Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by nick on ma 06/07/2015 at 20:53:39,68. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\nick\Desktop\zoek(2).exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\atieclxx.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe C:\Windows\System32\svchost.exe -k utcsvc C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TermBlazer_1.10.0.16\Service\tbsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe C:\Program Files\IDT\WDM\beats64.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Users\nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\klwtblfs.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_17_0_0_190_ActiveX.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe C:\Users\nick\Desktop\zoek(2).exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe ==== System Restore Info ====================== 6/07/2015 20:56:12 Zoek.exe System Restore Point Created Successfully. ==== Windows Installer Info ====================== Adobe Reader XI (11.0.11) - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73401B744BA0000000010]C:\Windows\Installer\11b6767.msi Adobe Refresh Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008142415413]C:\Windows\Installer\253ca5a.msi ATI Catalyst Install Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D19710036AC23EF6EBF0E87A25B2234D]C:\Windows\Installer\274b4.msi ATI Stream SDK v2 Developer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EF72C084C6C8C5FAE3D907E0E01E287]C:\Windows\Installer\27588.msi Boris Graffiti for Corel [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EDE70A9F0DF6AE14AA2F0D8CDD94488D]C:\Windows\Installer\1d98d7.msi Catalyst Control Center - Branding [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1692C4D3353365C40B8B28CA913296F5]C:\Windows\Installer\274bb.msi Catalyst Control Center Graphics Previews Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A526FBD48F933510EE81DBEEB0510DD]C:\Windows\Installer\274c2.msi Catalyst Control Center Graphics Previews Vista [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5CBA83E52C178D40260F4CB4357EED8D]C:\Windows\Installer\274c9.msi Catalyst Control Center InstallProxy [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D2DDDEA7EB09D170219F9A84A4A08D6]C:\Windows\Installer\274ac.msi Catalyst Control Center Localization All [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9005DC82AC4541DEA67174085358FFF5]C:\Windows\Installer\2756b.msi ccc-core-static [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\08DA14A28C9C0DC3B2AE5037A14938FD]C:\Windows\Installer\2757a.msi ccc-utility64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F76248139D0B75607D50C007B084A181]C:\Windows\Installer\27572.msi CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BD7F8025AAD9AC5EEE3CB100D4668ABE]C:\Windows\Installer\2755d.msi CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B120AD9410C10D63BAFDB3B9DE65E7DE]C:\Windows\Installer\27564.msi CCC Help Czech [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0067E319A3AF521BE16A93D1952C856F]C:\Windows\Installer\274d1.msi CCC Help Danish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3E2A6281EE226CCABBA308EEFF3261A7]C:\Windows\Installer\274d8.msi CCC Help Dutch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B394C4F28D824505319E190F953088B7]C:\Windows\Installer\27525.msi CCC Help English [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0E1B141EA8ABF0571460CFA6BA98050E]C:\Windows\Installer\274ed.msi CCC Help Finnish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DA9A66A11CB7C9E852EE5A2C0BF75AE9]C:\Windows\Installer\274fb.msi CCC Help French [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\86B9D13B448AA1916C25E47A518ADC29]C:\Windows\Installer\27502.msi CCC Help German [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0350CDB4B5442F74630A57D88E09B344]C:\Windows\Installer\274df.msi CCC Help Greek [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2EF5DF6C536351C0D6C359CFAA153AEC]C:\Windows\Installer\274e6.msi CCC Help Hungarian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E1B50EB74C3CD2311B3D78BF56DEB57]C:\Windows\Installer\27509.msi CCC Help Italian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C03AC9C27B2EA3D092D1848079E3F6C8]C:\Windows\Installer\27510.msi CCC Help Japanese [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\91D2479DEE83EB2B95204431C00480AF]C:\Windows\Installer\27517.msi CCC Help Korean [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8F590F8566F3A825B06FFDA1B703E40C]C:\Windows\Installer\2751e.msi CCC Help Norwegian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\926DDEA9E04A1BE5E2078ED4ED19C561]C:\Windows\Installer\2752c.msi CCC Help Polish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F2FA1D824759CBADAB80273F5396062D]C:\Windows\Installer\27533.msi CCC Help Portuguese [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F73695E023AD004E296FE348BDD1BFD8]C:\Windows\Installer\2753a.msi CCC Help Russian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5EFD959F55BA0A4E91792079CC81346]C:\Windows\Installer\27541.msi CCC Help Spanish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\70E96083C7164708F476ABFFBF7B7EAF]C:\Windows\Installer\274f4.msi CCC Help Swedish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6D5343B160B5E8D9CDAD2368C325CC0]C:\Windows\Installer\27548.msi CCC Help Thai [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AC69E6ED32DA7DBB34406B4DAEF09133]C:\Windows\Installer\2754f.msi CCC Help Turkish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CD2DEF315818F153272B1CAC3B8A68B0]C:\Windows\Installer\27556.msi Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AEE7106C15E9921448ABFE9A25E0968D]C:\Windows\Installer\1d9883.msi Contents [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B9E7C4CC62B4D8D4086704FC07A8F94A]C:\Windows\Installer\1d9896.msi D3DX10 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BD4C90EC03660F46A13E87A329932FA]C:\Windows\Installer\276d0.msi DeviceIO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ED58F70D1F224BF43B1D04F22DC28407]C:\Windows\Installer\1d9889.msi Galerie de photos Windows Live [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7430F8847A4C4734197A0318B8DE7A01]C:\Windows\Installer\2778f.msi Google Earth [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AF057718A6CED58499106038EAF6DF1F]C:\Windows\Installer\498d3c.msi Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0]C:\Windows\Installer\cfe292.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\308bb4.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC]C:\Windows\Installer\e48ca.msi Hewlett-Packard ACLM.NET v1.2.2.3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\701043F6AA9F6C745BC43C1AF91155F3]C:\Windows\Installer\1c09c37.msi HP [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18143A19DAF9BA343AF57E8A49B5E7C1]C:\Windows\Installer\2761d.msi HP [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\782BB4BF9F7372E4C9D4D283280EE8FF]C:\Windows\Installer\275ee.msi HP [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\970DACCDC29FAD442B8526F46C15A7A5]C:\Windows\Installer\275f3.msi HP [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ADBE3203B1FB13843B745E1058552FE6]C:\Windows\Installer\275e9.msi HP Auto [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B65D4CC81F6B0747843BADC57CB4F1F]C:\Windows\Installer\27497.msi HP Client Services [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C1A65825C073CE4FA7F5E5BE155032A]C:\Windows\Installer\2767e.msi HP Customer Experience Enhancements [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0694AF70830BBE9498B1F95939A05A44]C:\Windows\Installer\2749e.msi HP MediaSmart SmartMenu [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1B06F04A1E1FE254695AFF799F2A1D20]C:\Windows\Installer\275e4.msi HP Odometer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\98A1CA8B1DFF79F408155E501A065F26]C:\Windows\Installer\27479.msi HP Setup Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883658EADAFA357418FD9DB6910D1AC7]C:\Windows\Installer\2779e.msi HP Support Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31B3A53EDC877694A88CAAF9AD96E3ED]C:\Windows\Installer\1c09c30.msi HP Support Information [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4F11A2F78EAE523438CE3E9EF95861E9]C:\Windows\Installer\275b2.msi HP Update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C4E4AFE2F5B77F841A0CA18A287B9A3C]C:\Windows\Installer\87299.msi HP Vision Hardware Diagnostics [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9E20A97D317653346986AA7C74C4C0E0]c:\Windows\Installer\274a5.msi HydraVision [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F122D15773C7F38C91371A9FA2F0D46F]C:\Windows\Installer\27581.msi ICA [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\13C209AAD94B8064CBFC5291BE7727D2]C:\Windows\Installer\1d98bb.msi IPM_VS_Pro [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C598765A32D1DE84EB38BFE37D3D4024]C:\Windows\Installer\1d98b3.msi ISCOM [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CF79886DD8E7948418A927B6429817C3]C:\Windows\Installer\1d98b7.msi Junk Mail filter update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E0BA6F1DDC839B4A832AAE92BEFCF4E]C:\Windows\Installer\27716.msi Kaspersky Internet Security [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A5B1C35678231B74683170544D7E174C]C:\Windows\Installer\6f84fa0.msi LabelPrint [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C971C95CD8669A946BAE1012CCCF2134]c:\Windows\Installer\275dd.msi LightScribe System Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BD0F7DF69E046D4DAD4B9A539A62F8A]c:\Windows\Installer\27634.msi MediaSmart Photo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CDC8FAD640B9B3140A2FCB1CC38F5AFB]C:\Windows\Installer\27603.msi MediaSmart Video [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F7E3E21D31B133949A51617CDD730A59]C:\Windows\Installer\27613.msi Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2FA0BBE92DA4ABA359FE79E7EB1ABC90]C:\Windows\Installer\13693b8.msi Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE4EBED704B66673BB53C5BB3C58AD73]C:\Windows\Installer\2d1f9aa.msi Microsoft Application Error Reporting [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400100000000F01FEC]C:\Windows\Installer\276a8.msi Microsoft Office 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004159070000000000000000F01FEC]C:\Windows\Installer\275b9.msi Microsoft Office Klik-en-Klaar 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D60031400100000000F01FEC]C:\Windows\Installer\22c9d9.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\Windows\Installer\154ff8e.msi Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D034B0FAA6BD374B960AAD30DF10D8B]C:\Windows\Installer\2773e.msi Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B7573E6B77E5519368A6CCCFB4D891C4]c:\Windows\Installer\2352156.msi Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D756077321A70C3E844C138CE981581]c:\Windows\Installer\235215d.msi Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1af2a8da7e60d0b429d7e6453b3d0182]C:\Windows\Installer\78547e.msi Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\84b9c17023c712640acaf308593282f8]C:\Windows\Installer\23529.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\785497.msi Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC]c:\Windows\Installer\23530.msi Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1007C6B46D7C017319E3B52CF3EC196E]c:\Windows\Installer\277ae.msi Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D]c:\Windows\Installer\7854cf.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]c:\Windows\Installer\1eeaf.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98]c:\Windows\Installer\277a6.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\Windows\Installer\7854d7.msi Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1926E8D15D0BCE53481466615F760A7F]c:\Windows\Installer\2123dca.msi Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]c:\Windows\Installer\21218ef.msi Microsoft Xbox 360 Accessories 1.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\88105C9D5D21E3D4F8008632642CAAF5]C:\Windows\Installer\30c83.msi MSVCRT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6C64DD86500CEF47BA082BB611A1FF1]C:\Windows\Installer\276b4.msi MSVCRT_amd64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\52744B0D6663D294EB6F85A741DBB99D]C:\Windows\Installer\2771a.msi MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217]c:\Windows\Installer\27a61d.msi MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE]c:\Windows\Installer\27a624.msi Norton Online Backup [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6FD66A043D225B447A3D381B812A0CCD]C:\Windows\Installer\27624.msi OpenOffice 4.1.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\63545A8E14CFBA54E94211A4107211C8]C:\Windows\Installer\b50f8d.msi PictureMover [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A02EF462B757a2940B3C04902E99D7A8]C:\Windows\Installer\2762c.msi PlayReady PC Runtime amd64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4339ACB9C6B56F4A937CAA523A9D440]C:\Windows\Installer\27638.msi PowerDirector [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\098990BCF5D15D11E99A0005AB3E711E]c:\Windows\Installer\275c8.msi PowerRecover [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA0A2B44E214C8F40B851D8EEACCFD5F]c:\Windows\Installer\2758d.msi PowerStarter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\42C6FBF1DF1C10144AB2C065F4E9E897]c:\Windows\Installer\275c3.msi PureHD [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\42CAF78BD379F4A4FA4C55F59BB523BD]C:\Windows\Installer\1d987d.msi QuickTime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50D24CD8B0860B148887C6412D6420BD]C:\Windows\Installer\1d98c1.msi Setup [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5FCB9D8DF5F0F3D44872467B36F239EB]C:\Windows\Installer\1d9871.msi Share [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1EBCE48B5DE668E44BBAFD643D2414F1]C:\Windows\Installer\1d9891.msi Share64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7A743BB85B8664E4F9CC716F71B29A1E]C:\Windows\Installer\1d988d.msi SmartSound Common Data [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E9682A8BAC035C04C98FDB37455EE78F]C:\Windows\Installer\1d98cc.msi SmartSound Quicktracks 5 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF3AB8F29AF197246B6917A2BB210FF9]C:\Windows\Installer\1d98d1.msi VIO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8048774C8623EC54EA5177D271931A1F]C:\Windows\Installer\1d9877.msi VSClassic [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\236E09933C2452A4DAFF11103E6DDD74]C:\Windows\Installer\1d989a.msi VSUltimate [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9E120B88214E02342B26BC6DF84F498F]C:\Windows\Installer\1d98af.msi Windows Live [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F1F913432FC79CC43B75A17E2DFFA35C]C:\Windows\Installer\27776.msi Windows Live Communications Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3D04254D3B6B9FF42B3445CE3E1E0066]C:\Windows\Installer\276c0.msi Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\032440EF5AC97F34B985A55C2AA8F133]C:\Windows\Installer\27705.msi Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0EE4E59FE6C037246B9B19DFF670D167]C:\Windows\Installer\276e0.msi Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B53C70A248384AD4A95944B2C6980A37]C:\Windows\Installer\276f0.msi Windows Live Fotogalerie [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C81D311B0B767BF43B928EB96691A46E]C:\Windows\Installer\2774a.msi Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26ABA8B10F47DE741BC84A13825E198B]C:\Windows\Installer\276a4.msi Windows Live Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F132F0B0A6ECD384AA32773B467F9571]C:\Windows\Installer\276cc.msi Windows Live Language Selector [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BC3F6BE54F64F1540A82F7D6D8537D0D]C:\Windows\Installer\276ac.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4999321B058A2E44EB8D7EA01221E461]C:\Windows\Installer\2772a.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E42866C3BBC1584BBF38EFC6D539032]C:\Windows\Installer\2773a.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A563885D93EA72F4DBEA4B7EC2E809C0]C:\Windows\Installer\27732.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A57765D93F393A44082948E08362ED03]C:\Windows\Installer\2771e.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D8E6EAF9686E5F945A47A085FD9D85C0]C:\Windows\Installer\2778b.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\55565908215A0914C9DA0B003CD6B6B6]C:\Windows\Installer\27712.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\624365A647436C148B74243BF941582B]C:\Windows\Installer\276fd.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8464E378E6F66F747A2B6A8FFDBACD6E]C:\Windows\Installer\276e8.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\884FD4BEFEAAF6043A14BCA2AA13B509]C:\Windows\Installer\276d8.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C12E75069EBA9504EAE3B3BE99526E06]C:\Windows\Installer\27783.msi Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E08F45ADC1622A148A5545A941F4F295]C:\Windows\Installer\276b0.msi Windows Live Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4314AE291D01A814191EA5403531A183]C:\Windows\Installer\27746.msi Windows Live Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45B88E4E7774956469A7E2DEE1A6DF38]C:\Windows\Installer\2774e.msi Windows Live Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5DB8CED64757AF740B0894B2BB2EEF3A]C:\Windows\Installer\27793.msi Windows Live Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7F80AB91827CC964A853FBDB6333EB80]C:\Windows\Installer\2775e.msi Windows Live Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9D4227BCACD61F34F838B6E1930AF029]C:\Windows\Installer\27756.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C8D398C0AB171541BC18EB9567EF207]C:\Windows\Installer\2777a.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D262DB9887B64540A5A4F5FE63C38B4]C:\Windows\Installer\276f4.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4CD7BA2CE9849EB488A72562F2ABBD0E]C:\Windows\Installer\276e4.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\775F634D5961F2D4B844CA679CE90020]C:\Windows\Installer\27709.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6ACDB9A3563B764CA384963D73AFB3E]C:\Windows\Installer\276d4.msi Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0FB3B06AB459FA248B8DC2D1436B31AA]C:\Windows\Installer\27752.msi Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A9D4F432C248434EB4F5E358C54947E]C:\Windows\Installer\2775a.msi Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\766F6333940964D4896BC447E3BE5C1B]C:\Windows\Installer\27742.msi Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DFDBABC48F94DF74EBD7CEED270725A5]C:\Windows\Installer\276c4.msi Windows Live SOXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4E3B286A696ED244AC1C470AE61874B]C:\Windows\Installer\276bc.msi Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26CEF00243C306D4C98ECE73E2100CF8]C:\Windows\Installer\276b8.msi Windows Live UX Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E97A59ECCF4EFFF4A857920FB449F22F]C:\Windows\Installer\276c8.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25FF84E9C2802CC4BB76E6010DC94013]C:\Windows\Installer\276dc.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\94A65F901B7ABAA4599B1D034952A41D]C:\Windows\Installer\27772.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BD4C5EB02AE8D384DB177DBE9040C0ED]C:\Windows\Installer\276ec.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDEF50A6E266FB64A85210E0F3C1C996]C:\Windows\Installer\27701.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\076CFAAAB965F2A4284B2449E5D03EFE]C:\Windows\Installer\27722.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2204D958D67BED0469FE9CC0AD62F344]C:\Windows\Installer\27766.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\329710E78F6123E449FEA051B01D69EF]C:\Windows\Installer\2776a.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\60EA627A3AAA1D34783E075F0113F440]C:\Windows\Installer\27762.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AD29A9B3473627846B6452F38126D4F5]C:\Windows\Installer\27797.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CF454FAAAC2892F4BA13A60149587EE6]C:\Windows\Installer\2776e.msi Windows Live Writer Resources [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\11B786265B8581A4B93CD94FEC301F49]C:\Windows\Installer\27787.msi Windows Live Writer Resources [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A59BDD1B7DF71543B1FB2AC9A86976E]C:\Windows\Installer\27726.msi Windows Live Writer Resources [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B144B41D477071489AE1A6376EA2681]C:\Windows\Installer\2772e.msi Windows Live Writer Resources [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EEDB8CDDCACDD4042875E3D8B4874276]C:\Windows\Installer\27736.msi Windows Media Encoder 9 Series [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D00C83EB86A81348A6A7F4D5B1BFDE0]C:\Windows\Installer\1d98c8.msi ==== Empty Folders Check ====================== C:\PROGRA~2\Graboid deleted successfully C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\PROGRA~2\McAfee Security Scan deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Users\nick\AppData\Roaming\DendaGames deleted successfully C:\Users\nick\AppData\Roaming\Malwarebytes deleted successfully C:\Users\nick\AppData\Roaming\TP deleted successfully C:\Users\nick\AppData\Local\Buried In Time deleted successfully C:\Users\nick\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\nick\AppData\Local\EmieSiteList deleted successfully C:\Users\nick\AppData\Local\EmieUserList deleted successfully C:\Users\nick\AppData\Local\PDFC deleted successfully ==== Checking Systemdrive for Symlinks ====================== De volumenaam van station C is OS Het volumenummer is 9880-4045 Map van C:\ 14/07/2009 07:08 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\ProgramData 14/07/2009 07:08 Application Data [C:\ProgramData] 14/07/2009 07:08 Desktop [C:\Users\Public\Desktop] 14/07/2009 07:08 Documents [C:\Users\Public\Documents] 14/07/2009 07:08 Favorites [C:\Users\Public\Favorites] 14/07/2009 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users 14/07/2009 07:08 All Users [C:\ProgramData] 14/07/2009 07:08 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 14/07/2009 07:08 Application Data [C:\ProgramData] 14/07/2009 07:08 Desktop [C:\Users\Public\Desktop] 14/07/2009 07:08 Documents [C:\Users\Public\Documents] 14/07/2009 07:08 Favorites [C:\Users\Public\Favorites] 14/07/2009 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default 14/07/2009 07:08 Application Data [C:\Users\Default\AppData\Roaming] 14/07/2009 07:08 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 14/07/2009 07:08 Local Settings [C:\Users\Default\AppData\Local] 14/07/2009 07:08 My Documents [C:\Users\Default\Documents] 14/07/2009 07:08 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 14/07/2009 07:08 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14/07/2009 07:08 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14/07/2009 07:08 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 14/07/2009 07:08 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14/07/2009 07:08 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 14/07/2009 07:08 Application Data [C:\Users\Default\AppData\Local] 14/07/2009 07:08 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14/07/2009 07:08 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 14/07/2009 07:08 My Music [C:\Users\Default\Music] 14/07/2009 07:08 My Pictures [C:\Users\Default\Pictures] 14/07/2009 07:08 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\nick 31/12/2011 16:48 Application Data [C:\Users\nick\AppData\Roaming] 31/12/2011 16:48 Cookies [C:\Users\nick\AppData\Roaming\Microsoft\Windows\Cookies] 31/12/2011 16:48 Local Settings [C:\Users\nick\AppData\Local] 31/12/2011 16:48 Menu Start [C:\Users\nick\AppData\Roaming\Microsoft\Windows\Start Menu] 31/12/2011 16:48 Mijn documenten [C:\Users\nick\Documents] 31/12/2011 16:48 NetHood [C:\Users\nick\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 31/12/2011 16:48 Netwerkprinteromgeving [C:\Users\nick\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 31/12/2011 16:48 Recent [C:\Users\nick\AppData\Roaming\Microsoft\Windows\Recent] 31/12/2011 16:48 SendTo [C:\Users\nick\AppData\Roaming\Microsoft\Windows\SendTo] 31/12/2011 16:48 Sjablonen [C:\Users\nick\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\nick\AppData\Local 31/12/2011 16:48 Application Data [C:\Users\nick\AppData\Local] 31/12/2011 16:48 Geschiedenis [C:\Users\nick\AppData\Local\Microsoft\Windows\History] 31/12/2011 16:48 Temporary Internet Files [C:\Users\nick\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\nick\AppData\LocalLow 22/08/2012 15:16 PlayReady [C:\ProgramData\Microsoft\PlayReady] 0 bestand(en) 0 bytes Map van C:\Users\nick\AppData\Roaming\Microsoft\Windows\Start Menu 31/12/2011 16:48 Programma's [C:\Users\nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\nick\Documents 31/12/2011 16:48 Mijn afbeeldingen [C:\Users\nick\Pictures] 31/12/2011 16:48 Mijn muziek [C:\Users\nick\Music] 31/12/2011 16:48 Mijn video's [C:\Users\nick\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 14/07/2009 07:08 My Music [C:\Users\Public\Music] 14/07/2009 07:08 My Pictures [C:\Users\Public\Pictures] 14/07/2009 07:08 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 0 bestand(en) 0 bytes 52 map(pen) 876.120.682.496 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2354870282-1231269014-492715774-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-2354870282-1231269014-492715774-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 17 ActiveX Adobe Flash Player 18 NPAPI Adobe Reader XI (11.0.11) - Nederlands Adobe Refresh Manager Anka ATI Catalyst Install Manager ATI Stream SDK v2 Developer Big Fish: Game Manager Boris Graffiti for Corel Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Clutter Contents Corel VideoStudio Pro X4 Ultimate CyberLink DVD Suite Deluxe D3DX10 DeLorme Send To GPS 1.5 DeviceIO disreden do-search uninstall DVD Menu Pack for HP MediaSmart Video FlvPlayer Galerie de photos Windows Live Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Hewlett-Packard ACLM.NET v1.2.2.3 HP Auto HP Client Services HP Customer Experience Enhancements HP MAINSTREAM KEYBOARD HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP Odometer HP Setup HP Setup Manager HP Support Assistant HP Support Information HP Update HP Vision Hardware Diagnostics HydraVision ICA IDT Audio Intel(R) Management Engine Components IPM_VS_Pro ISCOM Junk Mail filter update Kaspersky Internet Security LabelPrint LightScribe System Software Malwarebytes Anti-Malware versie 2.1.6.1022 McAfee Security Scan Plus Microsoft .NET Framework 4.5.1 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Klik-en-Klaar 2010 Microsoft Office Starter 2010 - Nederlands Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Xbox 360 Accessories 1.2 Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 39.0 (x86 nl) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MusicStation Norton Online Backup Octoshape Streaming Services OpenOffice 4.1.0 PDF Complete Special Edition PictureMover PlayReady PC Runtime amd64 PowerCinema NE for Everio PowerDirector PowerDirector Express PowerProducer proDAD Mercalli 2.0 PureHD QuickTime Recovery Manager Robbie Konijn Groep 4 Schipbreuk op Kaaseiland Robbie Konijn Peuter Sprankelsterren in nood Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft .NET Framework 4.5.1 (KB3023224) Security Update for Microsoft .NET Framework 4.5.1 (KB3035490) Security Update for Microsoft .NET Framework 4.5.1 (KB3037581) Share Share64 SmartSound Common Data SmartSound Quicktracks 5 TermBlazer 1.10.0.16 The Fool Torch Unity Web Player Update Installer for WildTangent Games App Utility Chest Toolbar VIO VSClassic VSUltimate Web-Cake 3.00 WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UtilityChest_49Service deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UtilityChest_49Service deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\of8h3j6z.default-1420392932283 user.js not found ---- Lines WebSearch removed from prefs.js ---- user_pref("extensions.mywebsearch.prevKwdEnabled", true); ---- Lines mindspark removed from prefs.js ---- user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.defaultenginename.prev", "MyPlayCity"); user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.defaultenginename.savedPrev", "true"); user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.defaultenginename.tb", "Ask Web Search"); user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.prev", "do-search"); user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.savedPrev", "true"); user_pref("extensions.toolbar.mindspark._4zMembers_.browser.search.selectedEngine.tb", "Ask Web Search"); user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1434385133680"); user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true); user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true); user_pref("extensions.toolbar.mindspark._4zMembers_.toolbar.ownSearch", true); user_pref("extensions.toolbar.mindspark.hp.enabled", false); user_pref("extensions.toolbar.mindspark.hp.enabled.guid", ""); user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com"); ---- Lines ask.com removed from prefs.js ---- user_pref("keyword.URL", "http://int.search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=D83D2A9E-ACAA-4002-AD9B-A82504D2859A&n=781b6606&ind=2015061510&p ---- Lines search.com removed from prefs.js ---- user_pref("browser.search.searchengine.iconURL", "http://do-search.com/favicon.ico"); user_pref("browser.search.searchengine.url", "http://do-search.com/web/?type=ds&ts=1432233989&z=41529cfd8af966bb5029ebfg2z7c2oco3cfcft4t1z&from=cor&ui ---- Lines quick_start removed from prefs.js ---- user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"); user_pref("extensions.quick_start.enable_search1", false); user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); ---- FireFox user.js and prefs.js backups ---- prefs_20150607_2113_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Graboid not found C:\PROGRA~2\McAfee Security Scan not found C:\Users\nick\AppData\Roaming\do-search deleted C:\Users\nick\AppData\Roaming\disreden deleted C:\found.000 deleted C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk deleted C:\Users\nick\AppData\Roaming\RHEng deleted C:\Users\nick\AppData\Roaming\Alawar deleted C:\Users\nick\AppData\Roaming\Alawar Stargaze deleted C:\Users\nick\AppData\Roaming\AlawarEntertainment deleted C:\Users\nick\AppData\Roaming\YoudaGames deleted C:\Users\nick\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\Alawar Stargaze deleted C:\PROGRA~3\Computer Updater deleted C:\PROGRA~3\Funny Bear Studio deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong deleted C:\Users\nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted C:\Users\nick\AppData\LocalLow\PriceGong deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\SafeAppRichList.ocx deleted C:\Windows\Syswow64\CUUpdateComponent.ocx deleted C:\Windows\Syswow64\ComputerUpdaterLM.ocx deleted C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\of8h3j6z.default-1420392932283\searchplugins\ask-web-search.xml deleted C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\of8h3j6z.default-1420392932283\searchplugins\do-search.xml deleted C:\Users\nick\Desktop\Continue Flv Player Installation.lnk deleted "C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\of8h3j6z.default-1420392932283\websearches.sqlite" deleted ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 6127 MB CPU Info: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz CPU Speed: 3387.7 MHz Sound Card: Speakers / Headphones (IDT High | Headphones (RTC) (IDT High Defi | Digital Output (S/PDIF) (IDT Hi | Display Adapters: AMD Radeon HD 6570 | AMD Radeon HD 6570 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1280 X 1024 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: hp DVD A DH16ABLH Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 916.2GB | D: 15.2GB | Q: 0.0MB Hard Disks - Free: C: 815.8GB | D: 1.9GB | Q: 0.0MB Manufacturer *: AMI BIOS Info: AT/AT COMPATIBLE | 10/25/10 | HPQOEM - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: PEGATRON CORPORATION 2AB6 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated) Anti-Spyware: Kaspersky Internet Security disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: Kaspersky Internet Security disabled Default Browser: Firefox 39.0 Internet Explorer Version: 11.0.9600.17843 Mozilla Firefox version: 39.0 (x86 nl) Google Chrome version: 43.0.2357.130 Adobe Reader version: 11.0.11.18 Flash Player version: 18.0.0.194 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2015-07-02 07:46:57 2301304260456CAB0F9BF2083F6ADB56 327168 ----a-w- C:\Windows\IsUn0413.exe 2015-07-02 07:46:54 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\SETUP32.INI ====== C:\Users\nick\AppData\Local\Temp ==== 2015-06-23 15:28:09 947F0D7E7ACA63B0230F9AD578299B80 938296 ----a-w- C:\Users\nick\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\HPWarrantyChecker.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-07-06 18:44:00 E9CD058C79EA15B4AA93E259FA713B07 136408 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-07-06 18:43:45 F49FB3C88E263AE9A246593B0BB29294 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-07-06 18:43:45 54D70409DE6932E9EFA117779611E7A9 107736 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2015-06-10 06:38:54 272C27711C8AA6E7815EE33F8ACA9C66 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-06-10 06:38:53 BF69D973523D539A35807946C6DA7E16 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-06-10 06:38:33 36E0DDD19038C92B7C7709BFA03F813F 69888 ----a-w- C:\Windows\Sysnative\drivers\stream.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-07-06 13:25:31 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-07-02 07:47:18 -------- d-----w- C:\PROGRA~2\Mindscape ======= C: ===== ====== C:\Users\nick\AppData\Roaming ====== 2015-06-11 08:57:53 -------- d-----w- C:\Users\nick\AppData\Local\Windows Live ====== C:\Users\nick ====== 2015-07-06 13:28:27 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\nick\Downloads\RSITx64(1).exe 2015-07-06 13:25:16 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\nick\Downloads\RSITx64.exe 2015-07-02 09:18:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindscape 2015-06-29 08:19:01 B63F7D22431D41D955B498609BEAB36E 1771816 ----a-w- C:\Users\nick\Downloads\amsterdamdiamond_setup.exe 2015-06-25 15:49:28 7ADA94E59E8EEC5C08F5227FF10466B4 1125056 ----a-w- C:\Users\nick\Downloads\flashplayer18axau_gd_install.exe ====== C: exe-files == 2015-07-06 13:28:27 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\nick\Downloads\RSITx64(1).exe 2015-07-06 13:25:31 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\nick.exe 2015-07-06 13:25:16 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\nick\Downloads\RSITx64.exe 2015-07-02 09:18:22 C52D39858A18A892359FFB8FF3840D7B 176128 ----a-w- C:\Program Files (x86)\Mindscape\Robbie Konijn Groep 4 Schipbreuk op Kaaseiland!\Robbie Konijn Groep 4.exe 2015-07-02 09:17:50 5A73B3E22F778F4AB0D951FD9B6A6FCB 53248 ----a-w- C:\Program Files (x86)\Mindscape\Robbie Konijn Groep 4 Schipbreuk op Kaaseiland!\UNINSTALL.EXE 2015-07-02 09:17:49 3D99EEE95566CDCA756C7A9B20732269 159800 ----a-w- C:\Program Files (x86)\Mindscape\Robbie Konijn Groep 4 Schipbreuk op Kaaseiland!\TLCRUN.EXE 2015-07-02 07:48:02 711962F3DCAF76CD01F0B78737ECF613 1090107 ----a-w- C:\Program Files (x86)\Mindscape\Robbie Konijn Peuter Sprankelsterren in nood!\Robbie Konijn Peuter.exe 2015-07-02 07:47:19 EE594224A531FFFA414AC60DC4DE68F0 45056 ----a-w- C:\Program Files (x86)\Mindscape\Robbie Konijn Peuter Sprankelsterren in nood!\TLCRUN.EXE 2015-07-02 07:47:19 5B45590DBECE90C5FC9131CB9E032262 57344 ----a-w- C:\Program Files (x86)\Mindscape\Robbie Konijn Peuter Sprankelsterren in nood!\UNINSTALL.EXE 2015-07-02 07:46:57 2301304260456CAB0F9BF2083F6ADB56 327168 ----a-w- C:\Windows\IsUn0413.exe 2015-07-01 17:18:02 D33C030D87101E7675EDC756FBAEE3C9 888832 ----a-w- C:\Program Files (x86)\MyPlayCity.com\Anka\engine.exe 2015-07-01 17:18:02 4014202C3F6465CA49A1AF9AEB67D8E0 95016 ----a-w- C:\Program Files (x86)\MyPlayCity.com\Anka\Anka.exe 2015-07-01 17:18:02 358B201BE21F0946B4250AC349375F56 707354 ----a-w- C:\Program Files (x86)\MyPlayCity.com\Anka\unins000.exe 2015-07-01 17:18:02 01B834D90DC70B0228A81B12BE15D83C 116736 ----a-w- C:\Program Files (x86)\MyPlayCity.com\Anka\game.exe === C: other files == 2015-07-06 18:44:00 E9CD058C79EA15B4AA93E259FA713B07 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-07-06 18:43:45 F49FB3C88E263AE9A246593B0BB29294 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-07-06 18:43:45 54D70409DE6932E9EFA117779611E7A9 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-07-01 17:18:09 71656357E86A17D3C5A2D5CB44807B21 19425 ----a-w- C:\Program Files (x86)\MyPlayCity.com\Anka\lnchdata\myplaycitygametab.xpi 2015-07-01 07:34:36 71656357E86A17D3C5A2D5CB44807B21 19425 ----a-w- C:\Program Files (x86)\MyPlayCity.com\Isla Dorada - Episode 1 - The Sands of Ephranis\lnchdata\myplaycitygametab.xpi ======== System Restore Points ======== RP370: 30/06/2015 9:30:53 - Windows Update RP371: 1/07/2015 20:43:04 - Windows Update RP372: 5/07/2015 18:19:54 - Windows Update RP373: 6/07/2015 20:55:41 - zoek.exe restore point ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2354870282-1231269014-492715774-1001\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Octoshape Streaming Services"="C:\Users\nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe -inv:bootrun" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe" "BATINDICATOR"="C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" "LaunchHPOSIAPP"="C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" "Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "EverioService"="C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe" "Computer Updater"="C:\Program Files (x86)\Computer Updater\ComputerUp-dater.Exe /boot" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Octoshape Streaming Services"="C:\Users\nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe -inv:bootrun" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" "SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background" "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe silentrun" "BeatsOSDApp"="C:\Program Files\IDT\WDM\beats64.exe" "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" C:\\PROGRA~2\\SEARCH~1\\Datamngr\\x64\\IEBHO.dll " ==== Startup Folders ====================== 2011-07-19 07:01:52 2029 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05/07/2015 20:46] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/10/2014 15:18] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/10/2014 15:18] C:\Windows\tasks\HPCeeScheduleForNICK-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14/09/2010 07:15] C:\Windows\tasks\HPCeeScheduleFornick.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14/09/2010 07:15] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleFornick" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForNICK-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPOSIAPP64" ["%ProgramFiles(x86)%\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe"] "C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe] "C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"] "C:\Windows\SysNative\tasks\{AB5A4280-676C-4F1E-9403-DAF87FF9D878}" [E:\splash.exe] "C:\Windows\SysNative\tasks\{E11502AA-985C-40D8-AA9A-C819EBB74ED4}" [E:\splash.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\of8h3j6z.default-1420392932283 user_pref("browser.startup.homepage", "http://gametab.myplaycity.com"); user_pref("browser.search.defaultenginename", "do-search"); user_pref("browser.search.selectedEngine", "do-search"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sweetsearch@gmail.com"="C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\of8h3j6z.default-1420392932283\extensions\sweetsearch@gmail.com" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04/04/2014 12:36] ==== Firefox Extensions ====================== ProfilePath: C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\of8h3j6z.default-1420392932283 - Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com - Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com - Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com - Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com - Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com - QuickSearch - %ProfilePath%\extensions\searchffv2@gmail.com - Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - Default SearchProtected - %ProfilePath%\extensions\defsearchp@gmail.com.xpi - MyPlayCity Gametab - %ProfilePath%\extensions\myplaycitycom@gametab.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\nick\AppData\Roaming\Mozilla\Firefox\Profiles\of8h3j6z.default-1420392932283 4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash 2820FF3A306D6AEB8BFBBB753BD83EBE - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll - Shockwave Flash EF3CA2A515FEC970E22D2C424A42401E - C:\Users\nick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player DDC4B753983AF90EEDA7360C16D4D39A - C:\Users\nick\AppData\Roaming\Mozilla\plugins\npoctoshape.dll - Octoshape Streaming Services ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.130 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bopakagnckmlgajfccecajhnimjiiedh - No path found[] dbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[] MSS+ Extension - nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh Kaspersky Protection - nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho Google Wallet - nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://do-search.com/?type=hp&ts=1432233989&z=41529cfd8af966bb5029ebfg2z7c2oco3cfcft4t1z&from=cor&uid=SAMSUNGXHD103SJ_S2QPJ9KB605913", "startup_urls": [ "http://do-search.com/?type=hp&ts=1432233989&z=41529cfd8af966bb5029ebfg2z7c2oco3cfcft4t1z&from=cor&uid=SAMSUNGXHD103SJ_S2QPJ9KB605913" ] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://start.myplaycity.com/" "Default_Page_URL"="http://do-search.com/?type=hp&ts=1432233989&z=41529cfd8af966bb5029ebfg2z7c2oco3cfcft4t1z&from=cor&uid=SAMSUNGXHD103SJ_S2QPJ9KB605913" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://do-search.com/web/?type=ds&ts=1432233989&z=41529cfd8af966bb5029ebfg2z7c2oco3cfcft4t1z&from=cor&uid=SAMSUNGXHD103SJ_S2QPJ9KB605913&q={searchTerms}" "Default_Page_URL"="http://do-search.com/?type=hp&ts=1432233989&z=41529cfd8af966bb5029ebfg2z7c2oco3cfcft4t1z&from=cor&uid=SAMSUNGXHD103SJ_S2QPJ9KB605913" "Start Page"="http://start.myplaycity.com/" "Search Page"="http://do-search.com/web/?type=ds&ts=1432233989&z=41529cfd8af966bb5029ebfg2z7c2oco3cfcft4t1z&from=cor&uid=SAMSUNGXHD103SJ_S2QPJ9KB605913&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://do-search.com/web/?type=ds&ts=1432233989&z=41529cfd8af966bb5029ebfg2z7c2oco3cfcft4t1z&from=cor&uid=SAMSUNGXHD103SJ_S2QPJ9KB605913&q={searchTerms}" "Default_Page_URL"="http://do-search.com/?type=hp&ts=1432233989&z=41529cfd8af966bb5029ebfg2z7c2oco3cfcft4t1z&from=cor&uid=SAMSUNGXHD103SJ_S2QPJ9KB605913" "Start Page"="http://start.myplaycity.com/" "Search Page"="http://do-search.com/web/?type=ds&ts=1432233989&z=41529cfd8af966bb5029ebfg2z7c2oco3cfcft4t1z&from=cor&uid=SAMSUNGXHD103SJ_S2QPJ9KB605913&q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://start.myplaycity.com/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{9AD09901-06DD-4DDD-A62D-6D2243B771AB}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_nlBE466" {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} MyPlayCity Url="http://my.myplaycity.com/results.php?category=web&s={searchTerms}" {9AD09901-06DD-4DDD-A62D-6D2243B771AB} MyPlayCity Url="http://start.myplaycity.com/results.php?category=web&s={searchTerms}" {d944bb61-2e34-4dbf-a683-47e505c587dc} eBay Url="http://rover.ebay.com/rover/1/1553-111073-34115-0/4?satitle={searchTerms}&mfe=Desktops" {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF191bc44.TMP was reset successfully C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF7aa0b3.TMP was reset successfully C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2354870282-1231269014-492715774-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf67755f-9265-449c-87cf-b945519e073b} deleted successfully HKEY_USERS\S-1-5-21-2354870282-1231269014-492715774-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{cf67755f-9265-449c-87cf-b945519e073b} deleted successfully HKEY_USERS\S-1-5-21-2354870282-1231269014-492715774-1001\Software\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{cf67755f-9265-449c-87cf-b945519e073b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2354870282-1231269014-492715774-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{cf67755f-9265-449c-87cf-b945519e073b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{cf67755f-9265-449c-87cf-b945519e073b} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\virtualKeyboard@kaspersky.ru deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\sweetsearch@gmail.com deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\nick\Desktop\Anka.lnk - C:\Program Files (x86)\MyPlayCity.com\Anka\Anka.exe C:\Users\nick\Desktop\Clutter.lnk - C:\Program Files (x86)\MyPlayCity.com\Clutter\Clutter.exe C:\Users\nick\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe C:\Users\nick\Desktop\Imperia Online.lnk - C:\Users\nick\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\nick\Desktop\The Fool.lnk - C:\Program Files (x86)\MyPlayCity.com\The Fool\The Fool.exe C:\Users\nick\Desktop\Veilig Bankieren.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe -safebanking ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk - C:\Program Files (x86)\Corel\Corel VideoStudio Pro X4\vstudio.exe C:\Users\Public\Desktop\FlvPlayer.lnk - C:\Users\nick\AppData\Roaming\FlvPlayer\FlvPlayerApp.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Kaspersky Internet Security.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll C:\Users\Public\Desktop\Meer Fantastische Spellen.lnk - C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe C:\Users\Public\Desktop\PowerCinema NE for Everio.lnk - C:\Program Files (x86)\CyberLink\PCM4Everio\PCM4Everio.exe C:\Users\Public\Desktop\Snapfish PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer\FlvPlayer.lnk - C:\Users\nick\AppData\Roaming\FlvPlayer\FlvPlayerApp.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer\Uninstall.lnk - C:\Users\nick\AppData\Roaming\FlvPlayer\Uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Robbie Konijn Peuter Sprankelsterren in nood.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindscape\Robbie Konijn\Robbie Konijn Groep 4 Schipbreuk op Kaaseiland.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com\The Fool\MyPlayCity Games.lnk - C:\Program Files (x86)\MyPlayCity.com\The Fool\MyPlayCity.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com\The Fool\Play Online Games.lnk - C:\Program Files (x86)\MyPlayCity.com\The Fool\PlayOnlineGames.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com\The Fool\The Fool Homepage.lnk - C:\Program Files (x86)\MyPlayCity.com\The Fool\homepage.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com\The Fool\The Fool.lnk - C:\Program Files (x86)\MyPlayCity.com\The Fool\The Fool.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com\The Fool\Readme\License.lnk - C:\Program Files (x86)\MyPlayCity.com\The Fool\license.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com\The Fool\Readme\Readme.lnk - C:\Program Files (x86)\MyPlayCity.com\The Fool\readme.txt ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Anka.lnk - C:\Program Files (x86)\MyPlayCity.com\Anka\Anka.exe C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Clutter.lnk - C:\Program Files (x86)\MyPlayCity.com\Clutter\Clutter.exe C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\The Fool.lnk - C:\Program Files (x86)\MyPlayCity.com\The Fool\The Fool.exe C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk - C:\Users\nick\AppData\Local\Torch\Application\torch.exe C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - hp.lnk - C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe /src quicklaunch /dp hpcpc1c11 C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,Options_RunDLL 1 C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST (2).lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\nick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe ==== Uninstall List x64 ====================== Adobe Flash Player 17 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Flash Player 18 NPAPI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] Adobe Reader XI (11.0.11) - Nederlands [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1043-7B44-AB0000000001}] Adobe Refresh Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824144531}] Anka [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anka_is1] ATI Catalyst Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}] ATI Stream SDK v2 Developer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}] Big Fish: Game Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BFGC] Boris Graffiti for Corel [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{48A00644-2D97-43B5-A614-603DECF3E5F6}] Boris Graffiti for Corel [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F9A07EDE-6FD0-41EA-AAF2-D0C8DD4984D8}] Catalyst Control Center - Branding [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D4C2961-3353-4C56-B0B8-82AC1923695F}] Catalyst Control Center Graphics Previews Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DBF625A1-9F84-1533-E08E-D1EBBE5001DD}] Catalyst Control Center Graphics Previews Vista [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E38ABC5-71C2-04D8-62F0-C44B53E7DED8}] Catalyst Control Center InstallProxy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AEDDD2D4-0BE7-71D9-2091-9F8AA4A4806D}] Catalyst Control Center Localization All [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28CD5009-54CA-ED14-6A17-47803585FF5F}] ccc-core-static [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A41AD80-C9C8-3CD0-2BEA-05731A9483DF}] ccc-utility64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3184267F-B0D9-0657-D705-0C700B481A18}] CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5208F7DB-9DAA-E5CA-EEC3-1B004D66A8EB}] CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DA021B-1C01-36D0-ABDF-3B9BED567EED}] CCC Help Czech [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{913E7600-FA3A-B125-1EA6-391D59C258F6}] CCC Help Danish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1826A2E3-22EE-ACC6-BB3A-80EEFF23167A}] CCC Help Dutch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F4C493B-28D8-5054-13E9-91F05903887B}] CCC Help English [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E141B1E0-BA8A-750F-4106-FC6AAB8950E0}] CCC Help Finnish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1A66A9AD-7BC1-8E9C-25EE-A5C2B07FA59E}] CCC Help French [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B31D9B68-A844-191A-C652-4EA715A8CD92}] CCC Help German [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4BDC0530-445B-47F2-36A0-758DE8903B44}] CCC Help Greek [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C6FD5FE2-3635-0C15-6D3C-95FCAA51A3CE}] CCC Help Hungarian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BE05B1E6-3C47-32DC-113B-7DB85FD6BE75}] CCC Help Italian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C9CA30C-E2B7-0D3A-291D-4808973E6F8C}] CCC Help Japanese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D9742D19-38EE-B2BE-5902-44130C4008FA}] CCC Help Korean [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F095F8-3F66-528A-0BF6-DF1A7B304EC0}] CCC Help Norwegian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9AEDD629-A40E-5EB1-2E70-E84DDE915C16}] CCC Help Polish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28D1AF2F-9574-DABC-BA08-72F3356960D2}] CCC Help Portuguese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0E59637F-DA32-E400-92F6-3E84DB1DFB8D}] CCC Help Russian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{959DFE5E-B55F-4A0A-9E71-2970C98C3164}] CCC Help Spanish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{38069E07-617C-8074-4F67-BAFFFBB7E7FA}] CCC Help Swedish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B3435D6A-B061-D8E5-C9AD-2D63C823C50C}] CCC Help Thai [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DE6E96CA-AD23-BBD7-4304-B6D4EA0F1933}] CCC Help Turkish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13FED2DC-8185-351F-72B2-C1CAB3A8860B}] Clutter [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Clutter_is1] Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C6017EEA-9E51-4129-84BA-EFA9520E69D8}] Contents [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}] Corel VideoStudio Pro X4 Ultimate [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\_{AA902C31-B49D-4608-BCCF-2519EB77722D}] CyberLink DVD Suite Deluxe [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}] CyberLink DVD Suite Deluxe [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}] D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}] DeLorme Send To GPS 1.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1] DeviceIO [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}] disreden [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1fc4f900-38a8-489a-7109-c56237d86f3d}] do-search uninstall [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\do-search uninstall] DVD Menu Pack for HP MediaSmart Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}] DVD Menu Pack for HP MediaSmart Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}] FlvPlayer [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\FlvPlayer] Galerie de photos Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{488F0347-C4A7-4374-91A7-30818BEDA710}] Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Earth [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{817750FA-EC6A-485D-9901-0683AE6FFDF1}] Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] Google Toolbar for Internet Explorer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] Hewlett-Packard ACLM.NET v1.2.2.3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}] HP Auto [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}] HP Client Services [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}] HP Customer Experience Enhancements [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07FA4960-B038-49EB-891B-9F95930AA544}] HP MAINSTREAM KEYBOARD [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}] HP MediaSmart DVD [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DCCAD079-F92C-44DA-B258-624FC6517A5A}] HP MediaSmart DVD [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}] HP MediaSmart Music [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}] HP MediaSmart Music [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}] HP MediaSmart Photo [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}] HP MediaSmart Photo [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}] HP MediaSmart SmartMenu [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}] HP MediaSmart Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D12E3E7F-1B13-4933-A915-16C7DD37A095}] HP MediaSmart Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}] HP Odometer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B8AC1A89-FFD1-4F97-8051-E505A160F562}] HP Setup [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{53469506-A37E-4314-A9D9-38724EC23A75}] HP Setup Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AE856388-AFAD-4753-81DF-D96B19D0A17C}] HP Support Assistant [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}] HP Support Information [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}] HP Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}] HP Vision Hardware Diagnostics [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D79A02E9-6713-4335-9668-AAC7474C0C0E}] HydraVision [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{751D221F-7C37-C83F-1973-A1F92A0F4DF6}] ICA [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AA902C31-B49D-4608-BCCF-2519EB77722D}] IDT Audio [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}] Intel(R) Management Engine Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}] IPM_VS_Pro [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A567895C-1D23-48ED-BE83-FB3ED7D30442}] ISCOM [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D68897FC-7E8D-4849-819A-726B2489713C}] Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}] Kaspersky Internet Security [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{653C1B5A-3287-47B1-8613-0745D4E771C4}] Kaspersky Internet Security [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}] LabelPrint [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}] LabelPrint [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}] LightScribe System Software [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}] Malwarebytes Anti-Malware versie 2.1.6.1022 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] McAfee Security Scan Plus [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan] Microsoft .NET Framework 4.5.1 (Nederlands) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043] Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}] Microsoft .NET Framework 4.5.1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Office Klik-en-Klaar 2010 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.Click2Run] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}] Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{071c9b48-7c32-4621-a0ac-3f809523288f}] Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}] Microsoft Xbox 360 Accessories 1.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}] Movie Theme Pack for HP MediaSmart Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3023EBDA-BF1B-4831-B347-E5018555F26E}] Movie Theme Pack for HP MediaSmart Video [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}] Mozilla Firefox 39.0 (x86 nl) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 39.0 (x86 nl)] Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService] MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}] MSVCRT_amd64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}] MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}] MusicStation [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MusicStationNetstaller] Norton Online Backup [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}] Octoshape Streaming Services [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Octoshape Streaming Services] OpenOffice 4.1.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E8A54536-FC41-45AB-9E24-114A0127118C}] PDF Complete Special Edition [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PDF Complete] PictureMover [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{264FE20A-757B-492a-B0C3-4009E2997D8A}] PlayReady PC Runtime amd64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}] PowerCinema NE for Everio [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{39CEE1F2-12B6-4C50-9131-04BFCA110578}] PowerDirector [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] PowerDirector [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}] PowerDirector Express [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EDE721EC-870A-11D8-9D75-000129760D75}] PowerProducer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B7A0CE06-068E-11D6-97FD-0050BACBF861}] proDAD Mercalli 2.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\proDAD-Mercalli-2.0] PureHD [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}] QuickTime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DC42D05-680B-41B0-8878-6C14D24602DB}] Recovery Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}] Setup [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}] Share [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}] Share64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8BB347A7-68B5-4E46-9FCC-17F6172BA9E1}] SmartSound Common Data [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}] SmartSound Common Data [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}] SmartSound Quicktracks 5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}] SmartSound Quicktracks 5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}] TermBlazer 1.10.0.16 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TermBlazer_1.10.0.16] The Fool [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The Fool_is1] Torch [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Torch] Unity Web Player [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer] Update Installer for WildTangent Games App [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App] Utility Chest Toolbar [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\UtilityChest_49bar Uninstall] VIO [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C4778408-3268-45CE-AE15-772D1739A1F1}] VSClassic [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3990E632-42C3-4A25-ADFF-1101E3D6DD47}] VSUltimate [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{88B021E9-E412-4320-B262-CBD68FF494F8}] Web-Cake 3.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}] WildTangent Games App (HP Games) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp] Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}] Windows Live [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite] Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A07C35B-8384-4DA4-9A95-442B6C89A073}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}] Windows Live Fotogalerie [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B113D18C-67B0-4FB7-B329-E89B66194AE6}] Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1B8ABA62-74F0-47ED-B18C-A43128E591B8}] Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}] Windows Live Language Selector [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B1239994-A850-44E2-BED8-E70A21124E16}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C66824E4-CBB3-4851-BB3F-E8CFD6350923}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D588365A-AE39-4F27-BDAE-B4E72C8E900C}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6057E21C-ABE9-4059-AE3E-3BEB9925E660}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A563426-3474-41C6-B847-42B39F1485B2}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{80956555-A512-4190-9CAD-B000C36D6B6B}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}] Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA54F80E-261C-41A2-A855-549A144F2F59}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19BA08F7-C728-469C-8A35-BFBD3633BE08}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4E88B54-4777-4659-967A-2EED1E6AFD83}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BD262D0-B788-4546-A0A5-F4F56EC3834B}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C893D8C0-1BA0-4517-B11C-E89B65E72F70}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D436F577-1695-4D2F-8B44-AC76C99E0002}] Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}] Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34F4D9A4-42C2-4348-BEF4-E553C84549E7}] Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}] Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}] Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}] Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}] Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{09F56A49-A7B1-4AAB-95B9-D13094254AD1}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9E48FF52-082C-4CC2-BB67-6E10D09C0431}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3B9A92DA-6374-4872-B646-253F18624D5F}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7E017923-16F8-4E32-94EF-0A150BD196FE}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{859D4022-B76D-40DE-96EF-C90CDA263F44}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAF454FC-82CA-4F29-AB31-6A109485E76E}] Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{14B441B7-774D-4170-98EA-A13667AE6218}] Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}] Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{62687B11-58B5-4A18-9BC3-9DF4CE03F194}] Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}] Windows Media Encoder 9 Series [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}] Windows Media Encoder 9 Series [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Encoder 9] ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1fc4f900-38a8-489a-7109-c56237d86f3d} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\009f4cf18a83a98417905c26738df6d3 deleted successfully ==== HijackThis Entries ====================== R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: (no name) - {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll (file missing) O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [EverioService] "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [Computer Updater] "C:\Program Files (x86)\Computer Updater\ComputerUp-dater.Exe" /boot O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm O9 - Extra button: Virtueel Toetsenbord - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Controle van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Kaspersky Anti-Virus-service 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: TB 1.10.0.16 Client Service (tbsvc_1.10.0.16) - TB - C:\Program Files (x86)\TermBlazer_1.10.0.16\Service\tbsvc.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.] Octoshape Streaming Services = "C:\Users\nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun [Octoshape ApS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} BeatsOSDApp = C:\Program Files\IDT\WDM\beats64.exe hpsysdrv = c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [Hewlett-Packard] SysTrayApp = C:\Program Files\IDT\WDM\sttray64.exe SmartMenu = C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [null data] XboxStat = "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.] PDF Complete = C:\Program Files (x86)\PDF Complete\pdfsty.exe [PDF Complete Inc] BATINDICATOR = C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [Hewlett-Packard] LaunchHPOSIAPP = C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [Hewlett-Packard] Norton Online Backup = C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [Symantec Corporation] Easybits Recovery = C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [file not found] QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.] HP Software Update = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard] (Default) = (empty string) [file not found] EverioService = "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe" [CyberLink Corp.] Computer Updater = "C:\Program Files (x86)\Computer Updater\ComputerUp-dater.Exe" /boot [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\(Default) = ContentBlockerBrowserHelperObject -> {HKLM...CLSID} = Content Blocker Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Kaspersky Lab ZAO] -> {HKLM...Wow...CLSID} = Content Blocker Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Kaspersky Lab ZAO] {73455575-E40C-433C-9784-C78DC7761455}\(Default) = VirtualKeyboardBrowserHelperObject -> {HKLM...CLSID} = Virtual Keyboard Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Kaspersky Lab ZAO] -> {HKLM...Wow...CLSID} = Virtual Keyboard Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Kaspersky Lab ZAO] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\(Default) = Safe Money Plugin -> {HKLM...CLSID} = Safe Money Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [Kaspersky Lab ZAO] -> {HKLM...Wow...CLSID} = Safe Money Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [Kaspersky Lab ZAO] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] -> {HKLM...Wow...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\(Default) = (no title provided) -> {HKLM...CLSID} = DataMngr \InProcServer32\(Default) = C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL [file not found] {E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = link filter bho -> {HKLM...CLSID} = URL Advisor Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [Kaspersky Lab ZAO] -> {HKLM...Wow...CLSID} = URL Advisor Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [Kaspersky Lab ZAO] {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\(Default) = HP Network Check Helper -> {HKLM...CLSID} = HP Network Check Helper \InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [Hewlett-Packard] -> {HKLM...Wow...CLSID} = HP Network Check Helper \InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [Hewlett-Packard] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\(Default) = MSS+ Identifier -> {HKLM...CLSID} = MSS+ Identifier \InProcServer32\(Default) = C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [McAfee, Inc.] -> {HKLM...Wow...CLSID} = MSS+ Identifier \InProcServer32\(Default) = C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [McAfee, Inc.] {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}\(Default) = ContentBlockerBrowserHelperObject -> {HKLM...CLSID} = Content Blocker Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Kaspersky Lab ZAO] -> {HKLM...Wow...CLSID} = Content Blocker Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [Kaspersky Lab ZAO] {73455575-E40C-433C-9784-C78DC7761455}\(Default) = VirtualKeyboardBrowserHelperObject -> {HKLM...CLSID} = Virtual Keyboard Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Kaspersky Lab ZAO] -> {HKLM...Wow...CLSID} = Virtual Keyboard Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Kaspersky Lab ZAO] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}\(Default) = Safe Money Plugin -> {HKLM...CLSID} = Safe Money Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [Kaspersky Lab ZAO] -> {HKLM...Wow...CLSID} = Safe Money Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [Kaspersky Lab ZAO] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] -> {HKLM...Wow...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {E33CF602-D945-461A-83F0-819F76A199F8}\(Default) = link filter bho -> {HKLM...CLSID} = URL Advisor Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [Kaspersky Lab ZAO] -> {HKLM...Wow...CLSID} = URL Advisor Plugin \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [Kaspersky Lab ZAO] {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\(Default) = HP Network Check Helper -> {HKLM...CLSID} = HP Network Check Helper \InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [Hewlett-Packard] -> {HKLM...Wow...CLSID} = HP Network Check Helper \InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [Hewlett-Packard] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension -> {HKLM...CLSID} = DisplayCplExt Class \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.] {5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.] {5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1} = NSE_WithSubFld -> {HKLM...CLSID} = NSE_WithSubFld \InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\Recovery\Protect.dll [null data] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice Property Handler -> {HKLM...CLSID} = OpenOffice Property Handler \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll [Apache Software Foundation] {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2} = Scan with Kaspersky Anti-Virus -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\shellex.dll [Kaspersky Lab ZAO] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {DBD8E168-244D-448C-9922-25508950D1DC} = Ulead UDF Driver -> {HKLM...Wow...CLSID} = USIShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Ulead Systems\DVD\USIShex.dll [Ulead Systems, Inc.] {AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice Property Handler -> {HKLM...Wow...CLSID} = OpenOffice Property Handler \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl.dll [Apache Software Foundation] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice Column Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation] {087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice Infotip Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation] {63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice Property Sheet Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation] {3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice Thumbnail Viewer -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation] {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2} = Scan with Kaspersky Anti-Virus -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll [Kaspersky Lab ZAO] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ <> AppInit_DLLs = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll [file not found] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus 15.0.0\(Default) = {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\shellex.dll [Kaspersky Lab ZAO] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll [Kaspersky Lab ZAO] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus 15.0.0\(Default) = {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\shellex.dll [Kaspersky Lab ZAO] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll [Kaspersky Lab ZAO] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000} -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice Column Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll [Apache Software Foundation] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus 15.0.0\(Default) = {BD8BB16E-84EC-485E-8F58-9BD1FEFB8EE2} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\shellex.dll [Kaspersky Lab ZAO] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\shellex.dll [Kaspersky Lab ZAO] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ EnableShellExecuteHooks = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableLockWorkstation = (REG_DWORD) dword:0x00000000 {unrecognized setting} DisableTaskMgr = (REG_DWORD) dword:0x00000000 {unrecognized setting} DisableChangePassword = (REG_DWORD) dword:0x00000000 {unrecognized setting} DisableRegistryTools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ HideFastUserSwitching = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\nick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ HPMSDVDPlayDVDMovieOnArrival\ Provider = HP MediaSmart DVD InvokeProgID = DVD InvokeVerb = PlayWithHPMediaSmartDVD HKLM\SOFTWARE\Classes\DVD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.] HPMSDVDPlayVCDMovieOnArrival\ Provider = HP MediaSmart DVD InvokeProgID = VCD InvokeVerb = PlayWithHPMediaSmartDVD HKLM\SOFTWARE\Classes\VCD\shell\PlayWithHPMediaSmartDVD\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.] MediaSmartDVFilesArrival\ Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\MUITransfer\HPEnvRes.dll,-101 ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe" video dv HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] MediaSmartPhotoPictureFilesArrival\ Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\MUITransfer\HPEnvRes.dll,-101 InvokeProgID = Picture InvokeVerb = PlayWithMediaSmartPhoto HKLM\SOFTWARE\Classes\Picture\shell\PlayWithMediaSmartPhoto\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe" photo import "%L" [CyberLink Corp.] MediaSmartVideoFilesArrival\ Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\MUITransfer\HPEnvRes.dll,-101 InvokeProgID = VideoFiles InvokeVerb = PlayWithMediaSmartVideo HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithMediaSmartVideo\Command\(Default) = "C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe" video import "%L" [CyberLink Corp.] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMEncVCArrival\ Provider = Windows Media Encoder 9 Series ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] PDirDVArrival\ Provider = PowerDirector ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe" /DV HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] PDirXDVArrival\ Provider = PowerDirector Express ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerDirector Express\PDX.exe" /DV HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] PPCDBurningOnArrival\ Provider = PowerProducer InvokeProgID = Picture InvokeVerb = OpenWithPowerProducer HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe" [CyberLink] PPDCameraArrival\ Provider = PowerProducer InvokeProgID = Picture InvokeVerb = OpenWithPowerProducer HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe" [CyberLink] PPDVArrival\ Provider = PowerProducer ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerProducer\Producer.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] PStarterBlankCDArrival\ Provider = DVD Suite Deluxe InvokeProgID = BlankCD InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PS.exe" "%L" [CyberLink Corp.] PStarterDVDBurningOnArrival\ Provider = DVD Suite Deluxe InvokeProgID = BlankDVD InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PS.exe" "%L" [CyberLink Corp.] PStarterMixedCDArrival\ Provider = DVD Suite Deluxe InvokeProgID = MixedContent InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PS.exe" "%L" [CyberLink Corp.] PStarterMusicFilesArrival\ Provider = DVD Suite Deluxe InvokeProgID = MusicFiles InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PS.exe" "%L" [CyberLink Corp.] PStarterPicturesArrival\ Provider = DVD Suite Deluxe InvokeProgID = Picture InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PS.exe" "%L" [CyberLink Corp.] PStarterVideoFilesArrival\ Provider = DVD Suite Deluxe InvokeProgID = VideoFiles InvokeVerb = OpenWithPowerStarter HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\PS.exe" "%L" [CyberLink Corp.] VSX4VideoCameraArrival\ Provider = Corel VideoStudio Pro ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\Corel\Corel VideoStudio Pro X4\\vstudio.exe" /T:UVSClassic /parameters:Step=0,Handler=VideoCameraArrival,DeviceHint=%1 HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] WIA_{BEE6156E-FF18-4592-BA31-53457140584C}\ Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\MUITransfer\HPEnvRes.dll,-101 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe.exe photo import wpd %1 %2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{F5C7F58A-12E5-4357-8B2F-5F8057D8EF70}\ Provider = @C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\MUITransfer\HPEnvRes.dll,-101 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe.exe video import wpd %1 %2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "nick" & "All Users" startup folders: ------------------------------------------------------ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++} Snapfish PictureMover -> shortcut to: C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe -det [Hewlett-Packard Company] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Acrobat Update Task -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] HPCeeScheduleFornick -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleFornick (null) [null data] HPCeeScheduleForNICK-HP$ -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForNICK-HP$ (null) [null data] HPOSIAPP64 -> launches: "%ProgramFiles(x86)%\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe" [null data] RMCreator -> launches: C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [CyberLink] ServicePlan -> launches: "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" ServicePlan ShowMessageTask15D [null data] {093ACFB1-CD55-45D2-9DA1-F55608296452} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\nick\Downloads\silentville_setup(1).exe -d C:\Users\nick\Downloads [MS] {4C59EEEA-34A5-419A-B2D0-BC861820C1B1} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\nick\Downloads\nataliebrooks_setup.exe -d C:\Users\nick\Downloads [MS] {54A1FB3D-F632-4A8C-B25B-1C22A9230B3D} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\nick\Downloads\aroundtheworld_setup(2).exe -d C:\Users\nick\Downloads [MS] {7086AAB5-1721-45BE-8F82-0C99E338F9C2} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BX3S8TPB\dotnetfx3setup.exe" -d C:\Users\nick\Desktop [MS] {71B930DA-4EE1-4B7F-9579-BB5A3D0646F3} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\nick\Downloads\GamersUnite_SnagBar.exe -d C:\Users\nick\Desktop [MS] {8708B525-1B63-4AE5-8857-D6184206EBB0} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKAO2PER\GamersUnite_SnagBar.exe" -d C:\Users\nick\Desktop [MS] {9BC32518-AEE8-47CE-908B-3D780CC6A817} -> launches: C:\Windows\system32\pcalua.exe -a E:\autorun.exe -d E:\ [MS] {9E751723-2759-4410-A8B7-1A25092D9ADF} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\nick\Downloads\cursedonboard_setup.exe -d C:\Users\nick\Downloads [MS] {A6D924F5-FF7F-4A70-8077-A362F4B08FB7} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\nick\Downloads\darkangels_setup.exe -d C:\Users\nick\Downloads [MS] {AB5A4280-676C-4F1E-9403-DAF87FF9D878} -> launches: E:\splash.exe [file not found] {D5A2A131-1B5F-4EE7-9FC8-0A5ED623AC0F} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\nick\Downloads\enchantedkingdom_setup.exe -d C:\Users\nick\Downloads [MS] {E11502AA-985C-40D8-AA9A-C819EBB74ED4} -> launches: E:\splash.exe [file not found] {F0112FDE-CC6D-4EF2-8BE8-B3D6D5207204} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\nick\Downloads\zamolxes_setup.exe -d C:\Users\nick\Downloads [MS] C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant HP Support Assistant Quick Start -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart [null data] HPSAObjUtilTask -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [null data] PC Health Analysis -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis [null data] Update Check -> launches: C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe /s /p 1 [null data] WarrantyChecker_DeviceScan -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS] LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS] refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers refreshgwxconfig-B -> launches: schtasks /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000006\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000007\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000008\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000006\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000007\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000008\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...Wow...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {0C4CC089-D306-440D-9772-464E226F6539}\ ButtonText = Virtueel Toetsenbord CLSIDExtension = {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} -> {HKLM...CLSID} = VirtualKeyboardToolbarButtonHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Kaspersky Lab ZAO] {25510184-5A38-4A99-B273-DCA8EEF6CD08}\ ButtonText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 MenuText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 Exec = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [null data] {CCF151D8-D089-449F-A5A4-D9909053F20F}\ ButtonText = Controle van URL's CLSIDExtension = {CCF151D8-D089-449F-A5A4-D9909053F20F} -> {HKLM...CLSID} = FilterButtonHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [Kaspersky Lab ZAO] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {0C4CC089-D306-440D-9772-464E226F6539}\ ButtonText = Virtueel Toetsenbord CLSIDExtension = {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} -> {HKLM...Wow...CLSID} = VirtualKeyboardToolbarButtonHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [Kaspersky Lab ZAO] {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS] {25510184-5A38-4A99-B273-DCA8EEF6CD08}\ ButtonText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 MenuText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 Exec = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [null data] {CCF151D8-D089-449F-A5A4-D9909053F20F}\ ButtonText = Controle van URL's CLSIDExtension = {CCF151D8-D089-449F-A5A4-D9909053F20F} -> {HKLM...Wow...CLSID} = FilterButtonHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [Kaspersky Lab ZAO] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD] Andrea ST Filters Service, AESTFilters, C:\Program Files\IDT\WDM\AESTSr64.exe [Andrea Electronics Corporation] Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS] Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS] Audio Service, STacSV, C:\Program Files\IDT\WDM\STacSV64.exe [IDT, Inc.] Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS] Cyberlink RichVideo Service(CRVS), RichVideo, "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [empty string] Diagnostics Tracking Service, DiagTrack, C:\Windows\System32\svchost.exe -k utcsvc {C:\Windows\system32\diagtrack.dll [MS]} Easybits Services for Windows, ezSharedSvc, C:\Windows\System32\ezSharedSvcHost.exe [file not found] HP Client Services, HPClientSvc, "C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe" [Hewlett-Packard Company] HP Support Assistant Service, HP Support Assistant Service, "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [null data] Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation] Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation] Kaspersky Anti-Virus-service 15.0.0, AVP15.0.0, "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe" -r [Kaspersky Lab ZAO] LightScribeService Direct Disc Labeling Service, LightScribeService, "c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [Hewlett-Packard Company] MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation] MBAMService, MBAMService, "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [Malwarebytes Corporation] Norton Online Backup, NOBU, "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [Symantec Corporation] PDF Document Manager, pdfcDispatcher, C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [PDF Complete Inc] PnkBstrA, PnkBstrA, C:\Windows\system32\PnkBstrA.exe [file not found] PnkBstrB, PnkBstrB, C:\Windows\system32\PnkBstrB.exe [file not found] Protexis Licensing V2, PSI_SVC_2, "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [Protexis Inc.] TB 1.10.0.16 Client Service, tbsvc_1.10.0.16, "C:\Program Files (x86)\TermBlazer_1.10.0.16\Service\tbsvc.exe" [TB] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> PEVSystemStart, Service Accessibility Tools: -------------------- HKCU\Software\Microsoft\Windows NT\CurrentVersion\AccessibilityTemp\ magnifierpane = dword:0x00000000 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs\magnifierpane\ Description = Screen Magnifier StartExe = C:\Windows\System32\Magnify.exe [MS] Keyboard Driver Filters: ------------------------ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ <> UpperFilters = <> klkbdflt [Kaspersky Lab ZAO],kbdclass [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ LIDIL hpzlllhn\Driver = hpzlllhn.dll [Hewlett-Packard Company] PDFC\Driver = pdfc_port.dll [PDF Complete, Inc.] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\nick\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\nick\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\nick\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\nick\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\nick\AppData\Local\Mozilla\Firefox\Profiles\of8h3j6z.default-1420392932283\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\nick\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=174 folders=63 155624529 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\nick\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\nick\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 06/07/2015 at 21:26:06,61 ======================