Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by lars on za 18-07-2015 at 8:29:33,67. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\lars\Downloads\zoek.exe [Scan all users] [Checkboxes used] ==== Older Logs ====================== C:\zoek-results2015-07-17-062702.log 33914 bytes ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\svchost.exe -k utcsvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GregHSRW.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\igfxtray.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Windows\system32\GWX\GWX.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\CCleaner\CCleaner64.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\servicing\TrustedInstaller.exe C:\Users\lars\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\CompatTelRunner.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe C:\Windows\system32\GWX\GWXConfigManager.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\sppsvc.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe ==== Windows Installer Info ====================== 64 Bit HP CIO Components Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09F3F5435050FDE47B9AE5A31CCAC64E]C:\Windows\Installer\19d79b.msi 7-Zip 9.20 (x64 edition) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\96F071321C0420729002000010000000]C:\Windows\Installer\360908.msi Ableton Live 9 Suite [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\81C335E25937BAE45B5F8119CF95D197]C:\Windows\Installer\ec26b9.msi Acrobat.com [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4AFCE782A91734120AB96D1AD25EE404]C:\Windows\Installer\20d492.msi Adblock Plus voor IE (32-bit en 64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D053B95E9F8F2FF4CB07BD18F71A386B]C:\Windows\Installer\112f4f8.msi Adobe AIR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2D93B5A06DE79774CB9C733F1831D93B]c:\Windows\Installer\d3631.msi Adobe Reader XI (11.0.12) - Nederlands [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73401B744BA0000000010]C:\Windows\Installer\3195e.msi Adobe Refresh Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008142412751]C:\Windows\Installer\4d8e26.msi Apple Application Support [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\277C90D53BCEB244C96C4B43C187DF2C]C:\Windows\Installer\13d6d23.msi Apple Software Update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\46B5A9879DD95AB419A50FCFA0B1B7EF]C:\Windows\Installer\13d6d1e.msi Call of Duty(R) 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\49750A0D2C8442441AA5F902CFDF3D47]C:\Windows\Installer\4cba8.msi Command & ConquerT Red AlertT 3 Uprising [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\71695EDDA95FB374CBE42C8BF1C63DD8]C:\Windows\Installer\d5e9da.msi Compatibiliteitspakket voor het 2007 Microsoft Office system [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109020031400000000000F01FEC]c:\Windows\Installer\95187.msi D3DX10 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BD4C90EC03660F46A13E87A329932FA]C:\Windows\Installer\6709d.msi eSobi v2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5B769D51EB4AEA24E94846DC60B252AA]C:\Windows\Installer\20d4a2.msi FIFA 08 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9305A2A0F73BD9841BCD5A52D89F6E79]C:\Windows\Installer\194934.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\2e1c6a.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC]C:\Windows\Installer\7f1d3.msi Java 8 Update 31 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF2381208130F]C:\Windows\Installer\2fd463.msi Java 8 Update 51 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF2381208150F]C:\Windows\Installer\12f7ca.msi Junk Mail filter update [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E0BA6F1DDC839B4A832AAE92BEFCF4E]C:\Windows\Installer\6710d.msi Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2FA0BBE92DA4ABA359FE79E7EB1ABC90]C:\Windows\Installer\d769f.msi Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6414876250E69FF3395387C6C7F05BEB]C:\Windows\Installer\11f5375.msi Microsoft Access 2000 Runtime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\804081001E872D116BF00006799C897E]C:\Windows\Installer\1403896.msi Microsoft Application Error Reporting [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021599B0090400100000000F01FEC]C:\Windows\Installer\950c2.msi Microsoft Games for Windows - LIVE Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0ED9D238CFA898648991D4BBEDDBE3F4]C:\Windows\Installer\208d29.msi Microsoft Games for Windows Marketplace [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C7030BC4E565144468EBD02F4EBF28C8]C:\Windows\Installer\aa2e04.msi Microsoft Office Access MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109510031400000000000F01FEC]C:\Windows\Installer\95158.msi Microsoft Office Excel MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109610031400000000000F01FEC]C:\Windows\Installer\9511f.msi Microsoft Office Excel MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109610090400000000000F01FEC]C:\Windows\Installer\a9731.msi Microsoft Office File Validation Add-In [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109500200000000000000F01FEC]C:\Windows\Installer\f512f.msi Microsoft Office Groove MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109AB0031400000000000F01FEC]C:\Windows\Installer\95162.msi Microsoft Office Home and Student 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119F20000000000000000F01FEC]C:\Windows\Installer\a9778.msi Microsoft Office InfoPath MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109440031400000000000F01FEC]C:\Windows\Installer\95136.msi Microsoft Office O MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109001031400000000000F01FEC]C:\Windows\Installer\95178.msi Microsoft Office Office 64-bit Components 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A20000000100000000F01FEC]C:\Windows\Installer\a9770.msi Microsoft Office OneNote MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021091A0031400000000000F01FEC]C:\Windows\Installer\9515d.msi Microsoft Office OneNote MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021091A0090400000000000F01FEC]C:\Windows\Installer\a9737.msi Microsoft Office Outlook MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A10031400000000000F01FEC]C:\Windows\Installer\95125.msi Microsoft Office PowerPoint MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109810031400000000000F01FEC]C:\Windows\Installer\9512c.msi Microsoft Office PowerPoint MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109810090400000000000F01FEC]C:\Windows\Installer\a973d.msi Microsoft Office PowerPoint Viewer 2007 (Dutch) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002159FA0031400000000000F01FEC]c:\Windows\Installer\95182.msi Microsoft Office Proof (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10031400000000000F01FEC]C:\Windows\Installer\9513b.msi Microsoft Office Proof (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10090400000000000F01FEC]C:\Windows\Installer\a975d.msi Microsoft Office Proof (French) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F100C0400000000000F01FEC]C:\Windows\Installer\a9756.msi Microsoft Office Proof (German) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10070400000000000F01FEC]C:\Windows\Installer\95140.msi Microsoft Office Proof (Spanish) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F100A0C00000000000F01FEC]C:\Windows\Installer\a974f.msi Microsoft Office Proofing (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109C20031400000000000F01FEC]C:\Windows\Installer\9514c.msi Microsoft Office Proofing (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109C20090400000000000F01FEC]C:\Windows\Installer\a9763.msi Microsoft Office Publisher MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109910031400000000000F01FEC]C:\Windows\Installer\9516d.msi Microsoft Office Shared 64-bit MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A20031400100000000F01FEC]C:\Windows\Installer\95167.msi Microsoft Office Shared 64-bit MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A20090400100000000F01FEC]C:\Windows\Installer\a9743.msi Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109611090400100000000F01FEC]C:\Windows\Installer\a9749.msi Microsoft Office Shared MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109E60031400000000000F01FEC]C:\Windows\Installer\95118.msi Microsoft Office Shared MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109E60090400000000000F01FEC]C:\Windows\Installer\a9725.msi Microsoft Office Shared Setup Metadata MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109511090400000000000F01FEC]C:\Windows\Installer\a972b.msi Microsoft Office SharePoint Designer MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109710031400000000000F01FEC]C:\Windows\Installer\95173.msi Microsoft Office Suite Activation Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\487EA05EEBAFAD641A8FB7B665CD2BE2]C:\Windows\Installer\a9927.msi Microsoft Office Word MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109B10031400000000000F01FEC]C:\Windows\Installer\95152.msi Microsoft Office Word MUI (English) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109B10090400000000000F01FEC]C:\Windows\Installer\a9769.msi Microsoft Office X MUI (Dutch) 2007 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109101031400000000000F01FEC]C:\Windows\Installer\95131.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\Windows\Installer\4acc64.msi Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D034B0FAA6BD374B960AAD30DF10D8B]C:\Windows\Installer\950fa.msi Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D756077321A70C3E844C138CE981581]c:\Windows\Installer\18a6dac.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\b25099274a207264182f8181add555d0]C:\Windows\Installer\9814bf.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\1967690.msi Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E58EC68CABDDFF39B774E7BF9389C90]c:\Windows\Installer\4b31d.msi Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D]c:\Windows\Installer\1acfa27.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]c:\Windows\Installer\2ed933.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98]c:\Windows\Installer\6d694.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\Windows\Installer\19676b7.msi Microsoft Works [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5F1F8515B1AF94D45B64555A00B498DB]c:\Windows\Installer\9517d.msi Movie Maker 6.0 for Windows 7 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\02F5937A22B28BC458014B250C4FE720]C:\Windows\Installer\6193db.msi MSVCRT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6C64DD86500CEF47BA082BB611A1FF1]C:\Windows\Installer\67094.msi MSVCRT_amd64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\52744B0D6663D294EB6F85A741DBB99D]C:\Windows\Installer\67111.msi MSXML 4.0 SP2 (KB954430) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217]c:\Windows\Installer\422bfa.msi MSXML 4.0 SP2 (KB973688) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE]c:\Windows\Installer\422c0a.msi MyWinLocker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50910386AED2EC144A4D8E4B340B99AB]C:\Windows\Installer\a9941.msi Native Instruments Controller Editor [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B00968803F2BC2545B08061F52F3F708]C:\Windows\Installer\f11fad.msi Native Instruments Guitar Rig 4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\89CFAF7CCCE5CF044B045A5DEFA3A6E6]C:\Windows\Installer\f1253f.msi Native Instruments GuitarRig Mobile IO Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\74BF039225466744FB617DF7476864BD]C:\Windows\Installer\f11fa8.msi Native Instruments Rig Kontrol 3 Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\80DA269BF5337f641A2852D77376E2C5]C:\Windows\Installer\f11f9e.msi Native Instruments Service Center [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB5658B05DAB23741B22F57DE8CF059A]C:\Windows\Installer\f11f99.msi Native Instruments Session IO Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\74BF039725466744FB617DF7476864BD]C:\Windows\Installer\f11fa3.msi NTI Backup Now Standard [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A1AFE21B3CAC344183432E7ED674030]C:\Windows\Installer\20d478.msi NTI Media Maker 8 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C039314290386A74CB16E52FA72422CB]C:\Windows\Installer\20d472.msi OpenMG Secure Module [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EA366DCCD016FDB4AA0B9E410B4425D7]C:\Windows\Installer\47851.msi PowerCinema [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\743C7362DAD96D11E92A0050D5C07A16]C:\Windows\Installer\95d52.msi QuickTime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ABFAB76BF9C4AF84496939E3B3520544]C:\Windows\Installer\13d6f53.msi Reader for PC [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BFD972D3A79D934B89E598DFA6A5826]C:\Windows\Installer\a7f0e9.msi Skype Click to Call [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7692FC6BE18C0C0489510C7547EF1F02]C:\Windows\Installer\5e795.msi SkypeT 7.5 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0AB19942EE0FDA44C98CE55CA0CE6F7B]C:\Windows\Installer\42e409.msi swMSM [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C43C21609E58D74B9C5F017D78D7262]C:\Windows\Installer\223b9.msi Windows Live Communications Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3D04254D3B6B9FF42B3445CE3E1E0066]C:\Windows\Installer\670af.msi Windows Live Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B53C70A248384AD4A95944B2C6980A37]C:\Windows\Installer\67284.msi Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26ABA8B10F47DE741BC84A13825E198B]C:\Windows\Installer\6706a.msi Windows Live Installer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F132F0B0A6ECD384AA32773B467F9571]C:\Windows\Installer\6707f.msi Windows Live Language Selector [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BC3F6BE54F64F1540A82F7D6D8537D0D]C:\Windows\Installer\6706e.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A563885D93EA72F4DBEA4B7EC2E809C0]C:\Windows\Installer\67294.msi Windows Live Mail [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A57765D93F393A44082948E08362ED03]C:\Windows\Installer\67168.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\624365A647436C148B74243BF941582B]C:\Windows\Installer\6728c.msi Windows Live Messenger [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\884FD4BEFEAAF6043A14BCA2AA13B509]C:\Windows\Installer\670f7.msi Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E08F45ADC1622A148A5545A941F4F295]C:\Windows\Installer\67072.msi Windows Live Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4314AE291D01A814191EA5403531A183]C:\Windows\Installer\67278.msi Windows Live Movie Maker [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9D4227BCACD61F34F838B6E1930AF029]C:\Windows\Installer\6729c.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0D262DB9887B64540A5A4F5FE63C38B4]C:\Windows\Installer\67288.msi Windows Live Photo Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6ACDB9A3563B764CA384963D73AFB3E]C:\Windows\Installer\670c9.msi Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0FB3B06AB459FA248B8DC2D1436B31AA]C:\Windows\Installer\67298.msi Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\766F6333940964D4896BC447E3BE5C1B]C:\Windows\Installer\671d7.msi Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DFDBABC48F94DF74EBD7CEED270725A5]C:\Windows\Installer\670bd.msi Windows Live SOXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4E3B286A696ED244AC1C470AE61874B]C:\Windows\Installer\670a5.msi Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26CEF00243C306D4C98ECE73E2100CF8]C:\Windows\Installer\670a1.msi Windows Live Sync [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9DDE91DC23612004292147874EAB4032]C:\Windows\Installer\950ff.msi Windows Live UX Platform [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E97A59ECCF4EFFF4A857920FB449F22F]C:\Windows\Installer\67076.msi Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BD4C5EB02AE8D384DB177DBE9040C0ED]C:\Windows\Installer\67280.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\076CFAAAB965F2A4284B2449E5D03EFE]C:\Windows\Installer\6719b.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\329710E78F6123E449FEA051B01D69EF]C:\Windows\Installer\672a0.msi Windows Live Writer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\60EA627A3AAA1D34783E075F0113F440]C:\Windows\Installer\6727c.msi Windows Live Writer Resources [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B144B41D477071489AE1A6376EA2681]C:\Windows\Installer\67290.msi WinZip 19.5 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\166F59DC4C5A5F446AAACEDD192C04DE]C:\Windows\Installer\2c84fc.msi ==== Checking Systemdrive for Symlinks ====================== De volumenaam van station C is Acer Het volumenummer is AC54-9471 Map van C:\ 14-07-2009 07:08 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\Program Files\Windows NT 18-04-2011 21:18 Bureau-accessoires [C:\Program Files\Windows NT\Accessories] 0 bestand(en) 0 bytes Map van C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\FPC 01-12-2014 16:26 Downloaded [C:\Users\lars\Documents\Image-Line\Data\fpc\] 0 bestand(en) 0 bytes Map van C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Harmor 01-12-2014 16:26 Downloaded [C:\Users\lars\Documents\Image-Line\Data\Harmor\] 0 bestand(en) 0 bytes Map van C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Ogun 01-12-2014 16:26 Downloaded [C:\Users\lars\Documents\Image-Line\Data\ogun\] 0 bestand(en) 0 bytes Map van C:\ProgramData 14-07-2009 07:08 Application Data [C:\ProgramData] 18-04-2011 21:18 Bureaublad [C:\Users\Public\Desktop] 14-07-2009 07:08 Desktop [C:\Users\Public\Desktop] 18-04-2011 21:18 Documenten [C:\Users\Public\Documents] 14-07-2009 07:08 Documents [C:\Users\Public\Documents] 18-04-2011 21:18 Favorieten [C:\Users\Public\Favorites] 14-07-2009 07:08 Favorites [C:\Users\Public\Favorites] 18-04-2011 21:18 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 18-04-2011 21:18 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14-07-2009 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14-07-2009 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\ProgramData\Microsoft\Windows\Start Menu 18-04-2011 21:18 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\ProgramData\Oracle\Java\javapath 16-07-2015 22:20 java.exe [C:\Program Files (x86)\Java\jre1.8.0_51\bin\java.exe] 16-07-2015 22:20 javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe] 16-07-2015 22:20 javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe] 3 bestand(en) 0 bytes Map van C:\Users 14-07-2009 07:08 All Users [C:\ProgramData] 14-07-2009 07:08 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 14-07-2009 07:08 Application Data [C:\ProgramData] 18-04-2011 21:18 Bureaublad [C:\Users\Public\Desktop] 14-07-2009 07:08 Desktop [C:\Users\Public\Desktop] 18-04-2011 21:18 Documenten [C:\Users\Public\Documents] 14-07-2009 07:08 Documents [C:\Users\Public\Documents] 18-04-2011 21:18 Favorieten [C:\Users\Public\Favorites] 14-07-2009 07:08 Favorites [C:\Users\Public\Favorites] 18-04-2011 21:18 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 18-04-2011 21:18 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14-07-2009 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14-07-2009 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Microsoft\Windows\Start Menu 18-04-2011 21:18 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Oracle\Java\javapath 16-07-2015 22:20 java.exe [C:\Program Files (x86)\Java\jre1.8.0_51\bin\java.exe] 16-07-2015 22:20 javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe] 16-07-2015 22:20 javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe] 3 bestand(en) 0 bytes Map van C:\Users\Default 14-07-2009 07:08 Application Data [C:\Users\Default\AppData\Roaming] 14-07-2009 07:08 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 14-07-2009 07:08 Local Settings [C:\Users\Default\AppData\Local] 18-04-2011 21:18 Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 18-04-2011 21:18 Mijn documenten [C:\Users\Default\Documents] 14-07-2009 07:08 My Documents [C:\Users\Default\Documents] 14-07-2009 07:08 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 18-04-2011 21:18 Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14-07-2009 07:08 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14-07-2009 07:08 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14-07-2009 07:08 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 18-04-2011 21:18 Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 14-07-2009 07:08 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14-07-2009 07:08 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 14-07-2009 07:08 Application Data [C:\Users\Default\AppData\Local] 18-04-2011 21:18 Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14-07-2009 07:08 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14-07-2009 07:08 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 18-04-2011 21:18 Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 18-04-2011 21:18 Mijn afbeeldingen [C:\Users\Default\Pictures] 18-04-2011 21:18 Mijn muziek [C:\Users\Default\Music] 18-04-2011 21:18 Mijn video's [C:\Users\Default\Videos] 14-07-2009 07:08 My Music [C:\Users\Default\Music] 14-07-2009 07:08 My Pictures [C:\Users\Default\Pictures] 14-07-2009 07:08 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\lars 18-04-2011 21:19 Application Data [C:\Users\lars\AppData\Roaming] 18-04-2011 21:19 Cookies [C:\Users\lars\AppData\Roaming\Microsoft\Windows\Cookies] 18-04-2011 21:19 Local Settings [C:\Users\lars\AppData\Local] 18-04-2011 21:19 Menu Start [C:\Users\lars\AppData\Roaming\Microsoft\Windows\Start Menu] 18-04-2011 21:19 Mijn documenten [C:\Users\lars\Documents] 18-04-2011 21:19 NetHood [C:\Users\lars\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 18-04-2011 21:19 Netwerkprinteromgeving [C:\Users\lars\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 18-04-2011 21:19 Recent [C:\Users\lars\AppData\Roaming\Microsoft\Windows\Recent] 18-04-2011 21:19 SendTo [C:\Users\lars\AppData\Roaming\Microsoft\Windows\SendTo] 18-04-2011 21:19 Sjablonen [C:\Users\lars\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\lars\AppData\Local 18-04-2011 21:19 Application Data [C:\Users\lars\AppData\Local] 18-04-2011 21:19 Geschiedenis [C:\Users\lars\AppData\Local\Microsoft\Windows\History] 18-04-2011 21:19 Temporary Internet Files [C:\Users\lars\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\lars\AppData\LocalLow 01-01-2014 21:35 PlayReady [C:\ProgramData\Microsoft\PlayReady] 0 bestand(en) 0 bytes Map van C:\Users\lars\AppData\Roaming\Microsoft\Windows\Start Menu 18-04-2011 21:19 Programma's [C:\Users\lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\lars\Documents 18-04-2011 21:19 Mijn afbeeldingen [C:\Users\lars\Pictures] 18-04-2011 21:19 Mijn muziek [C:\Users\lars\Music] 18-04-2011 21:19 Mijn video's [C:\Users\lars\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 18-04-2011 21:18 Mijn afbeeldingen [C:\Users\Public\Pictures] 18-04-2011 21:18 Mijn muziek [C:\Users\Public\Music] 18-04-2011 21:18 Mijn video's [C:\Users\Public\Videos] 14-07-2009 07:08 My Music [C:\Users\Public\Music] 14-07-2009 07:08 My Pictures [C:\Users\Public\Pictures] 14-07-2009 07:08 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Map van C:\Windows\System32\config\systemprofile 19-06-2011 16:53 Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming] 19-06-2011 16:53 Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies] 19-06-2011 16:53 Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local] 19-06-2011 16:53 Menu Start [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu] 19-06-2011 16:53 Mijn documenten [C:\Windows\system32\config\systemprofile\Documents] 19-06-2011 16:53 NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 19-06-2011 16:53 Netwerkprinteromgeving [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 19-06-2011 16:53 Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent] 19-06-2011 16:53 SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo] 19-06-2011 16:53 Sjablonen [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Windows\System32\config\systemprofile\AppData\Local 19-06-2011 16:53 Application Data [C:\Windows\system32\config\systemprofile\AppData\Local] 19-06-2011 16:53 Geschiedenis [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History] 19-06-2011 16:53 Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu 19-06-2011 16:53 Programma's [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Windows\System32\config\systemprofile\Documents 19-06-2011 16:53 Mijn afbeeldingen [C:\Windows\system32\config\systemprofile\Pictures] 19-06-2011 16:53 Mijn muziek [C:\Windows\system32\config\systemprofile\Music] 19-06-2011 16:53 Mijn video's [C:\Windows\system32\config\systemprofile\Videos] 0 bestand(en) 0 bytes Map van C:\Windows\SysWOW64\config\systemprofile 19-06-2011 16:53 Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming] 19-06-2011 16:53 Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies] 19-06-2011 16:53 Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local] 19-06-2011 16:53 Menu Start [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu] 19-06-2011 16:53 Mijn documenten [C:\Windows\system32\config\systemprofile\Documents] 19-06-2011 16:53 NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 19-06-2011 16:53 Netwerkprinteromgeving [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 19-06-2011 16:53 Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent] 19-06-2011 16:53 SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo] 19-06-2011 16:53 Sjablonen [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Windows\SysWOW64\config\systemprofile\AppData\Local 19-06-2011 16:53 Application Data [C:\Windows\system32\config\systemprofile\AppData\Local] 19-06-2011 16:53 Geschiedenis [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History] 19-06-2011 16:53 Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu 19-06-2011 16:53 Programma's [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Windows\SysWOW64\config\systemprofile\Documents 19-06-2011 16:53 Mijn afbeeldingen [C:\Windows\system32\config\systemprofile\Pictures] 19-06-2011 16:53 Mijn muziek [C:\Windows\system32\config\systemprofile\Music] 19-06-2011 16:53 Mijn video's [C:\Windows\system32\config\systemprofile\Videos] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 6 bestand(en) 0 bytes 114 map(pen) 105.575.698.432 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) ęTorrent 7-Zip 9.20 (x64 edition) Ableton Live 9 Suite Adblock Plus voor IE (32-bit en 64-bit) Adobe Flash Player 18 ActiveX Adobe Flash Player 18 NPAPI Adobe Reader XI (11.0.12) - Nederlands Adobe Refresh Manager ArcSoft TotalMedia Extreme Avast Free Antivirus CCleaner Command & ConquerT Red AlertT 3 Uprising Compatibiliteitspakket voor het 2007 Microsoft Office system Dropbox DV Ts Free YouTube Download version 3.2.54.219 Google Chrome Google Update Helper Hema Fotoalbum Java 8 Update 31 Java 8 Update 51 Java Auto Updater LAME v3.99.3 (for Windows) Malwarebytes Anti-Malware versie 2.1.8.1057 Microsoft .NET Framework 4.5.1 (Nederlands) Microsoft .NET Framework 4.5.1 (NLD) Microsoft .NET Framework 4.5.2 Microsoft Access 2000 Runtime Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office Home and Student 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Language Pack 2007 - Dutch/Nederlands Microsoft Office O MUI (Dutch) 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (Dutch) Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (Dutch) 2007 Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) Microsoft Office SharePoint Designer MUI (Dutch) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (Dutch) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office X MUI (Dutch) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Movie Maker 6.0 for Windows 7 (64-bit) Mp3tag v2.66 Reader for PC Red Alert 3.03p-Iran Security Update for Microsoft .NET Framework 4.5.2 (KB3023224) Security Update for Microsoft .NET Framework 4.5.2 (KB3035490) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2883029) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2920795) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2965282) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2863812) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965208) 32-Bit Edition Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB2965210) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2965281) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2965283) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB3054996) 32-Bit Edition Shockwave Director 10.2 SkypeT 7.5 Spybot - Search & Destroy Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) VLC media player Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip 19.5 ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\lars\Documents\Add-in Express deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3002 MB CPU Info: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz CPU Speed: 639,9 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Mobile Intel(R) 4 Series Express Chipset Family | Mobile Intel(R) 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR8132 PCI-E Fast Ethernet Controller (NDIS 6.20) | Broadcom 802.11n-netwerkadapter CD / DVD Drives: 2x (D: | E: | ) D: SlimtypeDVD A DS8A4SH | E: DTSOFT BDROM Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 286,0GB Hard Disks - Free: C: 98,2GB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 12/16/09 | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer Aspire 7715Z Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Spybot - Search and Destroy disabled (Outdated) Anti-Spyware: avast! Antivirus disabled (Outdated) Internet Explorer Version: 11.0.9600.17914 Google Chrome version: 43.0.2357.134 Adobe Reader version: 11.0.12.18 Sun Java version: 1.8.0_51 (32-bit) Sun Java version: 1.8.0_51 (64-bit) Flash Player version: 18.0.0.209 Shockwave Player version: 12.0.7r148 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\lars\AppData\Local\Temp ==== 2015-07-17 07:22:01 B8C997E772BE343E1664FEE14C1FB9B7 28849904 ----a-w- C:\Users\lars\AppData\Local\Temp\vlc-2.2.1-win32.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-07-16 21:57:04 6E91F67335D57DDFFE798C815444B0E3 210432 ----a-w- C:\Windows\SysWOW64\cewmdm.dll 2015-07-16 21:57:00 E2A2B221A47271DD4176FB9B93F670E6 93184 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2015-07-16 21:57:00 CBC91E2E6158358E82D153D811B73C38 30208 ----a-w- C:\Windows\SysWOW64\wups.dll 2015-07-16 21:57:00 7F13188A9656355F664313334971DA22 173056 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2015-07-16 21:57:00 1728A7831E95BCEEEA3F0D07AE6F74EE 566784 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2015-07-16 21:57:00 13810657EE732C2F5453C0C877FD5DB2 34816 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2015-07-16 21:56:42 143046AC227C193B5B2E0E20BC0CF1DD 312320 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2015-07-16 21:56:12 31165F9D71D3C249AB97FBAE55DE4B49 4520448 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-07-16 21:56:10 3D73FC0D0997DA1EF6F705EF9936AB20 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-07-16 21:55:58 116F506573B59B85CD0DC18527E9951A 19877376 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-07-16 21:55:56 AFAEB9E4269846C64DC9721B1BFA5CEC 12855296 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-07-16 21:55:56 37BC6BC6CFC38A6202B28459F7CCE4CD 479232 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-07-16 21:55:56 05CA106A1B68770BDABB9AA7AEAE516A 1310720 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-07-16 21:55:55 4E4B3CAC5C62415AF5C6B0167A376EB8 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-07-16 21:55:51 8EDF7B6D3A563DAA06DD87053C734168 2279424 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-07-16 21:55:47 E42BB0E02C8F6C8D1CCBFE6AB8EB199F 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-07-16 21:55:47 E3883C13DB4D19E29095C9F4BC27B755 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-07-16 21:55:46 D503616B296B869486AA84D6DB8FB6A5 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-07-16 21:55:46 1A04239A054D810CF32C46F2B70C47B7 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-07-16 21:55:45 E8F3572F002B556D19AC3AE4A11CAC2E 342736 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-07-16 21:55:45 87E5B70C9F0DE7E3D620E1E3A60AA274 504320 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-07-16 21:55:45 019019007E6980EACAC80DE04B5D330A 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-07-16 21:55:44 95C40DFE3B3CFCEBA2DF9E493945A7B5 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-07-16 21:55:44 18465944F711AD3FDE58675C3C42FA99 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-07-16 21:55:42 CC044CFF6018AD0368AF3A8149721407 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-07-16 21:55:42 442DB5B16073DE2E79E1912D0B77F343 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-07-16 21:55:42 2CC6836C44C84583386702468125654F 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-07-16 21:55:41 81ED1F775E5DDBE990D9C3AFF507DAC2 664064 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-07-16 21:55:40 E475D4B65088F4F7FABF7D427CD3D30E 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-07-16 21:55:40 43CF584D989A4A0EA6B5D3EBFAD260B7 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-07-16 21:55:40 0CB44ADB09C5BE7CE9D1D1F04E909067 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-07-16 21:55:36 0DE5FE06603CF80238EFD9D67AB45A56 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-07-16 21:55:35 72D524ED31A2FBA7432801361CE41FC3 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-07-16 21:55:35 63B01F72FD727D5736DBEF54174D8F93 1951232 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-07-16 21:55:35 17DFCBA042195666632C889E04913E19 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2015-07-16 21:55:22 4548507ED3C17DB4739DBBEAF6378004 1414656 ----a-w- C:\Windows\SysWOW64\ole32.dll 2015-07-16 21:55:11 F4AFDB5ABEA0C9079E8193E24D1DB21D 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2015-07-16 21:55:11 D864C283FFD7C080FDC25FD4C798FF8D 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll 2015-07-16 21:55:11 588D52C2D0E60EE71FD5A64407865B10 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll 2015-07-16 21:55:11 33F67BBCC3C0499D3F3382473114CFA8 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2015-07-16 21:54:38 E344031017D52F5F1A4C759A815625CC 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-07-16 21:54:38 4466D67AC240FE1CCCB32BE743BCB488 552960 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-07-16 21:54:37 02CD86D59807467D065F521BE81BB858 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2015-07-16 21:54:36 E97B4515FC3846CB5C6853C40E71EF28 36864 ----a-w- C:\Windows\SysWOW64\cryptbase.dll 2015-07-16 21:54:36 CA017983095846BFCFBE9C02B40958B3 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-07-16 21:54:36 98226182583DF1715F1BE6CCEA6E8D95 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-07-16 21:54:36 393FDE87F56A8E98AC1B37ADB2181332 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-07-16 21:54:35 E6F375BAA4F839592627DA3E95BF3977 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-07-16 21:54:35 A719B9156A6DCDBACC201D9163AFF8D1 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-07-16 21:54:35 A41BF25E4F145E1BC00445B6421B9E11 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-07-16 21:54:35 96741CBB4CC3638A2BCB11F93B92B738 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-07-16 21:54:35 81E207D09B2A7723A549EFB34B47C7EA 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-07-16 21:54:35 6AE6E08938D5BA9D8BA305506620B48D 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-07-16 21:54:35 2E8C9C3223E05F4B42FB89C03DD09C1D 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-07-16 21:54:35 2B4A31319D74B3D3407AB64942B7FF32 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-07-16 21:54:15 D7C4ABB0F1FFA371928EED0C7A6E24DC 2364416 ----a-w- C:\Windows\SysWOW64\msi.dll 2015-07-16 21:54:14 7B4277F9E9F48D5D8E6AEA341F8048E8 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll 2015-07-16 21:54:13 F61A069A5517F85662ED9A6C5AD5445A 73216 ----a-w- C:\Windows\SysWOW64\msiexec.exe 2015-07-16 21:54:13 C08582E7F8EA706A2D4A3C7BD5AC35C1 337408 ----a-w- C:\Windows\SysWOW64\msihnd.dll 2015-07-16 21:54:13 A344B1EFA7DB86AE1407039CD596FB1E 25088 ----a-w- C:\Windows\SysWOW64\msimsg.dll 2015-07-16 21:53:54 E5D33416F2BA5E11C11215439DD3BF23 299008 ----a-w- C:\Windows\SysWOW64\atmfd.dll 2015-07-16 21:53:54 B1BD587DE3E077CBB9F749C2CC3B8D6C 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll 2015-07-16 21:53:54 94815184BAAB8518F4027E92C6025505 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll 2015-07-16 21:53:54 5945A57802C6641478AF680FF839287E 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll 2015-07-16 21:53:54 4644A3B2AFDDAEA57C3EC30F8D079E54 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll 2015-07-16 21:08:02 EA6F7E1F14B89F6EE1F486DCE82D1CB1 18524336 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-07-16 21:57:05 60696836CAD56F1B47059E1BA739787D 254976 ----a-w- C:\Windows\Sysnative\cewmdm.dll 2015-07-16 21:57:00 F56E83C1EFEDEF919033CBFF071602B6 36864 ----a-w- C:\Windows\Sysnative\wups.dll 2015-07-16 21:57:00 D79E3C2D45315ADCAA267A05355DFBF5 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll 2015-07-16 21:57:00 84CEF9B2D8ED8006B3975DC1D8109B3D 696320 ----a-w- C:\Windows\Sysnative\wuapi.dll 2015-07-16 21:57:00 80381DD7C4797A601E59F8E001B46793 3154944 ----a-w- C:\Windows\Sysnative\wucltux.dll 2015-07-16 21:57:00 3F9239D5F65F1318A53EBAEC01C092F1 139776 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2015-07-16 21:57:00 3EDB01024BA86C5B4D2CB307DC5D3AC0 37376 ----a-w- C:\Windows\Sysnative\wuapp.exe 2015-07-16 21:57:00 2896A06239E19379CE44FAFCDB1675B1 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll 2015-07-16 21:57:00 00DCC688DF459A9FEE42C7397668C62B 98304 ----a-w- C:\Windows\Sysnative\wudriver.dll 2015-07-16 21:57:00 00383E521D3D039968B92A0998BA76FD 37888 ----a-w- C:\Windows\Sysnative\wups2.dll 2015-07-16 21:56:59 BC80574FF264848F8613A3F6F7AF7642 192000 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2015-07-16 21:56:59 AA3E844A2595B1AA5825C70CA50D963E 2603008 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2015-07-16 21:56:53 F6D23F6707CAEA235E4C84A4AC87EB2A 3180544 ----a-w- C:\Windows\Sysnative\rdpcorets.dll 2015-07-16 21:56:52 960D313FFBC9C4C14D9DFDB1FEB21CBD 16384 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll 2015-07-16 21:56:51 C4EA3D63E8BF077ECD1E93BF6556AE99 3207168 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-07-16 21:56:46 EFFFE1C77ACCE66C82CCFD18A9687F48 404992 ----a-w- C:\Windows\Sysnative\gdi32.dll 2015-07-16 21:56:14 837BD6BB879405B416A4326C8B723D83 5923840 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-07-16 21:56:14 2A795629E0746D82A229A01EEE75FCE5 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-07-16 21:55:57 FC165889E97E37BCB55C5B79BEB3D331 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-07-16 21:55:55 78E4D3781E5632BA88E5153510BEB625 1545728 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-07-16 21:55:54 6A70888EEC05B45C8990E8977C480019 14453248 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-07-16 21:55:54 120E3CE08505A9637CAB72D35A2D2E8C 615936 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-07-16 21:55:53 D74E2BE157B8A2A9CF29BEBB052B8A42 25193984 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-07-16 21:55:51 41D59904967A4033FB4497DCED7320AD 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-07-16 21:55:46 A51BF63E9EA6DDED50A69797EAD23576 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-07-16 21:55:46 50AAC6B4AFD93060456134A29C35FB1E 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-07-16 21:55:45 44D98BF1ED7B520602A55446E28D8840 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-07-16 21:55:45 3A46FC42EDE2021399FCD9E4A7A406F8 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-07-16 21:55:44 4887D79B5CE61A00FCC5C53AA2216007 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-07-16 21:55:42 7EEC52D1B800230A4E8EC81B92D61118 389832 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-07-16 21:55:41 DAECFA33350D863D49157506587D5EF8 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-07-16 21:55:40 80E899C111219316B94BBA72FAFF7D11 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-07-16 21:55:39 BCE51D1B0F7BC8977CDAECD24A0D4C88 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-07-16 21:55:39 434CBA59035C4F3A02E5AB92FD6C816B 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-07-16 21:55:38 BB33A140CA61A22B5882486881E2191A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-07-16 21:55:38 AF3D4DA49A9C9C9778953CE9D7470C11 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-07-16 21:55:37 58243D92748201D38AACDAEA22527412 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-07-16 21:55:36 B5164F4515C4BC4F45FBF5B3A99685C0 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-07-16 21:55:35 9B9D2B99A865CB3B9BAA9BE77A300680 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-07-16 21:55:35 142D20CA55870589B009D53C37C0B75C 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-07-16 21:55:34 4024752E6B341B07F3823B7DA72C45D2 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-07-16 21:55:33 F30702F2607AEE462A6AB8715E72FC03 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-07-16 21:55:33 796A89701B2560FF453FF08FF941A169 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-07-16 21:55:33 74F367C596EEF3106EBC65625F04C807 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-07-16 21:55:31 E066FDC3A2074D926903B8C31EF3B347 2427392 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-07-16 21:55:31 C95EE658B7816B3588418E948EF55F83 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-07-16 21:55:31 88E26FC9F8BDE0635F379BB8FE6BFFF1 417792 ----a-w- C:\Windows\Sysnative\html.iec 2015-07-16 21:55:30 8DA3623D372E5147914973383D998980 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-07-16 21:55:23 E3EB94B45A2735D4559558B5899732E8 2087424 ----a-w- C:\Windows\Sysnative\ole32.dll 2015-07-16 21:55:11 C5752F5CE47B6B00F914AE91087C0CB4 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll 2015-07-16 21:55:11 7EE0A3B9E904AF4744E4D8F00CB5CA32 140288 ----a-w- C:\Windows\Sysnative\cryptnet.dll 2015-07-16 21:55:11 7BC3E861F7E8EB543A630090FAE779E0 188416 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2015-07-16 21:55:11 71187FA11F58012C188453877E16EB8B 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll 2015-07-16 21:54:39 F66102F990EE913261ED7907403718ED 729088 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-07-16 21:54:39 A66FF313F2F8A6CBF9BB2B0CC92D5ACD 1216512 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2015-07-16 21:54:39 750C44D6F7A708F0C6618F075A0A68A7 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-07-16 21:54:38 D5844B744F7BAF826965DD634FF8DB00 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-07-16 21:54:36 E8560BC8E1B85A5A081AEF43626187B1 44032 ----a-w- C:\Windows\Sysnative\cryptbase.dll 2015-07-16 21:54:36 9F2CCDE3F30C224C082984B6F95D3D95 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-07-16 21:54:36 9EA6DA45B95599C27B1661C1D99307D7 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-07-16 21:54:36 48A88348F1539CC7C8CB4E032DD79DAA 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-07-16 21:54:36 3B96392CBE54FF44BEAEB0B4BCC65487 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-07-16 21:54:36 09730D830B2B69B626817F4A95945308 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-07-16 21:54:35 F01A58E45BB8E28CCE6BCF272FF0F9A8 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-07-16 21:54:35 EEB192537935BB12A998CAB8F5A07E78 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-07-16 21:54:35 C3F6A9A41CC8591EF0370708E54DE474 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-07-16 21:54:35 C3F0594AF92FE71B13A44177FDB80784 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-07-16 21:54:35 B1D191D0EDEB86197A5FD5030B65420F 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-07-16 21:54:35 97D879A884E7CDFED51AD63348A35254 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-07-16 21:54:35 7C26CACB82ECA09874B984B155B06AD4 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-07-16 21:54:35 55750A7588D91B102EB17E69BFF2AAF1 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-07-16 21:54:16 D9A91A779B5059E72D7FAD2B38275EA4 3242496 ----a-w- C:\Windows\Sysnative\msi.dll 2015-07-16 21:54:16 5489E74E56C0255159C8AE2C70744458 1941504 ----a-w- C:\Windows\Sysnative\authui.dll 2015-07-16 21:54:14 81CB8D34112178CE1826C86BA5F268C3 128000 ----a-w- C:\Windows\Sysnative\msiexec.exe 2015-07-16 21:54:14 0D9514850CC3A99A6600643F2888858B 112064 ----a-w- C:\Windows\Sysnative\consent.exe 2015-07-16 21:54:13 CDAD406033C31DB34185DDAECDD35FE2 504320 ----a-w- C:\Windows\Sysnative\msihnd.dll 2015-07-16 21:54:13 978DC0A1FBE9CC91B21B40AF66CB396A 70656 ----a-w- C:\Windows\Sysnative\appinfo.dll 2015-07-16 21:54:13 91593D4FB7D89249014564A5F3EC389B 25088 ----a-w- C:\Windows\Sysnative\msimsg.dll 2015-07-16 21:54:03 782C216AFEE0561680706698F70B2A93 1085440 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-07-16 21:54:03 5D507961F680D0A0392CC5EB6515E70A 726528 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-07-16 21:54:02 D236055773550118989C0C81CBE79A29 765440 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-07-16 21:54:02 658B5EC540CD94D76889D0E8390B1C04 433664 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-07-16 21:54:02 474EA5201E3883F747D540D3EF57C1F2 1145856 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-07-16 21:54:00 BBA5CB528CB7482E118D0FEAF808987A 17856 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2015-07-16 21:54:00 5663847B3DCC8382B1D1F1EEB4A92994 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2015-07-16 21:54:00 0919F433ED64E6CD1912C016F1E80BE7 67584 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-07-16 21:53:54 AE7E9E9581E2B874348A0DF38AD04722 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll 2015-07-16 21:53:54 690FE1D790C8C7E94EAA55B669BC5CE0 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll 2015-07-16 21:53:54 44F32DF903B984B4C6A164E99A39FC58 372224 ----a-w- C:\Windows\Sysnative\atmfd.dll 2015-07-16 21:53:54 373CB9C184589E3BE07412DFD5DF3D4F 41984 ----a-w- C:\Windows\Sysnative\lpk.dll 2015-07-16 21:53:54 2C4AD63E4D89661C9FED77E81053735D 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll ====== C:\Windows\Sysnative\drivers ===== 2015-07-16 21:54:38 45A03A0B6461EFBEE77E0A6AC2816EDA 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2015-07-16 21:54:38 21AF322605D8C7F2A627C22634D1C9C9 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2015-07-16 21:54:38 1877EB1495CFBDAB27D6A32F6DDF3818 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2015-07-16 21:54:37 7A7328E427694CC7244235C3BC299F80 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-07-16 21:54:36 C0A6C3D6E02B61B5D100FE17306C276F 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== 2015-06-23 07:58:45 942FD03D8A5A9AAA2FB3FC2F10186FCE 3988 ----a-w- C:\Windows\Sysnative\Tasks\DropboxUpdateTaskUserS-1-5-21-2174174032-3893959350-3827641703-1001UA 2015-06-23 07:58:45 69B9849C68225966877993674BE56A16 1020 ----a-w- C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2174174032-3893959350-3827641703-1001UA.job 2015-06-23 07:58:39 DC6E5061F85258B0F57301A002C2E3AA 3592 ----a-w- C:\Windows\Sysnative\Tasks\DropboxUpdateTaskUserS-1-5-21-2174174032-3893959350-3827641703-1001Core 2015-06-23 07:58:34 8E1B3389AC938D09C62BD3F1B8AA67F8 968 ----a-w- C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2174174032-3893959350-3827641703-1001Core.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-07-17 08:34:03 -------- d-----w- C:\Program Files\trend micro 2015-07-13 07:27:13 -------- d-----w- C:\Program Files\WinZip ======= C:\PROGRA~2 ===== 2015-07-16 20:19:39 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\lars\AppData\Roaming ====== 2015-07-16 22:22:00 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-07-16 22:22:00 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-07-16 22:22:00 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-07-16 22:22:00 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-07-16 22:21:59 -------- d-----w- C:\Users\lars\AppData\Local\Temp 2015-07-13 07:43:42 -------- d-----w- C:\Users\lars\AppData\Roaming\WinZip 2015-07-13 07:28:02 -------- d-----w- C:\Users\lars\AppData\Local\WinZip 2015-07-09 16:05:13 -------- d-----w- C:\Users\lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-06-23 07:58:28 -------- d-----w- C:\Users\lars\AppData\Local\Dropbox ====== C:\Users\lars ====== 2015-07-17 08:33:09 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\lars\Downloads\RSITx64.exe 2015-07-16 19:37:30 09B6F6FCCC35DBAFCB38CB3751FA7C2F 2248704 ----a-w- C:\Users\lars\Downloads\adwcleaner_4.208.exe 2015-07-13 07:28:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2015-07-13 07:28:01 -------- d-----w- C:\ProgramData\WinZip 2015-07-13 07:25:55 -------- d-----w- C:\ProgramData\UniqueId 2015-07-08 08:44:38 ACBB9DCD415C7272FEEB570B6596DDB7 6565736 ----a-w- C:\Users\lars\Downloads\ccsetup507.exe 2015-06-30 15:36:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc 2015-06-23 07:58:28 -------- d-----w- C:\ProgramData\Dropbox ====== C: exe-files == 2015-07-17 08:34:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\lars.exe 2015-07-17 08:33:09 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\lars\Downloads\RSITx64.exe 2015-07-17 07:22:01 B8C997E772BE343E1664FEE14C1FB9B7 28849904 ----a-w- C:\Users\lars\AppData\Local\Temp\vlc-2.2.1-win32.exe 2015-07-16 21:55:56 26492D0AE6279B60A3801EDBE3CB794C 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2015-07-16 21:55:55 3698C298719803F6502612D651A852B2 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2015-07-16 21:55:45 8EA2ED812E996D95DE37CD2CE3158C2C 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2015-07-16 21:55:42 C899B9E60D663BE24B35EFBC29192A7C 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2015-07-16 21:55:42 A7B6589F92C9CB498CDBA42EBEB23EE4 815312 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2015-07-16 21:55:36 D295049B06D31020A88B170445123D33 814280 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-07-16 20:26:36 86731DC801EDB96D804B1BA2BEBD36D5 42829392 ----a-w- C:\Program Files (x86)\Google\Update\Install\{C1A9F741-7968-4E84-8FD8-E5927EF20D8A}\43.0.2357.134_chrome_installer.exe 2015-07-16 20:26:33 86731DC801EDB96D804B1BA2BEBD36D5 42829392 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.134\43.0.2357.134_chrome_installer.exe 2015-07-16 20:11:03 C4B3393396204E759E6EDFF92A9CAA50 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\tnameserv.exe 2015-07-16 20:11:03 5E1561548895218973EB5C833D96BD60 159328 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\unpack200.exe 2015-07-16 20:11:02 8516D08420A7AB22A9B722FAF631E320 50784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssvagent.exe 2015-07-16 20:10:37 F3D19B026E09B8150D9FF40D537C8F2A 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\rmid.exe 2015-07-16 20:10:37 8B09EF707CE0895D5478300CC2CE90DB 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\rmiregistry.exe 2015-07-16 20:10:37 56C175D9B0D7EE7D1DA92B8D8A12772A 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\servertool.exe 2015-07-16 20:10:36 EF442149A0502661D49628A66A69F33C 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\policytool.exe 2015-07-16 20:10:36 76BD4372DD5C5A316F64D562C2404BF8 15968 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\orbd.exe 2015-07-16 20:10:36 46AD9258E9B6EA56AFC8723CEFDF8425 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\pack200.exe 2015-07-16 20:10:35 D50189686D9D144CB4EC807652640FC0 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\ktab.exe 2015-07-16 20:10:35 B5AA17A9ACE57080909B9CB47CD74C39 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\kinit.exe 2015-07-16 20:10:35 235015745A6A6FE26BCDA8F227C9132B 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\klist.exe 2015-07-16 20:10:34 6790CB3F51E280A2A3EEAA3C5BD58EFF 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\keytool.exe 2015-07-16 20:10:32 0CFCEE90C8711D4DEAD9EC7046918A45 77920 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2launcher.exe 2015-07-16 20:10:31 547F9D4CB6FAAC8E941F1689D5555CDB 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jjs.exe 2015-07-16 20:10:28 BC66611222047778694C7650B7814978 68192 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javacpl.exe 2015-07-16 20:10:28 9A474C07C5242EF2AE12FF6BF387F334 273504 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaws.exe 2015-07-16 20:10:28 4E022C0940633A9538892CB26B65BD0D 191584 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe 2015-07-16 20:10:27 F52607E7F53DA8FE1C4A3C1F11CE2AE7 15456 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\java-rmi.exe 2015-07-16 20:10:27 E7ABC6445E6A2F1EDE5F8BB082ECEEA1 30304 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\jabswitch.exe 2015-07-16 20:10:27 A4D1AC4078F1A819ECECC546F64907A1 190560 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\bin\java.exe 2015-07-16 19:51:13 D7E523E6F4C911EDFF6A8325ACAEE56C 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe 2015-07-16 19:51:13 93EE27EEA252951660682E891B72D7F5 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateWebPlugin.exe 2015-07-16 19:51:13 81A1D591D429FF81D443A993B9B91301 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateBroker.exe 2015-07-16 19:51:12 C42B77A66A4B794A56DFCD2FBEA5AD01 931408 ----a-w- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateSetup.exe 2015-07-16 19:51:03 FC8EE235C4F75C96907C25EF1349CB81 130888 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateComRegisterShell64.exe 2015-07-16 19:51:02 92D840650F95EB60659952AEECAFCE85 305992 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe 2015-07-16 19:51:02 54FB3B0B29F76E839C648D2F5983A22C 245576 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe 2015-07-16 19:50:42 C6FF00DA1605982E616C03BE809FFE2D 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdate.exe 2015-07-16 19:50:33 C42B77A66A4B794A56DFCD2FBEA5AD01 931408 ----a-w- C:\Program Files (x86)\Google\Update\Install\{C8E85ABB-E5EF-49A7-97FA-4EAABD05D730}\GoogleUpdateSetup.exe 2015-07-16 19:50:33 C42B77A66A4B794A56DFCD2FBEA5AD01 931408 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.1\GoogleUpdateSetup.exe 2015-07-16 19:37:30 09B6F6FCCC35DBAFCB38CB3751FA7C2F 2248704 ----a-w- C:\Users\lars\Downloads\adwcleaner_4.208.exe 2015-07-14 20:47:40 E06EB83F9B05760B54FAEA13063C5833 1080912 ----a-w- C:\Program Files (x86)\Google\Update\Install\{3499659A-CB96-40D9-900E-F6CE9A945B52}\43.0.2357.134_43.0.2357.132_chrome_updater.exe 2015-07-14 20:47:40 E06EB83F9B05760B54FAEA13063C5833 1080912 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.134\43.0.2357.134_43.0.2357.132_chrome_updater.exe === C: other files == 2015-07-16 21:56:51 C4EA3D63E8BF077ECD1E93BF6556AE99 3207168 ----a-w- C:\Windows\System32\win32k.sys 2015-07-16 21:54:38 45A03A0B6461EFBEE77E0A6AC2816EDA 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2015-07-16 21:54:38 21AF322605D8C7F2A627C22634D1C9C9 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2015-07-16 21:54:38 1877EB1495CFBDAB27D6A32F6DDF3818 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2015-07-16 21:54:37 7A7328E427694CC7244235C3BC299F80 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-07-16 21:54:36 C0A6C3D6E02B61B5D100FE17306C276F 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-07-16 20:11:05 5F7B14A65C88D4AEB0E3DF49C6A0941F 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_51\lib\deploy\ffjcext.zip 2015-07-13 07:23:08 649076EFFF3F50AE865D84AABED32D90 2944767 ----a-w- C:\Users\lars\Downloads\Dollarphotoclub_64329421.zip ======== System Restore Points ======== RP542: 14-7-2015 11:46:49 - End of disinfection RP543: 14-7-2015 22:50:46 - Windows Update RP544: 16-7-2015 22:23:19 - zoek.exe restore point RP545: 17-7-2015 7:29:10 - Windows Update ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2174174032-3893959350-3827641703-1001\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Dropbox Update"="C:\Users\lars\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui" "Reader Application Helper"="C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Dropbox Update"="C:\Users\lars\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" "Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "mwlDaemon"="C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeDeluxeAgent] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcadeDeluxeAgent" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\Acer Arcade Deluxe\\ArcadeDeluxeAgent.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcSoft Connection Service] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ArcSoft Connection Service" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CONNECTScheduler] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CONNECTScheduler" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Sony\\CONNECTAutoUpdate\\CONNECTScheduler.exe\" /RUN_SCHEDULER" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecLiveUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecLiveUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec Egis Software Update\\EgisUpdate.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlayMovie] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PlayMovie" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\PlayMovie\\PMVService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Reader Application Helper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Reader Application Helper" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Sony\\ReaderDesktop\\appHelper\\ReaderAppHelper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SDTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\lars\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk" "backup"="C:\\Windows\\pss\\Adobe Gamma Loader.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma Loader" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CONNECTAUTrayApp.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\CONNECTAUTrayApp.lnk" "backup"="C:\\Windows\\pss\\CONNECTAUTrayApp.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\Sony\\CONNEC~1\\CONNEC~3.EXE " "item"="CONNECTAUTrayApp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\FAH.lnk" "backup"="C:\\Windows\\pss\\FAH.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\WinZip\\FAH\\FAHCON~1.EXE " "item"="FAH" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Preloader.lnk" "backup"="C:\\Windows\\pss\\WinZip Preloader.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~1\\WinZip\\WZPREL~1.EXE " "item"="WinZip Preloader" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [16-07-2015 23:10] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2174174032-3893959350-3827641703-1001Core.job --a------ C:\Users\lars\AppData\LoC:al\Dropbox\Update\DropboxUpdate.exe [] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2174174032-3893959350-3827641703-1001UA.job --a------ C:\Users\lars\AppData\Local\Dropbox\Update\DropboxUpdate.exe [23-06-2015 09:58] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05-12-2014 13:30] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05-12-2014 13:30] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2174174032-3893959350-3827641703-1001Core" [C:\Users\lars\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2174174032-3893959350-3827641703-1001UA" [C:\Users\lars\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Halo 2 for Vista restart" [C:\Program Files (x86)\Microsoft Games\Halo 2\startup.exe] "C:\Windows\SysNative\tasks\{A541D32B-5363-4E5F-8597-289FE4B80CDF}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.18.0.106/nl/go/help.faq.installer?LastError=1638] "C:\Windows\SysNative\tasks\{B96EDF9E-29BB-4FE5-81DA-CF54010B3114}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe] "C:\Windows\SysNative\tasks\{CC791A26-472F-433C-A031-BC1FF3DEAF03}" [C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe] "C:\Windows\SysNative\tasks\{D57775EF-7D22-4779-BD00-E4EDFCAD9D9B}" [D:\Training2000.exe] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [23-04-2015 14:59] ==== Firefox Extensions ====================== ProfilePath: C:\Users\lars\AppData\Roaming\Mozilla\Firefox\Profiles\87kjrm9p.default - DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.134 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[23-04-2015 14:58] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17-01-2012 11:45] selector is not a valid CSS selector - lars\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb AdBlock - lars\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Avast Online Security - lars\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki VLC Capture - lars\AppData\Local\Google\Chrome\User Data\Default\Extensions\goppbgmjnldonmjemebdmcjfefbgoloh VLC - lars\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhafecgfkakfbhlbjffclfaomoliicpm Skype Click to Call - lars\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Google Wallet - lars\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\lars\AppData\Local\Google\Chrome\User Data\Default\Preferences service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.lycianway.org:80":{"alternative_service":[{"port":80,"probability":0.02,"protocol_str":"quic"}]},"www.reverselive.blogspot.com:80":{"alternative_service":[{"port":80,"probability":0.08,"protocol_str":"quic"}]},"www.reverselive.blogspot.nl:80":{"alternative_service":[{"port":80,"probability":0.08,"protocol_str":"quic"}]},"www.youtube-nocookie.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"www.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":13869}},"www.ziekenhuis.nl:80":{"alternative_service":[{"port":80,"probability":0.5,"protocol_str":"quic"}]},"youtu.be:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":14331}},"youtu.be:80":{"alternative_service":[{"port":80,"probability":0.08,"protocol_str":"quic"}]},"youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":9015}},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]}},"supports_quic":{"address":"192.168.0.101","used_quic":true},"version":3}},"ntp":{"app_page_names":["Apps"]},"partition":{"per_host_zoom_levels":{"2166136261":{"www.facebook.com":0.5227586988632231,"www.shutterstock.com":0.5227586988632231}}},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"printing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"isGcpPromoDismissed\":false,\"selectedDestinationId\":\"Save as PDF\",\"selectedDestinationOrigin\":\"local\",\"undefined\":{\"version\":\"1.0\",\"printer\":{\"collate\":{\"default\":true},\"copies\":{\"default\":1},\"duplex\":{\"option\":[{\"type\":\"NO_DUPLEX\",\"is_default\":true},{\"type\":\"LONG_EDGE\",\"is_default\":false}]},\"page_orientation\":{\"option\":[{\"type\":\"PORTRAIT\",\"is_default\":true},{\"type\":\"LANDSCAPE\"}]}}},\"selectedDestinationName\":\"Opslaan als pdf\",\"selectedDestinationAccount\":\"\",\"selectedDestinationCapabilities\":null,\"mediaSize\":{\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"width_microns\":210000,\"custom_display_name\":\"A4\"},\"isHeaderFooterEnabled\":false}","savePath":"C:\\Users\\lars\\Documents"}},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{"[*.]online.b1.org,*":{"setting":1},"https://[*.]dub127.mail.live.com:443,*":{"setting":1}},"cookies":{},"fullscreen":{"[*.]vanjestressaf.nl,*":{"setting":1},"[*.]www.moonanderson.com,*":{"setting":1},"http://cdn.playwire.com:80,http://www.footballorgin.net:80":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{"https://www.google.nl:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]lars.wordxpression.com,*":{"setting":1},"https://[*.]sga.swp.nl:443,*":{"setting":1}},"popups":{"[*.]wordxpression.com,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]lars.wordxpression.com,*":{"plugins":1},"[*.]online.b1.org,*":{"multiple-automatic-downloads":1},"[*.]vanjestressaf.nl,*":{"fullscreen":1},"[*.]wordxpression.com,*":{"popups":1},"[*.]www.moonanderson.com,*":{"fullscreen":1},"http://cdn.playwire.com:80,http://www.footballorgin.net:80":{"fullscreen":1},"https://[*.]dub127.mail.live.com:443,*":{"multiple-automatic-downloads":1},"https://[*.]sga.swp.nl:443,*":{"plugins":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://www.google.nl:443,*":{"last_used":{"media-stream-mic":1416211470.641792},"media-stream-mic":1}},"pref_version":1},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13081674425869967","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Eerste gebruiker","password_manager_groups_for_domains":[1,null,null,null,3],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":false},"savefile":{},"selectfile":{"last_directory":"C:\\rsit"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13036072223615280","urls_to_restore_on_startup":null},"signin":{"signedin_time":"13060857293887205"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAEVIYzxqIsEimcGwt+QXrowAAAAACAAAAAAAQZgAAAAEAACAAAADD4p2+h8SaH3cKyZoJkuIf+nD0tR4MMmAWh8Wt3ha6hwAAAAAOgAAAAAIAACAAAAAcOOSaBD9jPDwO6ow/liyuA4WQ6AjcCTTJwCD58pvMh0AAAADj+i4xta8pGizBn+oFih6t+Pqg6EHAjofRhsgWdljQrQhvxZLYz2Tkrpd4OIW+D1WkItfX5Gp71XvafQe0/h3qQAAAAGoWKn+bD3EkFOvV0BgRURskAfQdBc3VjsPm6CUtZOuSVRd34AWwSA1hgTgKT81B7jX6xm8KZjY/Bf3CH5Tr92k=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13060857294036205","has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAEVIYzxqIsEimcGwt+QXrowAAAAACAAAAAAAQZgAAAAEAACAAAAC1FFi0ENymR7aan3NSkdRbm2ewF1DMEiM+vg7LUVgF/QAAAAAOgAAAAAIAACAAAABZ4LDIg8KqM+251+voXnaxH6tw9yYUI75A9CVez4LajFAAAAD9vInFETV5MScV9DciQ4S3wiERgzpn2S49FVSjKhp8d+742jLHWtEjDE+FOgoP+XqqwPtxKwzrexK2ZV3qF4C8jbHzLi8yS/0JzLiYdBQ5BEAAAAA/5dDOZQqMM5RgQVIs9pTYFPNBEB7sFkho9Q7eMY4kB/UAr4f/UOKFzRILVCdbccjlYAuP7AbdzFbL5sYciMf+","last_synced_time":"13081677589356662","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncxqV6cy0rT8YwVMoglqPvlQ==","sessions":true,"suppress_start":false,"tabs":true,"themes":true,"typed_urls":true},"translate_accepted_count":{"en":0},"translate_blocked_languages":["nl"],"translate_denied_count":{"en":4},"translate_last_denied_time":1.413532e+12,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}} service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.lycianway.org:80":{"alternative_service":[{"port":80,"probability":0.02,"protocol_str":"quic"}]},"www.reverselive.blogspot.com:80":{"alternative_service":[{"port":80,"probability":0.08,"protocol_str":"quic"}]},"www.reverselive.blogspot.nl:80":{"alternative_service":[{"port":80,"probability":0.08,"protocol_str":"quic"}]},"www.youtube-nocookie.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"www.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":13869}},"www.ziekenhuis.nl:80":{"alternative_service":[{"port":80,"probability":0.5,"protocol_str":"quic"}]},"youtu.be:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":14331}},"youtu.be:80":{"alternative_service":[{"port":80,"probability":0.08,"protocol_str":"quic"}]},"youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":9015}},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]}},"supports_quic":{"address":"192.168.0.101","used_quic":true},"version":3}},"ntp":{"app_page_names":["Apps"]},"partition":{"per_host_zoom_levels":{"2166136261":{"www.facebook.com":0.5227586988632231,"www.shutterstock.com":0.5227586988632231}}},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"printing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"isGcpPromoDismissed\":false,\"selectedDestinationId\":\"Save as PDF\",\"selectedDestinationOrigin\":\"local\",\"undefined\":{\"version\":\"1.0\",\"printer\":{\"collate\":{\"default\":true},\"copies\":{\"default\":1},\"duplex\":{\"option\":[{\"type\":\"NO_DUPLEX\",\"is_default\":true},{\"type\":\"LONG_EDGE\",\"is_default\":false}]},\"page_orientation\":{\"option\":[{\"type\":\"PORTRAIT\",\"is_default\":true},{\"type\":\"LANDSCAPE\"}]}}},\"selectedDestinationName\":\"Opslaan als pdf\",\"selectedDestinationAccount\":\"\",\"selectedDestinationCapabilities\":null,\"mediaSize\":{\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"width_microns\":210000,\"custom_display_name\":\"A4\"},\"isHeaderFooterEnabled\":false}","savePath":"C:\\Users\\lars\\Documents"}},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{"[*.]online.b1.org,*":{"setting":1},"https://[*.]dub127.mail.live.com:443,*":{"setting":1}},"cookies":{},"fullscreen":{"[*.]vanjestressaf.nl,*":{"setting":1},"[*.]www.moonanderson.com,*":{"setting":1},"http://cdn.playwire.com:80,http://www.footballorgin.net:80":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{"https://www.google.nl:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]lars.wordxpression.com,*":{"setting":1},"https://[*.]sga.swp.nl:443,*":{"setting":1}},"popups":{"[*.]wordxpression.com,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]lars.wordxpression.com,*":{"plugins":1},"[*.]online.b1.org,*":{"multiple-automatic-downloads":1},"[*.]vanjestressaf.nl,*":{"fullscreen":1},"[*.]wordxpression.com,*":{"popups":1},"[*.]www.moonanderson.com,*":{"fullscreen":1},"http://cdn.playwire.com:80,http://www.footballorgin.net:80":{"fullscreen":1},"https://[*.]dub127.mail.live.com:443,*":{"multiple-automatic-downloads":1},"https://[*.]sga.swp.nl:443,*":{"plugins":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://www.google.nl:443,*":{"last_used":{"media-stream-mic":1416211470.641792},"media-stream-mic":1}},"pref_version":1},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13081674425869967","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Eerste gebruiker","password_manager_groups_for_domains":[1,null,null,null,3],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":false},"savefile":{},"selectfile":{"last_directory":"C:\\rsit"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13036072223615280","urls_to_restore_on_startup":null},"signin":{"signedin_time":"13060857293887205"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAEVIYzxqIsEimcGwt+QXrowAAAAACAAAAAAAQZgAAAAEAACAAAADD4p2+h8SaH3cKyZoJkuIf+nD0tR4MMmAWh8Wt3ha6hwAAAAAOgAAAAAIAACAAAAAcOOSaBD9jPDwO6ow/liyuA4WQ6AjcCTTJwCD58pvMh0AAAADj+i4xta8pGizBn+oFih6t+Pqg6EHAjofRhsgWdljQrQhvxZLYz2Tkrpd4OIW+D1WkItfX5Gp71XvafQe0/h3qQAAAAGoWKn+bD3EkFOvV0BgRURskAfQdBc3VjsPm6CUtZOuSVRd34AWwSA1hgTgKT81B7jX6xm8KZjY/Bf3CH5Tr92k=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13060857294036205","has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAEVIYzxqIsEimcGwt+QXrowAAAAACAAAAAAAQZgAAAAEAACAAAAC1FFi0ENymR7aan3NSkdRbm2ewF1DMEiM+vg7LUVgF/QAAAAAOgAAAAAIAACAAAABZ4LDIg8KqM+251+voXnaxH6tw9yYUI75A9CVez4LajFAAAAD9vInFETV5MScV9DciQ4S3wiERgzpn2S49FVSjKhp8d+742jLHWtEjDE+FOgoP+XqqwPtxKwzrexK2ZV3qF4C8jbHzLi8yS/0JzLiYdBQ5BEAAAAA/5dDOZQqMM5RgQVIs9pTYFPNBEB7sFkho9Q7eMY4kB/UAr4f/UOKFzRILVCdbccjlYAuP7AbdzFbL5sYciMf+","last_synced_time":"13081677589356662","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncxqV6cy0rT8YwVMoglqPvlQ==","sessions":true,"suppress_start":false,"tabs":true,"themes":true,"typed_urls":true},"translate_accepted_count":{"en":0},"translate_blocked_languages":["nl"],"translate_denied_count":{"en":4},"translate_last_denied_time":1.413532e+12,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}} ,"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13048616598703772","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"larsratering@hotmail.com","username":"larsratering@hotmail.com"}},"homepage":"www.google.com","homepage_is_newtabpage":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"93A21B0B9BF6E5026F7B72D5E4E019F6FB23B84600B9B29858E752949019E9A4"},"default_search_provider":{"keyword":"D87D3CB571167B04BA9ED0D3EB228F1F7515848130838F97912F013A2BAF456B","name":"99DB5E8EF4C4901C77ADD88E7DEC564C431581C6CD25799E2787AADC4AF1B17F","search_url":"6145A39D20461C6AADA6F89C23E86EAFBB6BBA3229310E1F4D537EEE414E9067"},"default_search_provider_data":{"template_url_data":"C328804627F79C6F8B744A1062F4B4776E1CF1D4BF9FBAAA0A3DBA643707183F"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"44F8754D156609D9A96950E381222028F488F9AA181A1EE30ED7332EA5796AC1","bccninphcdkbgilacadooapnogjkilha":"81429A7B38826E7F001546358064F40F1B349AF90B9E03E6134FE1E024BEA437","bepbmhgboaologfdajaanbcjmnhjmhfn":"222E5A0C898E78BB20E0338D402CAEE2C2A8878A9DAE381A0C14A55E81726F91","bkbpbdheinffejahlobgobfhdlejacio":"A21064120D385833C43543720897505ED5E1072269C16C4C6D3AEE5592409571","cfhdojbkjhnklbpkdaibdccddilifddb":"48B7DD818D729F2973D5673C38CBA38FC3D97D5E28E57682EB87B49A6774EC74","eemcgdkfndhakfknompkggombfjjjeno":"C73430345E5B57FAF3D795FE3F8CFEFE1F0F5612108D977DED5DEFBA19B2EADE","ennkphjdgehloodpbhlhldgbnhmacadg":"867BD892F51731D23179A3DAD658F9C1B377BD65CE2F296926BE643CAC65E775","gfdkimpbcpahaombhbimeihdjnejgicl":"8C8367706A46031F433739325E227669D67741BCF82836E1DD8C057B9E042301","gighmmpiobklfepjocnamgkkbiglidom":"B97977A8DBC1E8E3036E9F892582A955EACC41FB0DA08764813A65B6355576E5","gomekmidlodglbbmalcneegieacbdmki":"27B416E8BD6CE188B8B3127F79FFDA956C38424C4BFCC5EA81D5EC12C7630FB0","goppbgmjnldonmjemebdmcjfefbgoloh":"C3F118572C7DB40F86710573689B1BAFEA58FDFA695121F08F01A419CDF58CC9","hhafecgfkakfbhlbjffclfaomoliicpm":"8F76B3FF50854D645C8BBA29E8D7076272EAE0B6311095C19A029E998B7D751B","icmlaeflemplmjndnaapfdbbnpncnbda":"3358EA0185E5E96165709987D561B2E425FEFEEFED959D291CF98BDC1EFA1412","kmendfapggjehodndflmmgagdbamhnfd":"1A5D7BE1FD0498B2E94284BA517ACF2E038449B2F7E9881C427DEEE8D293BDBA","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"04E24FBC564BC4CAB5C586FFCCE9963A3A556E6F7CF4465112FA1483CDCEA2A9","mfehgcgbbipciphmccgaenjidiccnmng":"2CC9D10E640DECAC80DBD6F8D652CD3C5B41E76EA00AC3A39D499A2B5ADD3AE0","mfffpogegjflfpflabcdkioaeobkgjik":"539638077B94E94C8021FFC101B7433BCC648FABB8F77ABA73AF93C1CCB8D7C9","mgndgikekgjfcpckkfioiadnlibdjbkf":"6A5DC18317A32030BA7CACCEE8B9D5807A9F243100686FF208910F85912A0DBF","mhjfbmdgcfjbbpaeojofohoefgiehjai":"07E5A372AD5EB36292B3EFBC51A3EFF86B6438F2FBB72D132DDC83C0D6FBFCE6","neajdppkdcdipfabeoofebfddakdcjhd":"43DA8C06F2F3ADB3DFB5D3CDC54C027E83C45F1DF175438FE479C6AFDEA999DE","nkeimhogjdpnpccoofpliimaahmaaome":"BD88C52FE76097879C945963963F36201488E11DC19D8FDE76C61A316996BE20","nmmhkkegccagdldgiimedpiccmgmieda":"C1973336C0592FD0986AD1EB6D041AEF9553178959D60107E0B4A7868107A330","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"7E9337782A6AD27E8D0889C08FF28E11091719F689AAC5B6CC391D75F5DCF659"}},"google":{"services":{"last_username":"B19B9E1612844CBC6BC93D418D255341112DBFF2D27B0079B86675872072E314","username":"F50107FE683D801E75039730CB94EA1B6537E3C8F701AD8F63160975F4E7F95C"}},"homepage":"F25632D0AD02DBB379195BC16BF47654FD6F380F8C9515526EAE2E6781765228","homepage_is_newtabpage":"50168AEC7492568E8A9453F2670F7860B638EFAF5C828B2BBFDC8D3F2089A981","pinned_tabs":"E246B701F5C4BF83BD6F226E834BE20E2C29151472AF2CDD543E5CCDA1CA61B3","prefs":{"preference_reset_time":"2EA8D21353FACD18496D0E38B2D8D207C5C21101BEE375F6815DC92B3A17BCB5"},"profile":{"reset_prompt_memento":"1B4E27774BEF962B0DE9E416CA6015847E6ACB8910FA2C54A4E18596FD8D669D"},"safebrowsing":{"incidents_sent":"50C4325DDD5EC9D4FCCE336212C9CBEB44B6B9B12292ACBB19F184E266130C95"},"search_provider_overrides":"4771AE771DDF3F8E1AEEEAC275328492A03174C71B76D24BBCE211A9C835C6BE","session":{"restore_on_startup":"3F8B03AF7886E66F18449BC433402217928D819B7F60C29613171A05144132E6","startup_urls":"BB1F299525222A0AA900486E10EB0660AAA55A987313C5A07E1D866169FBCF76"},"software_reporter":{"prompt_reason":"CF1E7CEE684DC0D45FE334E4BCA406BB75820CCD2A82BF0CA645922EE354FEFB","prompt_seed":"79A901143DD3FF5857B2838FC89E6D8A7461786087CB5197E44E40439BAF50CD","prompt_version":"FC7BEB3325A3FA29B848D73E8F20A522971C6B0F154A47CC14DDDB41B4B46018"},"sync":{"remaining_rollback_tries":"0A43750E154A648ED33BEA2BD264CBCD2D8868CF55AD67B2896794EB33FD792D"}},"super_mac":"205DDD95AAF394A10C09E229501ACF674DB79FF8E0ADFD6548FD38C3B01E2672"},"session":{"restore_on_startup":4,"startup_urls":["www.google.com"]},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\lars\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_charting.vwdservices.com_0.localstorage deleted successfully C:\Users\lars\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_charting.vwdservices.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.nl/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.google.nl/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01" ==== Reset Google Chrome ====================== C:\Users\lars\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\lars\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\lars\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\lars\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\lars\AppData\Local\Google\Chrome\User Data\Default\Web Data.temp was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\lars\Desktop\ASIO4ALL v2 Instruction Manual.lnk - C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL v2 Instruction Manual.pdf C:\Users\lars\Desktop\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe C:\Users\lars\Desktop\Beatcraft.lnk - C:\Program Files (x86)\Acoustica Beatcraft\Beatcraft.exe C:\Users\lars\Desktop\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe C:\Users\lars\Desktop\Free WAV to MP3 Converter.lnk - C:\Program Files (x86)\Free WAV to MP3 Converter\converter.exe C:\Users\lars\Desktop\Free YouTube Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe C:\Users\lars\Desktop\GemistDownloader.lnk - C:\Program Files (x86)\GemistDownloader\GemistDownloader.exe C:\Users\lars\Desktop\Guitar Rig 4 - Snelkoppeling.lnk - C:\Users\lars\Documents\Documents\programma\Guitar Rig 4.0.7\Crack\Guitar Rig 4.exe C:\Users\lars\Desktop\Hema Fotoalbum.lnk - C:\Users\lars\AppData\Local\Hema Fotoalbum\apc.exe C:\Users\lars\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\lars\Desktop\Mp3tag.exe - Snelkoppeling.lnk - C:\Program Files (x86)\Mp3tag\Mp3tag.exe C:\Users\lars\Desktop\Spotify.lnk - C:\Program Files (x86)\Spotify\spotify.exe C:\Users\lars\Desktop\SpyHunter.lnk - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe C:\Users\lars\Desktop\µTorrent.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Command & Conquer™ Red Alert™ 3 Uprising.lnk - C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe C:\Users\Public\Desktop\Express Zip.lnk - C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe C:\Users\Public\Desktop\Free YouTube Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Public\Desktop\Reader for PC.lnk - C:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe C:\Users\Public\Desktop\Red Alert.lnk - C:\Program Files (x86)\Red Alert\RedAlertLauncher.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe C:\Users\Public\Desktop\TotalMedia Extreme.lnk - C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\TMExtreme.exe C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Users\Public\Desktop\WinZip.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE ==== shortcuts in Users Start Menu ====================== C:\Users\lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\lars\AppData\Roaming\Dropbox\bin\Dropbox.exe /home ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_51\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_51\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_51\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc\Reader for PC.lnk - C:\Program Files (x86)\Sony\ReaderDesktop\Reader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 19.5.lnk - C:\Program Files (x86)\WinZip\WINZIP64.EXE ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== Uninstall List x64 ====================== ęTorrent [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] 7-Zip 9.20 (x64 edition) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{23170F69-40C1-2702-0920-000001000000}] Ableton Live 9 Suite [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2E533C18-7395-4EAB-B5F5-1891FC591D79}] Adblock Plus voor IE (32-bit en 64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E59B350D-F8F9-4FF2-BC70-DB817FA183B6}] Adobe Flash Player 18 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] Adobe Flash Player 18 NPAPI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] Adobe Reader XI (11.0.12) - Nederlands [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1043-7B44-AB0000000001}] Adobe Refresh Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824147215}] ArcSoft TotalMedia Extreme [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0B68672F-C64F-4D29-9EDC-ECDCBE3C5F19}] Avast Free Antivirus [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avast] CCleaner [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner] Command & ConquerT Red AlertT 3 Uprising [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}] Dropbox [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Dropbox] DV Ts [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{739F50FE-87AF-4108-93C8-6FF50A07A304}] Free YouTube Download version 3.2.54.219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Free YouTube Download_is1] Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] Hema Fotoalbum [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{83EF9202-135C-4AFC-A083-DE9D09C6BC46}_is1] Java 8 Update 31 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218031F0}] Java 8 Update 51 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218051F0}] LAME v3.99.3 (for Windows) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LAME_is1] Malwarebytes Anti-Malware versie 2.1.8.1057 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] Microsoft .NET Framework 4.5.1 (Nederlands) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043] Microsoft .NET Framework 4.5.1 (NLD) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26784146-6E05-3FF9-9335-786C7C0FB5BE}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Access 2000 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00180408-78E1-11D2-B60F-006097C998E7}] Microsoft Games for Windows - LIVE Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}] Microsoft Games for Windows Marketplace [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}] Microsoft Office Home and Student 2007 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR] Microsoft Office Language Pack 2007 - Dutch/Nederlands [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OMUI.nl-nl] Microsoft Office Suite Activation Assistant [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft SQL Server 2005 Compact Edition [ENU] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}] Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}] Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Works [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}] Movie Maker 6.0 for Windows 7 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A7395F20-2B22-4CB8-8510-B452C0F47E02}] Mp3tag v2.66 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mp3tag] Reader for PC [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}] Red Alert 3.03p-Iran [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BCC0F2C-63C1-4569-BEE6-E3A3A377C0F8}_is1] SkypeT 7.5 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] Spybot - Search & Destroy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1] VLC media player [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player] Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A07C35B-8384-4DA4-9A95-442B6C89A073}] Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite] Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1B8ABA62-74F0-47ED-B18C-A43128E591B8}] Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}] Windows Live Language Selector [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}] Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D588365A-AE39-4F27-BDAE-B4E72C8E900C}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A563426-3474-41C6-B847-42B39F1485B2}] Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EB4DF488-AAEF-406F-A341-CB2AAA315B90}] Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA54F80E-261C-41A2-A855-549A144F2F59}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}] Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BD262D0-B788-4546-A0A5-F4F56EC3834B}] Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}] Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}] Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}] Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}] Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}] Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}] Windows Live Sync [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD19EDD9-1632-4002-9212-7478E4BA0423}] Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}] Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7E017923-16F8-4E32-94EF-0A150BD196FE}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}] Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}] Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{14B441B7-774D-4170-98EA-A13667AE6218}] WinZip 19.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}] ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\lars\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\lars\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SSHN.NET O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SSHN.NET O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SSHN.NET O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} DAEMON Tools Lite = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [Disc Soft Ltd] Dropbox Update = "C:\Users\lars\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c [Dropbox, Inc.] CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Ltd] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} IAAnotif = C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [Intel Corporation] Acer ePower Management = C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [Acer Incorporated] mwlDaemon = C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [Egis Technology Inc.] RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [Realtek Semiconductor] SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation] IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation] HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} LManager = C:\Program Files (x86)\Launch Manager\LManager.exe [Dritek System Inc.] AvastUI.exe = "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [Avast Software s.r.o.] (Default) = (empty string) [file not found] Reader Application Helper = C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [Sony Corporation] SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = avast! Online Security -> {HKLM...CLSID} = avast! Online Security \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [Avast Software s.r.o.] -> {HKLM...Wow...CLSID} = avast! Online Security \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [Avast Software s.r.o.] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Aanmeldhulp voor Windows Live ID \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {FFCB3198-32F3-4E8B-9539-4324694ED664}\(Default) = (no title provided) -> {HKLM...CLSID} = Adblock Plus for IE Browser Helper Object \InProcServer32\(Default) = C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [Adblock Plus] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [Oracle Corporation] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = avast! Online Security -> {HKLM...CLSID} = avast! Online Security \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [Avast Software s.r.o.] -> {HKLM...Wow...CLSID} = avast! Online Security \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [Avast Software s.r.o.] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Aanmeldhulp voor Windows Live ID \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM...Wow...CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt1 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt2 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] DropboxExt3\(Default) = {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt5 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] DropboxExt4\(Default) = {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt6 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] DropboxExt5\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt3 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] DropboxExt6\(Default) = {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt7 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] DropboxExt7\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt4 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] DropboxExt8\(Default) = {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt8 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] "DropboxExt1"\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt1 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] "DropboxExt2"\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt2 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] "DropboxExt3"\(Default) = {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt5 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] "DropboxExt4"\(Default) = {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt6 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] "DropboxExt5"\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt3 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] "DropboxExt6"\(Default) = {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt7 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] "DropboxExt7"\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt4 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] "DropboxExt8"\(Default) = {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt8 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [Avast Software s.r.o.] DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt1 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt2 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt3 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt4 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] egisPSDP\(Default) = {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} -> {HKLM...CLSID} = DragDropProtect Class \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [Egis Technology Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt1 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt2 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] DropboxExt3\(Default) = {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt5 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] DropboxExt4\(Default) = {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt6 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] DropboxExt5\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt3 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] DropboxExt6\(Default) = {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt7 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] DropboxExt7\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt4 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] DropboxExt8\(Default) = {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt8 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt1 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt2 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt3 Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] egisPSDP\(Default) = {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} -> {HKLM...Wow...CLSID} = DragDropProtect Class \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [Egis Technology Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon64 -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.] {23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] {472083B0-C522-11CF-8763-00608CC02F24} = avast -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [Avast Software s.r.o.] {E0D79307-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.] {E0D79305-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.] {E0D79304-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.] {E0D79306-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon32 -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.] {472083B0-C522-11CF-8763-00608CC02F24} = avast -> {HKLM...Wow...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <> BootExecute = autocheck autochk *| [file not found]|sdnclean64.exe [Safer Networking Limited] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} -> {HKCU...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [Avast Software s.r.o.] -> {HKLM...Wow...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] EDSshellExt\(Default) = {29FF7AB0-BE34-4992-A30B-53A9D86EE239} -> {HKLM...CLSID} = eDSshlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlshellext.dll [Egis Technology Inc.] -> {HKLM...Wow...CLSID} = eDSshlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlshellext.dll [Egis Technology Inc.] ExpressZip\(Default) = {8EEA165E-0B8B-4BA7-9796-50214C767171} -> {HKLM...CLSID} = Express Zip \InProcServer32\(Default) = C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [null data] SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.] -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.] SDECon64\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.] -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.] -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [Avast Software s.r.o.] -> {HKLM...Wow...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} -> {HKCU...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] EDSshellExt\(Default) = {29FF7AB0-BE34-4992-A30B-53A9D86EE239} -> {HKLM...CLSID} = eDSshlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlshellext.dll [Egis Technology Inc.] -> {HKLM...Wow...CLSID} = eDSshlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlshellext.dll [Egis Technology Inc.] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.] -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.] -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} -> {HKCU...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Users\lars\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM...CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [Avast Software s.r.o.] -> {HKLM...Wow...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [Avast Software s.r.o.] ExpressZip\(Default) = {8EEA165E-0B8B-4BA7-9796-50214C767171} -> {HKLM...CLSID} = Express Zip \InProcServer32\(Default) = C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [null data] SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.] -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.] SDECon64\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [Safer-Networking Ltd.] -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [Safer-Networking Ltd.] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.] -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000} -> {HKLM...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshls64.dll [WinZip Computing, S.L.] -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\Program Files\WinZip\wzshlstb.dll [WinZip Computing, S.L.] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} DisableTaskMgr = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ EnableSecureUIAPath = (REG_DWORD) dword:0x00000001 {unrecognized setting} SoftwareSASGeneration = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\lars\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\System32\Acer.scr [null data] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] NTIBurner\ Provider = NTI Media Maker InvokeProgID = NTIBurnerOpen InvokeVerb = open HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = "C:\Program Files (x86)\NewTech Infosystems\NTI Media Maker 8\DiscLaunchPad.exe" [NewTech Infosystems, Inc.] PCinemaPlayCDAudioOnArrival\ Provider = Acer Arcade Deluxe InvokeProgID = AudioCD InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\Command\(Default) = "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe" AUTOPLAY CD "%L" [Acer Incorporated] PlayMoviePlayDVDMovieOnArrival\ Provider = Play Movie InvokeProgID = DVD InvokeVerb = PlayWithPlayMovie HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPlayMovie\Command\(Default) = "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\discautorun.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.] PlayMoviePlayVideoCDMovieOnArrival\ Provider = Play Movie InvokeProgID = VCD InvokeVerb = PlayWithPlayMovie HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPlayMovie\Command\(Default) = "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\discautorun.exe" AUTOPLAY MOVIE "%L" [CyberLink Corp.] SonyPlayCDAudioSonicStage\ Provider = @C:\Program Files (x86)\Sony\SonicStage\OmgjboxRes.dll,-57344 InvokeProgID = SonyAudioCDSonicStage InvokeVerb = play HKLM\SOFTWARE\Classes\SonyAudioCDSonicStage\shell\play\command\(Default) = C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe /cdplay -"%L" [Sony Corporation] SonyRecCDAudioSonicStage\ Provider = @C:\Program Files (x86)\Sony\SonicStage\OmgjboxRes.dll,-57344 InvokeProgID = SonyAudioCDRecSonicStage InvokeVerb = play HKLM\SOFTWARE\Classes\SonyAudioCDRecSonicStage\shell\play\command\(Default) = C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe /cdrecord -"%L" [Sony Corporation] SonySonicStageBurnCDOnArrival\ Provider = @C:\Program Files (x86)\Sony\SonicStage\OmgjboxRes.dll,-57344 InvokeProgID = SonyBurnCDSonicStage InvokeVerb = open HKLM\SOFTWARE\Classes\SonyBurnCDSonicStage\shell\open\command\(Default) = C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe [Sony Corporation] SpybotScanFiles\ Provider = Spybot - Search & Destroy InvokeProgID = SpybotFilesScanner InvokeVerb = scanfiles HKLM\SOFTWARE\Classes\SpybotFilesScanner\shell\scanfiles\command\(Default) = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe" [Safer-Networking Ltd.] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] WinZip\ Provider = WinZip ProgID = WinZip.AutoplayHandler HKLM\SOFTWARE\Classes\WinZip.AutoplayHandler\CLSID\(Default) = {784C04A3-2E5A-4E7C-A7F7-7D97E27859AD} -> {HKLM...CLSID} = WinZip Autoplay \LocalServer32\(Default) = C:\Program Files\WinZip\WINZIP64.EXE [null data] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\lars\AppData\Local\Microsoft\Windows Sidebar\Settings.ini "C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget" Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Acrobat Update Task -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [Avast Software s.r.o.] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] DropboxUpdateTaskUserS-1-5-21-2174174032-3893959350-3827641703-1001Core -> launches: C:\Users\lars\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c [Dropbox, Inc.] DropboxUpdateTaskUserS-1-5-21-2174174032-3893959350-3827641703-1001UA -> launches: C:\Users\lars\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler [Dropbox, Inc.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] Halo 2 for Vista restart -> launches: C:\Program Files (x86)\Microsoft Games\Halo 2\startup.exe startup.exe "startup.exe" "-restart_from_update" [file not found] {44357667-E3EA-4B82-B344-6F902B67270A} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\lars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K1259ARW\setup-ordrumbox-0.9.08-win32.exe" -d C:\Users\lars\Desktop [MS] {5B37D449-1E61-422B-8FD1-70DB7EB41F86} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\lars\Desktop\NXSetup.exe -d C:\Users\lars\Desktop [MS] {A541D32B-5363-4E5F-8597-289FE4B80CDF} -> launches: "c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.18.0.106/nl/go/help.faq.installer?LastError=1638 [MS] {B96EDF9E-29BB-4FE5-81DA-CF54010B3114} -> launches: C:\Program Files (x86)\Skype\\Phone\Skype.exe [Skype Technologies S.A.] {CC791A26-472F-433C-A031-BC1FF3DEAF03} -> launches: C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe [file not found] {D57775EF-7D22-4779-BD00-E4EDFCAD9D9B} -> launches: D:\Training2000.exe [file not found] {DF7FADF9-211F-46A2-9D9D-23268C4784C1} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\lars\FIFA\EASetup.exe -d C:\Users\lars\FIFA [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS] refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS] refreshgwxconfigandcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS] refreshgwxcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers refreshgwxconfig-B -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy Check for updates -> launches: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose /background [Safer-Networking Ltd.] Refresh immunization -> launches: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe" /immunize /silent /autoclose [Safer-Networking Ltd.] Scan the system -> launches: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe" /scan /cleanclose [Safer-Networking Ltd.] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-2174174032-3893959350-3827641703-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000006\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000007\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000008\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000006\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000007\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000008\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = S&end to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call MenuText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...Wow...CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...Wow...CLSID} = &Research \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Acer ePower Service, ePowerSvc, C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [Acer Incorporated] Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] ArcSoft Connect Daemon, ACDaemon, C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [ArcSoft Inc.] Avast Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [Avast Software s.r.o.] Diagnostics Tracking Service, DiagTrack, C:\Windows\System32\svchost.exe -k utcsvc {C:\Windows\system32\diagtrack.dll [MS]} GRegService, Greg_Service, C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [Acer Incorporated] Intel(R) Matrix Storage Event Monitor, IAANTMON, C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [Intel Corporation] Net Driver HPZ12, Net Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZinw12.dll [Hewlett-Packard]} NIHardwareService, NIHardwareService, C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [Native Instruments GmbH] NTI Backup Now 5 Scheduler Service, NTISchedulerSvc, C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [NewTech Infosystems, Inc.] Pml Driver HPZ12, Pml Driver HPZ12, C:\Windows\System32\svchost.exe -k HPZ12 {C:\Windows\system32\HPZipm12.dll [Hewlett-Packard]} Spybot-S&D 2 Scanner Service, SDScannerService, "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [Safer-Networking Ltd.] Spybot-S&D 2 Security Center Service, SDWSCService, C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [Safer-Networking Ltd.] Spybot-S&D 2 Updating Service, SDUpdateService, "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [Safer-Networking Ltd.] Updater Service, Updater Service, C:\Program Files\Acer\Acer Updater\UpdaterService.exe [Acer] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> hitmanpro37, <> hitmanpro37.sys, <> mcmscsvc, Service <> MCODS, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> hitmanpro37, <> hitmanpro37.sys, <> mcmscsvc, Service <> MCODS, Service <> MpfService, Service <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ HP Universal Print Monitor\Driver = HPMPW081.DLL [Hewlett-Packard] HPMLM135\Driver = hpmlm135.dll [Hewlett-Packard Company] HPPMOPJL\Driver = hppmopjl.dll [Hewlett-Packard Company] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\lars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\lars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\lars\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=4 folders=1 21403 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\lars\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\lars\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 18-07-2015 at 9:36:28,82 ======================