/JJUDlM4C4c8TzONRLKxYvld5J3AahvbdMPwCwRnWpPAH5HjMdp+eOiO7fu4q9g1oR1PTIZftJ/aVUzUCEIiecDiOvx2PE3XtHEsArbjDn8QazDfc1u9vxv7fuKU6J5PfIykgwT9A8U59cNx7vDuobrIt/sx7n4SERRdjgVjOYJX13JOa6dZLsoKIrig2B9NA/i7uySg3jJktbaVIdIzqMomywMvljft5+JB8NYzL75MY+8KWIdovO8L8mgR8a2wNWm2WthoqY/bbuBoxZlSYgTEiNvdc5wfLPv7KyjdgheSE+wre4PTDAsl+Y2ZmC/iPRFV9jL+ZdjG46GUbNLTLf1Q9MQA6TceBSj75kOSiGc4sKVW31cS8gxVr78OTheIrQUyS1yTqqVEedlNZ0IghGOS9FmpewKooMl9CZtwm5tDcHtfXepW4CbNmTnaxqGl791xHPnjQfcn9R7s9VHJC9s0PwLtc5mhEklLhsU1a4AqqMK9TG5hXTfGlSH7my5afNtmVktfbVCck3MNsHYDBIyBJoqXX32MK/ALEq+lBB19vr2QWAq1JtWkKfuCk0eK3RojMeoaAfxSEinp1e/XUgaX5JbAid4gHWov3IoRdgCrhv7WocOSZQKL9Pd51YW9sg51PXendvlKgdoiIhLn0eYM2EwzQowHfyQOqdBcNcKpcXapBPJERQ+WSG1OYDtGR3IfLRROPdfz4n3b+KTeP/O4dNIxKW5b5pHA4cmk8CAAZ6vRn1rqzm+PaWDkTVAQTzsRjrxlese41lcOz5r6UMR6Y/iik6Fjf+nG1oKNzPAS8nM6CbXR9tH4D8lsooj17NPuKpsOMiVg67pJmaBuSqe7BQFUBjYBMoT0+bWqPjWCHphaA2wju46dJZnube2/P9LWaK9XtKEphb3rwdf+4iXQZURFAqldcZ1KzT20xTsJq5aXvk0TIPynws6Hu9i+syeLspBFeALmp+d6uBribLGfXSVVJYNQ008bN9siVX89J2w7N07u7l/6issmelNfqtUJw7wumZUWd/0ONgXTYe7+kl18GwmzYuJUt/3eyn48sYMI1/scGXqecmjFXOTEp70aGEzH1pb3F4+YoLVWIzJC3mo8kWFc0Br4S2Khfm4omKrlyjOLcZ6xSz3mBdsYgGLyw6yH7URvEmOkc9WYAGtpn6zbKK1T5+YrmHGVgPnwBv5Nx8FOEsjzwDbHGZhvgzfecnS57wcJZveg8XnUnaX2RS413yy3X4gupoDEVUkr+pFg/RkvdZAA8QEIflbMwoPS77Tw9JBQIlDFZxLRg4pU11wDBqt8PnQSwwDe2sCpWYfbj0H7ixlaxmYgQl7HW8eciGr1kyCJCPCUoNbiA7hhDH7H0BWkLbUBviJGYQYt8Vmk47FYPh/JWEZrEEuwT9ViQ/rsA+rxCI13Wk6GMFydxeGfM4LB3M46NPKG4wwtCVPZEi2sQ28hOvuRjzZl6MfBCwf8qLQC98BDC4tt4GVRy27INDtTy8Lxn6lGUyUpml8OFfaIbSco27NiV57Vjz1DYYrbLhp8U38gjf C:\Windows\tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-5.job - C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-5.exe /rawdata=v0qKoBD+8J60NjMgkKkeZBk7P1LzVCk71PyJ+0lN7YtahSsvH1IJ0Ko/sVxEvlfWHVX2PXH/xQ5xokKfEFWqUeal1J7r4NUZcK7iHR96KTGm4s6Rx0IgyRNcgvg1D6gA4wgKlTpyess8NU1Za1gT3MJybhdLgNYfsRcN7lBfrdJ8/1PUxrJWDXHaxWctFIQ2jbQ9QoFH4u+PtYZX1uYho0HY7U+KMk8aDq/+GZc92kJBpXCx2Kt2hTo0rsTa03ks2GJtKHBs2idlaCTG/W2V8jE6nX2y+A4l3HqEHZb5IKnj+Hftb3eVWGEVkW9l6axSMDZ9kV1+vqVRJrHZfQtnwL/Ra/446R6OmNU4MTCBqIW0a3s5+L67vPwk60D06WpZzEoagyxtibR7aUPch6I5jWXfWFdW+lNavbYwRylGhn4kgaqCm/Fd5VH+b+Y3t+D4IC5wxna8jzobP6o9M4SToaZDtHQPJphKwLdPKuKBBxQbeBtmJmLCt/lPRuGzS9MhhNR/6rXlB6W99ZU/mr0eDsOdHJOFdFkzWttFC2dKuH57h6dl2TlZB+M2cPdxa/CfsvykhZwXrgDmMozoxtl3wImcX2/3ggnD7fLcfY5KF/I10dPQ+tfSHqXLf+mueZV8/q5ufPkLwn31p9GBl5FXdKNDePdMS5H3lvxU8EBB3QoE/BCazCOqHtMpoLOYI+oG6r4Vd/QP7qAHWxjNjRXZxyL6kFiSJe08fspJzvyPFAx2UgZw0SwDJnLu5m5EZXSOyP12AO7CJTPB3QSTxrTkJ40Z7jTjmXjefNkpDz0ebyIdKedbCSn/nhG6G7O7gAABT4WNpq33LLTeibUZj6ft06qftI83kGZttl01PyGhc9nl0Jq+WJHN7MdIFgrfd8655imwaI/INwDh4jkLwM/AMJ44YC8t/+WstJCOb3K7K0fPXioFV1vtNLkmSCKFhUbKwJzvzl5KUHnHl7B4EdTtPW7m5NieZBHJyfgOtGNOQnJJ1Q3ILQJd+Y5iodrVdZ8+ C:\Windows\tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-5_user.job - C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-5.exe /rawdata=v0qKoBD+8J60NjMgkKkeZBk7P1LzVCk71PyJ+0lN7YtahSsvH1IJ0Ko/sVxEvlfWHVX2PXH/xQ5xokKfEFWqUeal1J7r4NUZcK7iHR96KTGm4s6Rx0IgyRNcgvg1D6gA4wgKlTpyess8NU1Za1gT3MJybhdLgNYfsRcN7lBfrdJ8/1PUxrJWDXHaxWctFIQ2jbQ9QoFH4u+PtYZX1uYho0HY7U+KMk8aDq/+GZc92kJBpXCx2Kt2hTo0rsTa03ks2GJtKHBs2idlaCTG/W2V8jE6nX2y+A4l3HqEHZb5IKnj+Hftb3eVWGEVkW9l6axSMDZ9kV1+vqVRJrHZfQtnwL/Ra/446R6OmNU4MTCBqIW0a3s5+L67vPwk60D06WpZzEoagyxtibR7aUPch6I5jWXfWFdW+lNavbYwRylGhn4kgaqCm/Fd5VH+b+Y3t+D4IC5wxna8jzobP6o9M4SToaZDtHQPJphKwLdPKuKBBxQbeBtmJmLCt/lPRuGzS9MhhNR/6rXlB6W99ZU/mr0eDsOdHJOFdFkzWttFC2dKuH57h6dl2TlZB+M2cPdxa/CfsvykhZwXrgDmMozoxtl3wImcX2/3ggnD7fLcfY5KF/I10dPQ+tfSHqXLf+mueZV8/q5ufPkLwn31p9GBl5FXdKNDePdMS5H3lvxU8EBB3QoE/BCazCOqHtMpoLOYI+oG6r4Vd/QP7qAHWxjNjRXZxyL6kFiSJe08fspJzvyPFAx2UgZw0SwDJnLu5m5EZXSOyP12AO7CJTPB3QSTxrTkJ40Z7jTjmXjefNkpDz0ebyIdKedbCSn/nhG6G7O7gAABT4WNpq33LLTeibUZj6ft07aIfvH7WCKsZoIrXaz/40/XuSddTArSGScq8ksdBAqhXCPWN/IPWGS7elPO1/on5C04q+z9JFNYFSGmNiPDM9+X3fprFZKdbVSuwN75u0fpxJMwNwxL8Hd0W+ejYHSb0MefVQL8nEzFd/qPbMVQmIp37s5IQZ0gAoBYewpvCFZ+ C:\Windows\tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-6.job - C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-6.exe /rawdata=aW3fWUbjg/jS5bi8TmGRpof2VoBZHGBcZxlhVfyifLk8Y6Zz1RYvpYoDSVqzzdurza2qQqrXdrUL3hz5tEdmfMQXkPhvOGpv5aenWW+tqNM26296h8EBMBgpBv/X9w0eTO1nmm03q+kgCi0ucQ+/I+mwoSupWnjAeNwqc76HPTopYPm73+ovoX6nsrZkEkjKT3p4fjjwLoPDdCdT5HJGApRIQDPaiRCBbzwW5LFJvMV8lf6g1nWg6rJdX3Z1lEIqnIlYt/0iMo9s7axhWTPiJAErRiOh71kUKzJr2ldMF7Ssh/0v5pmmK9yJWRytCThegs+bUPYxwJSF2SJ+ZBUMX1U83Dd806oiryAFdaACasfNnk9HgoxYplyLxpAkTEwxMN+lOnQLsDx+Lsy1OJrYAVQpb3K3Aad0+h9e1xtcxSiexflDkPVMZxxahaeoJ6DWGjPSFkm6yZKvV1XX/B4Yg4KmAsl0KELHG9rheLW7HMcOBbU1Okp+htYXNoao0+Kapohy3GsSrEv5MlIf+KRfLQXiJsfVevLyQsIjnQS4u9C3kD+1Y/xVMMGgMMTl6au50BYvVO2prH3U9iOYJtuhLpQHhGS69wDX82z4JMr61LrO+/zqy1F1PMyOvgojBG0XBrA1R5EnS2aSwt8WH+vxE1wD0mItzcbMCf3j7PCmS3Jsf9w7AQPPA/fFFz+HK9SeyF92iRQ81/5kcpY3nQqT0cI6iJ/oXcPjm40XAxrkeVppM0uozjjHJ//HC6TRjKtnR3nQgUQr7rCqSBtKCM4083SaFIsJzJ1o7sgm3YcSpx1XsvZav7vnwMsjC9edgiSRA8R3U785+nckhNpO+1fRXGSKNdloR+I4arBrzl0eo8Aarl440LNaS+NxKUVGuyNHNkpIB4jOBW1xwpy0tZNM8PsYKKIz0GWJbHX16BcjRZSAflHMVyKK1ZqWtfbsmVoNBjz23+6Iw6bgj2e8w0rhLYPMND4e5B+I+f6DGxbRWtBuKr+OtNxA/c3z9sv41VabueV4kk+XxAe5lf559TXU6FwriR/Z2Klu4ALmqOtIOIoLzKGs56v/CnJ0d2AdsRmTY/ZwAutptpuG5obbysZEz8x7OEqvAHsOhYn2J22BkRtnNqZ+/d9hvZyBWV8eM9w0NpSZzJl1HyQAfk2oAY2Nbi8w0t2K/HZclHyV8/fKksuP5wXGayr+m3vk9wHWNsH1w910RfnufkK2aUpxIREzo01GGljYJ20+3UHjPspKYNp70lfwfWij516oFEIBjWWa33UuL9oucIXTREBdNzrEDyRle/WUFSQx+FsMxem4jJmfPVSnil9EjHsAnPwyQhJn+LN2G7+Ij+HpS4B2/Q2BkroxJaFvOC/zhO2fEPz98KFJA+tHb9RE4pNP4qYe5weJRIiiRGG2y8KYPP90IUlF4IoAi577HBKG0N+ZeGLeDH2DDBouzVp96UYrsEf4h1VJq1u6jW2dSNrAWspR2qdD6mP5YHXoJZm5rIrP/KXdSHKY8x8ip7JWIr7MhhW4qvpoZBuWG5KKUCdFFk2/fO+Jvlg8/8znApGKK8/BfPXkkXVnD0cFVYN89xGRHqCik8XltTKrpHt39Bt0ra4I0PW065OJX8gu/WcAb6mGknL3JAeSDX8wTfF5udYzcZGnV2UohSE6xvzZ//vMr1SvV59nt2YOcQNcLaR3pOUx9geO+CVO6eBXB41hs75Qc3S4XVANqpLBgvb9I/tbLiCiEDeoo+8HwqO1HFrDIXK4YARYB9o4phv6zm1aQYLIlmszpdWJonyewNVxLsxQwWnPnDQCyNB2WfJM3kpXMT0/oGQEP6WNKG9E071XQbFp58YbJIb4PIxQSCuBGIqqnfII4oErjjsuaoomgMOi3oZFNly3h7e8t+0wpMTnwiYZGF4SsXfutEBjAEdq10IwJ/hPCXV0IMz/r+g4JGLCvvJIN1qtjiKoHNbsUDJ7KwLuwWbokaDaYviY2DaY8wAQGpwy640wGIFlw4Y2pcj7QCdLsBUTHVcQwfvHc2VX/jfFEW+suBBMJGvdLho478HYQBTrs3r0vOUHICN1w7qNPKdWtkiCLR9YPE4dpoNflEN0vvddyWEQaw4rn+cpg8spb6k1+4lE+AgqiPXbCOJUhcgdoNBzhelDmcUJS6IGD/TxSa29TZxlwwRWe7gWK9qY8bZDVaSThKxNAMWRaSnM+gB5kdquOe+CwkYgX4UO+7Qu/LPYuwwWq2K5cJ2exJpJDiFUlcoWRGzG6cAhw+9E9Dti3TsOlclGKNFRVHDNdj2zlQaSg49/+Q5+ysRL28oDzCwzRez2IUcp/9UmqAHwotUyFYqBIqqtbn0U7pXw+XWC5Tbax3cYNRQKAbPZzTMECTbRO1ZxX10TaKFV2JLpBJrWjPQT2q6+54dvY7WVfgy47Mw+roDpJ3BLEj0FpnjX9etxlHA8y9yNp/yrAKcvbH180+87wPGL/s0oFs15DJVqRom3yF6R4XBNjUIzaabJIs7McWYIZnqcTbm+o/SACZ5UUv3qwml7rGJcdS3OAkugszNG5dJq C:\Windows\tasks\8b12837f-5327-44e4-99d4-bb6820404ec7-7.job - C:\Program Files (x86)\CinemaPlus-3.2cV20.05\8b12837f-5327-44e4-99d4-bb6820404ec7-7.exe /rawdata=AgYajjl23J9P6ChAoUO9B8vbW+wxyQiz023aJJSdeiWuAzetWeKt/BPzkUqdAcEzjNkAUgd+Fv0knZyxAO+dxD+sxRN+8L9Ie1q3gBIbqntRkJB+F0YDYElNZbxWX69gaElW5OIolROd736/07Ub9XmJJRVxD/zr+EER8LFlnCGA5U9HGxg0zWcDmJl61af6uclYmWXoaXIL4mx7XXkDBTRxc4572xiYpHvTUwdxVbO53ZCZgkaIt8SP+VYG62jm6EaNu+0WlxmCW5yimQBISj2X/1lJvI/p3ocPQtTjom17wePBn+SuUfWoa9sBex2bvbp00QKCNWy7R1X84CuIVzOy+gV6F25dugHtYwuUzirLCztEGPjWPExH7HeuMXNh+mioVt9LGtOOz/J48XM3fUgXqlzdvPJ9cuiJ27DLZSi6ZbIgsjJVe+CaiXA4IiAH+6jnjh8akpVoGebV+xNzUkR/oVv1HaD+9+LuRKmUujUc5f89Q2VLU1KnlbXOiWDXoxe5Hpt3PBIKIVjhdww5adU2nvOkRsEVXqclcyQrmnJkTUoyeIcfEcRurbWjIGL1J7HiJZ06QpaqTlj/zcx6xGvg0ZyTqpXLYd+ucu5ixYyPegflJuVtTs3BGY/jhRQLPfgSWAusMevQgQNAdlBmzhQoFykhczLIcUG2pAU6lYdKePNLnl5OO/EbykthRgDZzv99rzCTqrlUPQnk8vg9tAq0BdrHe0OTdpEa/JCoeXVeCFrtw9Sz4Wb/87bVzQjr44LH/65cC1ARTucb1SSNtew3jAHWiSy7WHsd7EeyXqfoj2blFDYNdpZ/Htrx0RUJVIIdU5fMeh9cUH+PD+z3EgCavRDpJsygcWeIHPtklp1SRCr/Vwv79LDx/ryyutlgw96Ozp3oi6ut/lOfraT+oZo03Lw0DFD3DHLQqzmjH+erV92sTRuszKH1ceNYOD6sWpSlgtFf9NKIdgiAyHrtMKUgCvdOYkg1WSOMMZO8VapmjXkyRFRH2lMAFoua5vl+EpFbd9Y85ThPWCHjjbDZgTWetO+R9kihnb0WIc2mNximpqMTYudq4J9tWpoR1R3kkESHNoPggB8o0GqgWWfs9ogpXw6ij14jxCWYSz6d3eNzQBEHa4wutX1ka49r5wnd6nwmy4BCWFffWYNMDC5iIf13oJH0mEKTLwoP4NGx9St/ymPAjFa3GDxmNKqYgh9NO/25hUMkZHM9du2S5J1hjYIDQK1G+G5V99PF7kTQl8sEaGIrYKIM7ZtbH3G77p7ArO8dVb82LQJJXBJSchnu17pFSavMlcv/V5f8siRtF6j6iguFkGkWv3IDdMJRiYRe/ErefcMOwfjHoqmFheEQ1DAnLAYNxVK6bDXY8k+veheFvZvLNpaGwgfNKG6cSPSRKvc344Ya09cpktriHNLD7jUH8n9PQjF2c+E0HngyWjs6WVuozgxVAu3G1DtyDXkxMafkCRdGOasvsAK+0ZwuinltcRFwEJaIVDraLX6PtJ/KeORXYBVuwscTkHzcGiD2EtC3CU3/FIw+aNUpplvbdJMrApsNj8bQdUtO7wIa4MhRNfg8Q2K1oiTjobzwl3Iuq9XYbog/rkuRMgLYAFc+edHaKpU2hl3eRQ5IE7PtY7K9zHjZbJqsKnOZScOnzjCZFPyjShKC6QlEu08FFgBrFCTVj4tkCD/Q1QdO2P1IKH56Hk1mNaapUVSZVXcrNsSe/ofR5ga2jkvIszpqLeuCBcHaKwrdzIWV3ICZOeespvo7YCACFxOe1IBFhqBnmZF8pY5ObsEZiXD7+TOPVr8pgR3Vhle7WxIFaGq8ivbHI252qQjmirYKCSI35EC4njKeVk+ptGAnN8D9HQ2JaT+O0BDWaLSza45C8WEl0vwyCzvrjqFoL7UP3SLd79KZc1F/9A/zGJjB2sUxl50X8/FrCSs9a3chx6+xduMjyACmBKcaMl9MWG3Oy3UTM41SKLpPafYyEH+haV74zVnuGdXRrlg64nzisnAfAHecys5duoSGLL1up3dSpMM+uinP3TLRjMgokVIcqsxTPppMwwHfbZGA5h6g5arqJikQtnMvh4h4Dqkbft+rXjByvgLqDVv8+iFYD36I4q+rEBUUS4msI7KWQgwA0Y1ExR+weYakNbuqxP68LA7cGvJjDWgR1J51d6VMa5epwlojJdyKZ/JXY0dF8ZoCs8yajZeG4/1ff/YI2SlW5AHwSEdT+MSU55g54jAJGA/Jc7Cni4hk9P8GYvu9OAZUtRkOd6W61I6rJr13Uvl5hRTx0Oar/d0vQNzjmnkrQTggZVYRUWtkgZJqpDSNwS6WXtMB3yjInHyuXYqUh7uTteWJ0QDBA7MCNjPEsg51y9IcRxEUOmDtDvQMjgQl04udzUfXO6gZY6Irfgp2+eev3BMaJFQMAPBmVnFyk+gnDY4yrbZ92GlGUDv9hBpW5sFHMaPJaOf+DFlEbd7dOztTt2skt9LSM3pOLSf6vomr/1ukLgDugyaQZr5XPrnazT3KYpR7l/uL/bk2CvKnXHrD7h3yowXrhiJgN5y5 C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\tasks\Crossbrowse.job - C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe /rawdata='ay7lPG1PjnGFt4214aFosalN+6Zbvp+Hkcsob/k4bnnRZRQnEt3lU+yljRUePA+EbqiJiGKGJzpXbgn9NDE+QAPx9pgfxicso1rm65UX8j/upDYsX75Tmm7wJ9rMzQX5KEkeljX/1G5/CPC6g/C/cQnC471lCoquGAMuGftFIWCOJlJxzHbdN1UU2NWRmwAzni18LVv9vNx3M33KPDR3bJ9s0bUgp7DjbkLiI1oWbWs6zlH/ELysBsNS7A8JypQJ76JsqicGDL5u4irVc5im61BdW3dRu1F7Py+VuhyThYBiwaRN3jYRN8duk5A4u5kzpDnoyUynMN3uDpT+kgH1Uw==' C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /c C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /ua /installsource scheduler C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler C:\Windows\tasks\M2nXdhDm5cMnC2eZexuNwc.job - C:\Users\Dokter\AppData\Roaming\M2nXdhDm5cMnC2eZexuNwc.exe --c=mqBVzlaM091bVs3F5mzDIUJqI3RmzuN726rHZ/MohLt+7+H7mw7V981GOUYeJcSb3sXsGnuuPoplyAewYakLLvZ3nEaNuxfM+dOMj8voMqc8HRl7PftNLsJRu6fYdmixmS5OEj+zHFW8pV7WO3XSZcTDhrQGqrXYWuvFj6YtQLh+UVvYM0ooAEOYfckcwynhKFUoqsWmZIvOZGIAuekBQXO6JKRS3HzInPTMbulbYZhr4SkzTMd2Wi5rfUdyAJtZs3nK1oacSajiOAWaFiQ4SahevWhxIl7UXjqnJdkgs+l83lCy7P0aq0PNv5+E8Tqooh3GEe5bSWW1hXuxsYYiLw== C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job - C:\Program Files\PC-Doctor\uaclauncher.exe -backgroundmon scripts\backgroundmon.xml -st PCDoctorBackgroundMonitorTask --ignoresecondarysplash --runsilently C:\Windows\tasks\Periodic Synchronize Task.job - c:\programdata\{a1e262a4-779b-1e0b-a1e2-262a47798a91}\hqghumeaylnlf.exe --startup=1 --single C:\Windows\tasks\SystemToolsDailyTest.job - C:\Program Files\PC-Doctor\uaclauncher.exe -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently =========Mozilla firefox========= ProfilePath - C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default prefs.js - "browser.search.useDBForOrder" - true [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 17.0.0.188 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37] "Description"= "Path"=C:\Windows\SysWOW64\npdeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10] "Description"=globalUpdate Update "Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4] "Description"=globalUpdate Update "Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 17.0.0.188 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default\extensions\ d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com searchffv2@gmail.com sweetsearch@gmail.com C:\Users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\pw0fy9o3.default\searchplugins\ sweet-page.xml yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-10 662672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-10 565304] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebfbdd44-c0e0-4f63-a8e6-ee5f34765238}] Edu App 1.0.0.7 - C:\Program Files (x86)\Edu App\EduAppbho.dll [2015-05-20 269032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-02-19 7416088] "Web Companion"=C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [2015-04-30 1371456] "GoogleChromeAutoLaunch_052FD0D7E121C86B81E529B22E0D4608"=C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [2015-05-11 770048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2010-12-17 281448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe [2010-02-05 2056192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2010-06-10 2621440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe [2015-02-19 7416088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [2010-10-26 139264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [2011-08-06 744072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [2011-08-06 70792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [2010-03-09 46368] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2010-12-17 41320] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [2010-03-09 29984] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [2010-03-05 62752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [2010-03-05 636192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [2010-02-09 328992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-31 55808] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-01-10 11774568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-17 2697512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2010-07-27 69560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] C:\Windows\system32\TpShocks.exe [2010-12-09 380776] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2010-12-04 1202976] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-05-12 5515496] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12 959176] "WinCheck"=C:\Users\Dokter\AppData\Local\D831B801-1432149605-11CB-A2B6-C4FDB65A6E5B\bnsb2706.exe [2015-05-20 179200] "SmartWeb"=C:\Users\Dokter\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17 270368] "gmsd_be_199"=C:\Program Files (x86)\gmsd_be_199\gmsd_be_199.exe [2015-05-19 3982280] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce] "upgmsd_be_199.exe"=C:\Users\Dokter\AppData\Local\gmsd_be_199\upgmsd_be_199.exe [2015-05-19 3285448] C:\Users\Dokter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup crossbrowse.lnk - C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe SmartWeb.lnk - C:\Users\Dokter\AppData\Local\SmartWeb\SmartWebHelper.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-03-06 385024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus] C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2013-03-05 136488] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "SoftwareSASGeneration"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\addrbook.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brccboot.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brinstck.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brmfrmss.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brolink0.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brscutil.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brstmonw.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\faxrx.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isoexport.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcdlauncher.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfxset.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teamviewer.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvsu.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unins000.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windvd.exe] "Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2015-05-21 18:50:59 ----A---- C:\autoexec.bat 2015-05-21 18:50:20 ----D---- C:\Users\Dokter\AppData\Roaming\Enigma Software Group 2015-05-21 18:50:12 ----D---- C:\sh4ldr 2015-05-21 18:49:48 ----A---- C:\Windows\system32\drivers\EsgScanner.sys 2015-05-21 18:49:43 ----D---- C:\Program Files\Enigma Software Group 2015-05-20 19:35:45 ----A---- C:\Windows\system32\drivers\{3f1219df-4a4d-40a3-9537-f2a95f4016b3}Gw64.sys 2015-05-20 19:33:51 ----D---- C:\Program Files (x86)\f1010b47-1aed-4f3a-bb98-d3773f914500 2015-05-20 19:33:43 ----D---- C:\Program Files (x86)\globalUpdate 2015-05-20 19:33:41 ----D---- C:\Program Files (x86)\Edu App 2015-05-20 19:33:35 ----D---- C:\Program Files (x86)\CinemaPlus-3.2cV20.05 2015-05-20 19:32:14 ----D---- C:\Program Files (x86)\Crossbrowse 2015-05-20 19:32:06 ----D---- C:\Program Files (x86)\gmsd_be_199 2015-05-20 19:31:26 ----D---- C:\Program Files (x86)\Infonaut_1.10.0.14 2015-05-20 19:19:33 ----D---- C:\ProgramData\b0d0f4e400000620 2015-05-20 19:19:17 ----D---- C:\Users\Dokter\AppData\Roaming\VOPackage 2015-05-20 19:19:17 ----D---- C:\Users\Dokter\AppData\Roaming\D831B801-1432142357-11CB-A2B6-C4FDB65A6E5B 2015-05-20 19:18:50 ----A---- C:\Windows\system32\drivers\{d226c1ba-fd03-4e05-b5d6-46c2e5f82000}Gw64.sys 2015-05-20 19:16:27 ----D---- C:\ProgramData\{a1e262a4-779b-1e0b-a1e2-262a47798a91} 2015-05-20 19:16:27 ----D---- C:\Program Files (x86)\GUPlayer 2015-05-19 16:50:42 ----D---- C:\Program Files (x86)\Mozilla Firefox 2015-05-18 17:57:54 ----D---- C:\ProgramData\45208a21000034dd 2015-05-18 17:47:32 ----A---- C:\Windows\SYSWOW64\LavasoftTcpServiceOff.ini 2015-05-18 17:47:32 ----A---- C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-05-18 17:47:30 ----A---- C:\Windows\system32\LavasoftTcpService64.dll 2015-05-18 17:47:29 ----A---- C:\Windows\SYSWOW64\LavasoftTcpService.dll 2015-05-18 17:46:21 ----D---- C:\ProgramData\PDF Architect 3 2015-05-18 17:45:43 ----D---- C:\Program Files (x86)\Lavasoft 2015-05-18 17:44:53 ----D---- C:\Users\Dokter\AppData\Roaming\sweet-page 2015-05-18 17:40:43 ----D---- C:\Users\Dokter\AppData\Roaming\Lavasoft 2015-05-18 17:40:43 ----D---- C:\ProgramData\Lavasoft 2015-05-18 17:01:04 ----D---- C:\Users\Dokter\AppData\Roaming\Scan2PDF 2015-05-18 17:01:01 ----D---- C:\Program Files (x86)\Scan2PDF 2015-05-14 03:05:51 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-14 03:05:51 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 14:44:08 ----A---- C:\Windows\SYSWOW64\schannel.dll 2015-05-13 14:44:08 ----A---- C:\Windows\SYSWOW64\certcli.dll 2015-05-13 14:44:08 ----A---- C:\Windows\system32\schannel.dll 2015-05-13 14:44:08 ----A---- C:\Windows\system32\certcli.dll 2015-05-13 14:44:00 ----A---- C:\Windows\system32\services.exe 2015-05-13 14:43:52 ----A---- C:\Windows\SYSWOW64\InkEd.dll 2015-05-13 14:43:52 ----A---- C:\Windows\system32\InkEd.dll 2015-05-13 14:43:51 ----A---- C:\Windows\system32\jnwmon.dll 2015-05-13 14:43:35 ----A---- C:\Windows\system32\UtcResources.dll 2015-05-13 14:43:35 ----A---- C:\Windows\system32\diagtrack.dll 2015-05-13 14:43:34 ----A---- C:\Windows\system32\ntoskrnl.exe 2015-05-13 14:43:34 ----A---- C:\Windows\system32\ntdll.dll 2015-05-13 14:43:32 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2015-05-13 14:43:32 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2015-05-13 14:43:31 ----A---- C:\Windows\system32\tdh.dll 2015-05-13 14:43:29 ----A---- C:\Windows\SYSWOW64\tdh.dll 2015-05-13 14:43:28 ----A---- C:\Windows\SYSWOW64\ntdll.dll 2015-05-13 14:43:28 ----A---- C:\Windows\SYSWOW64\advapi32.dll 2015-05-13 14:43:28 ----A---- C:\Windows\system32\msv1_0.dll 2015-05-13 14:43:28 ----A---- C:\Windows\system32\lsasrv.dll 2015-05-13 14:43:28 ----A---- C:\Windows\system32\kernel32.dll 2015-05-13 14:43:28 ----A---- C:\Windows\system32\advapi32.dll 2015-05-13 14:43:27 ----A---- C:\Windows\SYSWOW64\tracerpt.exe 2015-05-13 14:43:27 ----A---- C:\Windows\SYSWOW64\sechost.dll 2015-05-13 14:43:27 ----A---- C:\Windows\SYSWOW64\logman.exe 2015-05-13 14:43:27 ----A---- C:\Windows\SYSWOW64\kernel32.dll 2015-05-13 14:43:27 ----A---- C:\Windows\SYSWOW64\kerberos.dll 2015-05-13 14:43:27 ----A---- C:\Windows\system32\wow64.dll 2015-05-13 14:43:27 ----A---- C:\Windows\system32\winsrv.dll 2015-05-13 14:43:27 ----A---- C:\Windows\system32\tracerpt.exe 2015-05-13 14:43:27 ----A---- C:\Windows\system32\srcore.dll 2015-05-13 14:43:27 ----A---- C:\Windows\system32\sechost.dll 2015-05-13 14:43:27 ----A---- C:\Windows\system32\logman.exe 2015-05-13 14:43:27 ----A---- C:\Windows\system32\KernelBase.dll 2015-05-13 14:43:27 ----A---- C:\Windows\system32\kerberos.dll 2015-05-13 14:43:27 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2015-05-13 14:43:27 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2015-05-13 14:43:27 ----A---- C:\Windows\system32\conhost.exe 2015-05-13 14:43:26 ----A---- C:\Windows\SYSWOW64\wdigest.dll 2015-05-13 14:43:26 ----A---- C:\Windows\SYSWOW64\typeperf.exe 2015-05-13 14:43:26 ----A---- C:\Windows\SYSWOW64\TSpkg.dll 2015-05-13 14:43:26 ----A---- C:\Windows\SYSWOW64\srclient.dll 2015-05-13 14:43:26 ----A---- C:\Windows\SYSWOW64\setup16.exe 2015-05-13 14:43:26 ----A---- C:\Windows\SYSWOW64\relog.exe 2015-05-13 14:43:26 ----A---- C:\Windows\SYSWOW64\ncrypt.dll 2015-05-13 14:43:26 ----A---- C:\Windows\SYSWOW64\msv1_0.dll 2015-05-13 14:43:26 ----A---- C:\Windows\SYSWOW64\KernelBase.dll 2015-05-13 14:43:26 ----A---- C:\Windows\SYSWOW64\diskperf.exe 2015-05-13 14:43:26 ----A---- C:\Windows\SYSWOW64\auditpol.exe 2015-05-13 14:43:26 ----A---- C:\Windows\system32\wow64win.dll 2015-05-13 14:43:26 ----A---- C:\Windows\system32\wdigest.dll 2015-05-13 14:43:26 ----A---- C:\Windows\system32\typeperf.exe 2015-05-13 14:43:26 ----A---- C:\Windows\system32\TSpkg.dll 2015-05-13 14:43:26 ----A---- C:\Windows\system32\sspicli.dll 2015-05-13 14:43:26 ----A---- C:\Windows\system32\srclient.dll 2015-05-13 14:43:26 ----A---- C:\Windows\system32\smss.exe 2015-05-13 14:43:26 ----A---- C:\Windows\system32\secur32.dll 2015-05-13 14:43:26 ----A---- C:\Windows\system32\rstrui.exe 2015-05-13 14:43:26 ----A---- C:\Windows\system32\relog.exe 2015-05-13 14:43:26 ----A---- C:\Windows\system32\ntvdm64.dll 2015-05-13 14:43:26 ----A---- C:\Windows\system32\ncrypt.dll 2015-05-13 14:43:26 ----A---- C:\Windows\system32\lsass.exe 2015-05-13 14:43:26 ----A---- C:\Windows\system32\diskperf.exe 2015-05-13 14:43:26 ----A---- C:\Windows\system32\csrsrv.dll 2015-05-13 14:43:26 ----A---- C:\Windows\system32\auditpol.exe 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 14:43:25 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 14:43:25 ----A---- C:\Windows\SYSWOW64\wow32.dll 2015-05-13 14:43:25 ----A---- C:\Windows\SYSWOW64\sspicli.dll 2015-05-13 14:43:25 ----A---- C:\Windows\SYSWOW64\secur32.dll 2015-05-13 14:43:25 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2015-05-13 14:43:25 ----A---- C:\Windows\SYSWOW64\instnm.exe 2015-05-13 14:43:25 ----A---- C:\Windows\SYSWOW64\credssp.dll 2015-05-13 14:43:25 ----A---- C:\Windows\system32\wow64cpu.dll 2015-05-13 14:43:25 ----A---- C:\Windows\system32\sspisrv.dll 2015-05-13 14:43:25 ----A---- C:\Windows\system32\credssp.dll 2015-05-13 14:43:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-13 14:43:24 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-13 14:43:24 ----A---- C:\Windows\SYSWOW64\user.exe 2015-05-13 14:43:24 ----A---- C:\Windows\SYSWOW64\msaudite.dll 2015-05-13 14:43:24 ----A---- C:\Windows\SYSWOW64\apisetschema.dll 2015-05-13 14:43:24 ----A---- C:\Windows\SYSWOW64\adtschema.dll 2015-05-13 14:43:24 ----A---- C:\Windows\system32\msaudite.dll 2015-05-13 14:43:24 ----A---- C:\Windows\system32\apisetschema.dll 2015-05-13 14:43:24 ----A---- C:\Windows\system32\adtschema.dll 2015-05-13 14:43:23 ----A---- C:\Windows\SYSWOW64\msobjs.dll 2015-05-13 14:43:23 ----A---- C:\Windows\system32\msobjs.dll 2015-05-13 14:43:01 ----A---- C:\Windows\SYSWOW64\DWrite.dll 2015-05-13 14:43:01 ----A---- C:\Windows\system32\win32k.sys 2015-05-13 14:43:01 ----A---- C:\Windows\system32\FntCache.dll 2015-05-13 14:43:01 ----A---- C:\Windows\system32\DWrite.dll 2015-05-13 14:42:57 ----A---- C:\Windows\SYSWOW64\wpdshext.dll 2015-05-13 14:42:57 ----A---- C:\Windows\system32\wpdshext.dll 2015-05-13 14:42:54 ----A---- C:\Windows\SYSWOW64\poqexec.exe 2015-05-13 14:42:54 ----A---- C:\Windows\system32\poqexec.exe 2015-05-13 14:42:49 ----A---- C:\Windows\SYSWOW64\shimeng.dll 2015-05-13 14:42:49 ----A---- C:\Windows\SYSWOW64\sdbinst.exe 2015-05-13 14:42:49 ----A---- C:\Windows\SYSWOW64\apphelp.dll 2015-05-13 14:42:49 ----A---- C:\Windows\system32\shimeng.dll 2015-05-13 14:42:49 ----A---- C:\Windows\system32\sdbinst.exe 2015-05-13 14:42:49 ----A---- C:\Windows\system32\apphelp.dll 2015-05-13 14:42:49 ----A---- C:\Windows\system32\aelupsvc.dll 2015-05-13 14:42:46 ----A---- C:\Windows\system32\mshtml.dll 2015-05-13 14:42:45 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2015-05-13 14:42:39 ----A---- C:\Windows\system32\ieframe.dll 2015-05-13 14:42:37 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2015-05-13 14:42:36 ----A---- C:\Windows\system32\wininet.dll 2015-05-13 14:42:35 ----A---- C:\Windows\SYSWOW64\wininet.dll 2015-05-13 14:42:35 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2015-05-13 14:42:35 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2015-05-13 14:42:35 ----A---- C:\Windows\system32\urlmon.dll 2015-05-13 14:42:35 ----A---- C:\Windows\system32\jscript.dll 2015-05-13 14:42:35 ----A---- C:\Windows\system32\iertutil.dll 2015-05-13 14:42:34 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2015-05-13 14:42:34 ----A---- C:\Windows\SYSWOW64\jscript.dll 2015-05-13 14:42:34 ----A---- C:\Windows\system32\vbscript.dll 2015-05-13 14:42:33 ----A---- C:\Windows\system32\msfeeds.dll 2015-05-13 14:42:32 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2015-05-13 14:42:32 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2015-05-13 14:42:32 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2015-05-13 14:42:32 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2015-05-13 14:42:32 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2015-05-13 14:42:32 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2015-05-13 14:42:32 ----A---- C:\Windows\system32\iesysprep.dll 2015-05-13 14:42:32 ----A---- C:\Windows\system32\dxtrans.dll 2015-05-13 14:42:31 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2015-05-13 14:42:31 ----A---- C:\Windows\SYSWOW64\msrating.dll 2015-05-13 14:42:31 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2015-05-13 14:42:31 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2015-05-13 14:42:31 ----A---- C:\Windows\SYSWOW64\ieui.dll 2015-05-13 14:42:31 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2015-05-13 14:42:31 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2015-05-13 14:42:31 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2015-05-13 14:42:31 ----A---- C:\Windows\system32\msrating.dll 2015-05-13 14:42:31 ----A---- C:\Windows\system32\mshtmled.dll 2015-05-13 14:42:31 ----A---- C:\Windows\system32\jsproxy.dll 2015-05-13 14:42:31 ----A---- C:\Windows\system32\jscript9.dll 2015-05-13 14:42:31 ----A---- C:\Windows\system32\ieui.dll 2015-05-13 14:42:31 ----A---- C:\Windows\system32\iesetup.dll 2015-05-13 14:42:31 ----A---- C:\Windows\system32\iernonce.dll 2015-05-13 14:42:31 ----A---- C:\Windows\system32\iedkcs32.dll 2015-05-13 14:42:31 ----A---- C:\Windows\system32\ie4uinit.exe 2015-05-13 14:42:31 ----A---- C:\Windows\system32\dxtmsft.dll 2015-04-26 11:12:52 ----A---- C:\Windows\system32\aswBoot.exe 2015-04-26 11:12:47 ----A---- C:\Windows\avastSS.scr ======List of files/folders modified in the last 1 month====== 2015-05-21 21:46:03 ----D---- C:\Windows\Prefetch 2015-05-21 21:45:59 ----D---- C:\Program Files\trend micro 2015-05-21 21:45:51 ----D---- C:\Windows\temp 2015-05-21 21:30:22 ----D---- C:\Windows\System32 2015-05-21 21:30:22 ----D---- C:\Windows\inf 2015-05-21 21:30:22 ----A---- C:\Windows\system32\PerfStringBackup.INI 2015-05-21 19:47:02 ----A---- C:\Windows\win.ini 2015-05-21 19:01:13 ----D---- C:\Windows\Tasks 2015-05-21 19:01:13 ----D---- C:\Windows\system32\Tasks 2015-05-21 18:57:09 ----D---- C:\Windows\system32\config 2015-05-21 18:49:48 ----D---- C:\Windows\system32\drivers 2015-05-21 18:49:43 ----D---- C:\Program Files 2015-05-21 18:44:22 ----A---- C:\Windows\SYSWOW64\log.txt 2015-05-20 19:45:36 ----RD---- C:\Program Files (x86) 2015-05-20 19:45:36 ----HD---- C:\ProgramData 2015-05-20 19:44:21 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2015-05-20 19:39:10 ----D---- C:\Windows 2015-05-20 19:38:54 ----D---- C:\Program Files\Google 2015-05-20 19:38:54 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-20 19:38:54 ----D---- C:\Program Files (x86)\Google 2015-05-20 19:34:01 ----D---- C:\Program Files (x86)\Adobe 2015-05-20 19:33:53 ----SHD---- C:\Windows\Installer 2015-05-20 19:21:44 ----D---- C:\Windows\Panther 2015-05-20 19:21:43 ----D---- C:\Windows\debug 2015-05-20 19:19:50 ----D---- C:\Windows\system32\drivers\etc 2015-05-20 11:25:00 ----SHD---- C:\System Volume Information 2015-05-18 17:47:32 ----D---- C:\Windows\SysWOW64 2015-05-15 16:39:38 ----D---- C:\Windows\rescache 2015-05-14 04:12:17 ----D---- C:\Windows\Microsoft.NET 2015-05-14 04:11:34 ----RSD---- C:\Windows\assembly 2015-05-14 03:57:22 ----D---- C:\Windows\winsxs 2015-05-14 03:55:51 ----D---- C:\Program Files\Microsoft Silverlight 2015-05-14 03:55:50 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2015-05-14 03:52:57 ----D---- C:\Windows\SYSWOW64\nl-NL 2015-05-14 03:52:57 ----D---- C:\Windows\system32\nl-NL 2015-05-14 03:52:53 ----D---- C:\Windows\AppPatch 2015-05-14 03:52:52 ----D---- C:\Program Files\Windows Journal 2015-05-14 03:52:51 ----D---- C:\Windows\system32\AdvancedInstallers 2015-05-14 03:52:49 ----D---- C:\Program Files (x86)\Internet Explorer 2015-05-14 03:52:47 ----D---- C:\Program Files\Internet Explorer 2015-05-14 03:52:15 ----D---- C:\Windows\system32\DriverStore 2015-05-14 03:52:14 ----D---- C:\Windows\system32\drivers\UMDF 2015-05-14 03:35:25 ----D---- C:\ProgramData\Microsoft Help 2015-05-14 03:26:06 ----D---- C:\Windows\system32\MRT 2015-05-14 03:12:06 ----A---- C:\Windows\system32\MRT.exe 2015-05-13 14:42:07 ----D---- C:\Windows\system32\catroot2 2015-05-10 03:09:32 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-04-26 65736] R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-04-26 272248] R0 DzHDD64;DzHDD64; C:\Windows\System32\DRIVERS\DzHDD64.sys [2011-04-18 31344] R0 EUBAKUP;EUBAKUP; C:\Windows\system32\drivers\eubakup.sys [2011-08-06 44680] R0 EUBKMON;EUBKMON; C:\Windows\system32\drivers\EUBKMON.sys [2011-08-06 50312] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2010-12-09 139888] R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2010-12-09 23664] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-04-26 93528] R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-04-26 1047320] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-04-26 442264] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560] R1 EUDSKACS;EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [2011-08-06 19592] R1 EUFDDISK;EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [2011-08-06 189576] R1 innfd_1_10_0_14;innfd_1_10_0_14; C:\Windows\system32\drivers\innfd_1_10_0_14.sys [2015-04-10 58224] R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592] R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2011-04-18 14960] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-04-26 29168] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-04-26 89944] R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-04-26 137288] R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2010-09-22 164992] R3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984] R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784] R3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384] R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2010-12-01 426536] R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-11-24 145448] R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-11-20 162344] R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-08-27 39464] R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-11-20 21416] R3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2015-05-21 15920] R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2010-11-12 39024] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-03-06 12264384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-01-11 2709224] R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344] R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856] R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-07-02 40512] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] R3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-02-17 1419824] R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880] S2 smihlp2;SMI Helper Driver (smihlp2); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [] S3 ACSSCR;ACR38 Smart Card Reader; C:\Windows\system32\DRIVERS\a38usb.sys [2010-10-15 44672] S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960] S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168] S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2015-05-21 22704] S3 EuDisk;EASEUS Disk Enumerator; C:\Windows\system32\DRIVERS\EuDisk.sys [2009-12-02 137608] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888] S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352] S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704] R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-04-26 343336] R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2010-12-04 965408] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 1515792] R2 fegukygy;Crash Portal; C:\Users\Dokter\AppData\Roaming\D831B801-1432142357-11CB-A2B6-C4FDB65A6E5B\nsw8439.tmpfs [2015-05-20 179712] R2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-27 116648] R2 gupycegy;Cut Broadband; C:\Users\Dokter\AppData\Roaming\D831B801-1432142357-11CB-A2B6-C4FDB65A6E5B\jnswB463.tmp [2015-05-20 130560] R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2010-11-12 45928] R2 insvc_1.10.0.14;Infonaut 1.10.0.14 Client Service; C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [2015-04-10 278600] R2 LavasoftTcpService;LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [2015-04-30 2748720] R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2010-12-17 40808] R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-12-17 59240] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032] R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 PDFProFiltSrvPP;PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672] R2 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-18 143360] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 836880] R2 rycimizu;Carbon Copy Image Editor; C:\Users\Dokter\AppData\Roaming\D831B801-1432142357-11CB-A2B6-C4FDB65A6E5B\hnsbCD80.tmp [2015-05-20 193024] R2 SearchProtectionService;IE Search Set; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2015-04-30 17768] R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [2015-05-21 1026432] R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-12-10 2409272] R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768] R2 Update Edu App;Update Edu App; C:\Program Files (x86)\Edu App\updateEduApp.exe [2015-05-21 646376] R2 Util Edu App;Util Edu App; C:\Program Files (x86)\Edu App\bin\utilEduApp.exe [2015-05-21 646376] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136] R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S2 CardReaderServer;OmegaSoft Card Reader Server; C:\Program Files (x86)\OmegaSoft\Card Reader\OSCRDSVC.EXE [2005-07-12 603648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088] S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-05-20 68608] S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-20 268464] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-04-18 477032] S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-05-20 68608] S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-27 116648] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-05-19 148080] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-18 83304] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2010-12-09 47728] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-22 1255736] S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864] S4 BrYNSvc;BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] S4 EaseUS Agent;EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-08-06 60040] S4 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944] S4 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824] S4 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-11-03 199272] S4 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2015-03-27 49136] S4 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] -----------------EOF-----------------