Zoek.exe v5.0.0.1 Updated 05-November-2015
Tool run by GEAtje on do 05-11-2015 at 20:46:21,06.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\GEAtje\Downloads\zoek (1).exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2015-11-01-173854.log	102533 bytes
C:\zoek-results2015-11-02-173219.log	137471 bytes
C:\zoek-results2015-11-03-193659.log	137842 bytes
C:\zoek-results2015-11-04-194406.log	13822 bytes

==== Empty Folders Check ======================

C:\Users\GEAtje\AppData\Local\PDFC deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\WinArchiver Virtual Drive\WAService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
C:\Program Files (x86)\WinArchiver Virtual Drive\WAHELPER.EXE
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\GEAtje\Downloads\zoek (1).exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Folders Found ======================

2015-11-02 16:00:05 2015-11-02 16:00:05	--------	d---a-w-	C:\zoek_backup\C_Program Files (x86)_AVG
2015-11-02 16:00:05 2015-11-02 16:00:05	--------	d---a-w-	C:\zoek_backup\C_ProgramData_AVG
2015-11-02 16:00:04 2015-11-02 16:00:04	--------	d---a-w-	C:\zoek_backup\C_Users_GEAtje_AppData_Local_Avg
2015-11-04 19:33:54 2015-11-04 19:33:54	--------	d---a-w-	C:\zoek_backup\C_Users_GEAtje_AppData_Local_VirtualStore_ProgramData_AVG
2015-11-02 16:00:04 2015-11-02 16:00:04	--------	d---a-w-	C:\zoek_backup\C_Users_GEAtje_AppData_Roaming_AVG
2015-11-02 16:00:03 2015-11-02 16:00:04	--------	d---a-w-	C:\zoek_backup\C_Windows_SysNative_config_systemprofile_AppData_Local_Avg
2015-11-02 16:00:04 2015-11-02 16:00:04	--------	d---a-w-	C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_Local_Avg
2015-11-02 16:00:03 2015-11-02 16:00:03	--------	d---a-w-	C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_Roaming_AVG
2015-11-02 16:00:05 2015-11-02 16:00:05	--------	d---a-w-	C:\zoek_backup\C_Program Files (x86)_AVG\AVG PC TuneUp
2015-11-04 19:33:55 2015-11-04 19:33:55	--------	d---a-w-	C:\zoek_backup\C_Program Files_KMSpico

==== Files Found ======================


--- C:\zoek_backup\C_Users_GEAtje_AppData_Local_Chromium_User Data_Default_Local Storage_http_www.avg.com_0.localstorage-journal.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 0
Created time: 2015-11-04 19:33:56
Modified time: 2015-10-28 19:54:06
MD5: D41D8CD98F00B204E9800998ECF8427E
SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709


--- C:\zoek_backup\C_Users_GEAtje_AppData_Local_Chromium_User Data_Default_Local Storage_http_www.avg.com_0.localstorage.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3072
Created time: 2015-11-04 19:33:56
Modified time: 2015-10-28 19:54:06
MD5: AADA73DCF0058F2D3BE237968CD53398
SHA1: 4042CCC65C46FD9DCCCCDE61D10CCDFA2BBDCF29


--- C:\zoek_backup\C_Users_GEAtje_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_www.avg.com_0.localstorage.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3072
Created time: 2015-11-04 19:33:56
Modified time: 2015-10-30 20:55:11
MD5: 529511A8C781178078701F31F8A3782B
SHA1: 7C8DBE6F13389FD3FFEAFB10200D9E77BFF40C86


--- C:\zoek_backup\C_ProgramData_AVG\AWL\AvgRep.xml ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 514
Created time: 2015-11-02 16:00:05
Modified time: 2015-11-02 07:56:52
MD5: BD55705580914D4A528E1F911A99F50B
SHA1: D0C9C210F8A33964AFA301D22477E4E43B597DCF


--- C:\zoek_backup\C_Users_GEAtje_AppData_Local_Avg\AWL2015\log\avglng.log ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 124627
Created time: 2015-11-02 16:00:04
Modified time: 2015-11-02 07:56:52
MD5: 959C7A36272AA4578D331BDA752FBBBA
SHA1: 928BBD3AD24B31135147386574D264F23767F707


--- C:\zoek_backup\C_Users_GEAtje_AppData_Local_Avg\AWL2015\log\avglng.log.lock ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 0
Created time: 2015-11-02 16:00:04
Modified time: 2015-10-28 19:53:15
MD5: D41D8CD98F00B204E9800998ECF8427E
SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709


--- C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_Local_Avg\AWL2015\log\avglng.log ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1771
Created time: 2015-11-02 16:00:04
Modified time: 2015-11-01 10:29:23
MD5: C7891659C3B995A2CADEFF33216CC45E
SHA1: C017F62546F25A192797A05FEBE00CB6ACF23E52


--- C:\zoek_backup\C_Windows_sysWoW64_config_systemprofile_AppData_Local_Avg\AWL2015\log\avglng.log.lock ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 0
Created time: 2015-11-02 16:00:04
Modified time: 2015-10-30 20:09:05
MD5: D41D8CD98F00B204E9800998ECF8427E
SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709


--- C:\zoek_backup\C_Users_GEAtje_Downloads_gizmo-279-setup.exe.vir ---
Company: Arainia Solutions
File Description: Gizmo Setup
File Version: v2.7.9
Product Name: Gizmo Setup
Copyright: © 2003-2011 Arainia Solutions LLC
Original Filename: gsetup.exe
File type: ----a-w-
File size: 8095640
Created time: 2015-11-02 16:00:05
Modified time: 2015-10-30 20:46:41
MD5: F146300FCFEB5E1729799FF31E1BCCA9
SHA1: 77340932AD940C1C5C4F0155E0AB24ECF10969E8


--- C:\zoek_backup\C_windows_SysNative_drivers_gizmodrv.sys.vir ---
Company: Arainia Solutions LLC
File Description: Gizmo Drive, kernel-mode device driver
File Version: 2.7.8.0
Product Name: Gizmo Drive, kernel-mode device driver
Copyright: © 2003-2011 Arainia Solutions LLC
Original Filename: GizmoDrv.sys
File type: ----a-w-
File size: 34704
Created time: 2015-11-02 16:00:06
Modified time: 2015-10-30 20:47:16
MD5: 4CF044DB46F79BFA47FBDFD35192D765
SHA1: 5A4A29EABFCBAC3E9C2EF6AFF6F044321D2CA419


==== Registry Search Results for "avg" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"

[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\PhysicalDeviceID\01bGLoruNiH4wKXcJciMz5MQ]
"DeviceId"="<Data><User username=\"01BGLORUNIH4WKXCJCIMZ5MQ\"><Certificate targetname=\"WindowsLive:(cert):name=01bglorunih4wkxcjcimz5mq;serviceuri=msn-messenger-didc\" keyword=\"Microsoft_WindowsLive:certificate:\" type=\"1\">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEATwBoAHEATAA3AFcAZwBpADIAVQBXADQAdgBYAFUAcwBLAEUAZgBPAEsAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEANwBjAFAAcABnAGoASwBnADMAKwAzAEMASABLAHIAcgBMAFkAZQBYAHoAYwBHAFkATgBHADIAeQA3AE8AMQA1AHkANwBZAGwAQQBKAHQAbQBuADUAZwBBAEEAQQBBAEEATwBnAEEAQQBBAEEAQQBJAEEAQQBDAEEAQQBBAEEARABRADEATQBrAEQAKwAxAEUAVQBXAGYARwBxAEUAOAB0ADEAOQAyAEYAQgBnAFMARgBqADEAQQBoAFMAWgBRAEEAcwBFADYAVQB4AEMAZgB2AEoAeABXAEEAQwBBAEEAQgBxAHAAbgA3AGUAdgBCAFEARgA3AHEANwBTAEcAbQB5AEwAagBTAEgAZQBDADIASQBqAHgANgBpAFIAbQBIAHIAOQB5AHYANQBIADgAVQB5AEUAWQBCAHUAZwB3AFIASwBqAE4AOABCAHQANgBwAE4AdABpAFIAMABFAGwAdQA1AGkAUAAwAGwAbwB1AGgAMQBUAFQAZAA2AGUAMgBqAG8AZwBCAGcAeABiAGsAQgBWAGwANQBqAGgAYgA3AGQARABsAGMARAAwAHgAZQBlAHQAagByADEAZQBKAGcAWQBkAFUAUgBxAFgARABLADAAOAB1AHEAMwBsAEYATwB4AFgAUgBDAGkAVwBBAHEASwB5AEsARABjAGUAagBYADMAegBvAGMAcAAvAFcASQBFAHoARQBnAEQAagAzAFkAYwA0AE4AVwBIAEQARQBJAHMARQBxAFYAcwBtADkAeQAxAEYAZABhAGEAZwBWAGQAegBVADAARwBzAGYARAAyADIAUQBKAFUATABDAFAAUgB6ADMAUQB3ADkATABaAHkAaQBSAEYAZgBMAE0AeABKAEQAZQBuAHEAYQBTADYASQA0AHMATABIAGUAUABRAEYAKwBwAFYAOQBrAHMAZQBFAEoAUQBPAFoAaABVADEAcgBHAEkAcgBBAG0AbgB1ADAAMAByAFMAUQBjAFMAeQBxAHgAMQBwAFYAcQAxAFMALwArAHkARABBACsAMgBTAHcAeQA1AE8AMABoAGYATQBjAHkATwBXAEMAcABJADgANQBBADMAVABsAGIAYwBaAFcAUQB4AGgAbwA2AGQAbwBVADMAcAB2ADAARQArAGYAVABUACsAZgBNAEQAcgBwAE0AdgByAEYARQBUAE0AbwBKAEkAWAAyAGQAdwA2ADEARgB5AHoAWABiAFEAaAA2ADEAMQBoAHkAagAxAFEARwB5AGwAWgBIAHUAbwBQAGIAZgBFAE4AZgBTAHIARAArAFoAcwA1AEQALwBxAFMARQA4AGcAZABjAFEAeABDAGgAdABaADQAVgBCAFcAZwBEAEEAMgBIAEsANwB4ADcAQwBXAEkAMABoAHYAOQBtAFoANgBYAGMAdQA2AGkATQBDAEMAdABoACsAcgBoADAAcABjAEoAaABsAHMASQBMAG4AWgBPAGMAaABEAFkANAA0AFQAcgBWAEUAMgAzADcATQBWAEcATABSAGIAegBDAGoAdQB5AFYAdABoAC8AdABwAE0AZQBsAHcAMQA3ADkAUABwAHYAdgBPAFcASABoAEcAbgBnAE8AVwByAFUASgAzAFAAUQBRAGoAVQA3AGMAeABMAG4AagAwAGkASwBoAHQAcwBuAHEAaABkADYASABWAHYAbQBBAEMAVABUAFAAegBLAE0AcwB3AFYANABTADMAcgA2AGQASAB2ACsASABiADIAZABOAEIAeQA5AHkANwBMADIAWgAvAEMAZgBJAHIAbgBSAEQAVQBCAFMAdwAzADkARwA4AEQAOABxADgAWQBKADMAMABoAFoARwBQAGgAcgBRAG4AKwBpAHcANwBVAFoASQAxAFcARwBFAHcAUgBmAFEAUwBVAGgAVwA3ADQAcwBWAHAAQgA3ADYAcQBCAC8AYQBRAHEASwBnAFEAdQBaAGQAUQBOADkAcwBoADIAVABKAHYANQA2AEoARwBoADkAbAA4AGQANAA2AFIANwBUADEASgBrAGwAaQBrAHMAQQBMAGcAcwBzAEMARgBFAHcAWgBwAGsALwA0AE0AdABQAFQAQgBxAEgAcgBFAHMAagBBADkAUwA3AHkAUABLAC8AaAB0AFMAdgBwAFYAQgBQAGUAYQBpAFMAYwBpAHgAQwBZAFAAUQA2AEsARgB1AGMAbQBHAGIAMgBaAEEAbwBjAG4AOQB1AHMASQA1AEsANABhAFIAdABEAEsARQBOAHEAMABnAHEASgBIAFcAMABIAHEAbQBPAC8ASwByAGsAeQBvAHQARQBYAEwAKwA3AEsARwBGAFQARwByAHYARgBOAFcAMABhAHAATgA5AGEAZABSAHAAeQBIADIAZQArAEwARQBNAFYARgBxAFoAcgBoAGgAaQA2ADMAdABVAHEAbgBGAHEAWABvAHgAZQBMADMAWQBkAGYAbAAwAEEAQQBBAEEARAA2AEgAWABWAEgATABPAGMAcgBkAGQAaABqAEsALwAxAFkAbABYAEEAMAB5ACsARgAxAFYAaQBKAFkAUwBVAE8AOQBLAHYAYgBEAEwASQBUAGYAcQAwAEwAQgB6AGEAawBRAGwAZQBvAFkAQQBIAEwAdgB0AEEAMgB3AFYAcgBEAE0ATwB2ADUAUQBxAGgAbQBJAEIASwBpAFIAZQA4AEsAQwA5AE0AWQBkADwALwBLAGUAeQBwAGEAaQByAD4APABLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA4ADwALwBLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA8AEMAZQByAHQAPgBNAEkASQBFAEkAVABDAEMAQQArAEMAZwBBAHcASQBCAEEAZwBJAFUAWgBtAGcAZgBHAHgAQwBHAFMAbQBvAGQASQBLAEUAVwBYAFoAUAB5ADIAeQBQAHoAdQBGADgAdwBDAFEAWQBIAEsAbwBaAEkAegBqAGcARQBBAHoAQQBqAE0AUwBFAHcASAB3AFkARABWAFEAUQBEAEUAeABoAFUAYgAyAHQAbABiAGkAQgBUAGEAVwBkAHUAYQBXADUAbgBJAEYAQgAxAFkAbQB4AHAAWQB5AEIATABaAFgAawB3AEgAaABjAE4ATQBUAFUAeABNAEQARQAwAE0AVABBADAATQBEAFUAdwBXAGgAYwBOAE0AVABZAHcATgBEAEUAeABNAFQAQQAwAE0ARABVAHcAVwBqAEEAdABNAFMAcwB3AEsAUQBZAEQAVgBRAFEARABIAGkASQBBAE0AQQBBAHcAQQBEAEUAQQBPAEEAQQAzAEEARQBZAEEAUgBnAEIARgBBAEUARQBBAE8AUQBBAHgAQQBFAFUAQQBRAGcAQQAwAEEARQBRAEEATgBnAEEAQQBNAEkARwBmAE0AQQAwAEcAQwBTAHEARwBTAEkAYgAzAEQAUQBFAEIAQQBRAFUAQQBBADQARwBOAEEARABDAEIAaQBRAEsAQgBnAFEAQwB6AGMAYwBMAGoARABBAGgAbwBCAFUAOQBKAFMAdwBTAHoAVABrADgAZQBTAGYATwBzAGEAegBFAFAAcgBrAC8ASABGAFkAWQB3AFgASQBOAG4AeABIAGEAKwBWADgANgByAG4ASwAyAFQAUwBKAEcARQBDAGQATwA0AHYAaQBEAC8AVQBQAFgAQQA1AFQAagBFADQAbABFAFoAbABFAFEAWgBOAG8AZAA3AGYAVgA0AFEAMgB5AFIARQA4ADEAeQBKAFoANwBRAFkANwAzAEsAZwBkAGwAVABqAEQAUwBZAGIAQgBMAGoAeABJAGEALwB0AFYALwBmAFAAMwBQAFoAdABWAEkAMwBiADIAVgBOAGgARAB6AEUASgBnAGEAZgBoAEcARwBXAFcAcABKAGIAMwBHAHEASABvAHgAagA2ADYAVQA3AEQAWQBGAG0AOAB4AFUAUQBJAEQAQQBRAEEAQgBvADQASQBDAG8ARABDAEMAQQBwAHcAdwBEAGcAWQBEAFYAUgAwAFAAQQBRAEgALwBCAEEAUQBEAEEAZwBXAGcATQBCAE0ARwBBADEAVQBkAEoAUQBRAE0ATQBBAG8ARwBDAEMAcwBHAEEAUQBVAEYAQgB3AE0AQwBNAEkASQBCAC8AdwBZAEQAVgBSADAAZwBCAEkASQBCADkAagBDAEMAQQBmAEkAdwBnAGcASAB1AEIAZwBvAHIAQgBnAEUARQBBAFkASQAzAE0AdwBNAEMATQBJAEkAQgAzAGoAQwBDAEEAZABvAEcAQwBDAHMARwBBAFEAVQBGAEIAdwBJAEMATQBJAEkAQgB6AEIANgBDAEEAYwBnAEEAVABRAEIAcABBAEcATQBBAGMAZwBCAHYAQQBIAE0AQQBiAHcAQgBtAEEASABRAEEASQBBAEIAawBBAEcAOABBAFoAUQBCAHoAQQBDAEEAQQBiAGcAQgB2AEEASABRAEEASQBBAEIAMwBBAEcARQBBAGMAZwBCAHkAQQBHAEUAQQBiAGcAQgAwAEEAQwBBAEEAYgB3AEIAeQBBAEMAQQBBAFkAdwBCAHMAQQBHAEUAQQBhAFEAQgB0AEEAQwBBAEEAZABBAEIAbwBBAEcARQBBAGQAQQBBAGcAQQBIAFEAQQBhAEEAQgBsAEEAQwBBAEEAYQBRAEIAdQBBAEcAWQBBAGIAdwBCAHkAQQBHADAAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEMAQQBBAFoAQQBCAHAAQQBIAE0AQQBjAEEAQgBzAEEARwBFAEEAZQBRAEIAbABBAEcAUQBBAEkAQQBCAHAAQQBHADQAQQBJAEEAQgAwAEEARwBnAEEAYQBRAEIAegBBAEMAQQBBAFkAdwBCAGwAQQBIAEkAQQBkAEEAQgBwAEEARwBZAEEAYQBRAEIAagBBAEcARQBBAGQAQQBCAGwAQQBDAEEAQQBhAFEAQgB6AEEAQwBBAEEAWQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEcARQBBAFkAdwBCAGoAQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAWgBRAEEAcwBBAEMAQQBBAGIAZwBCAHYAQQBIAEkAQQBJAEEAQgBrAEEARwA4AEEAWgBRAEIAegBBAEMAQQBBAGEAUQBCADAAQQBDAEEAQQBiAFEAQgBoAEEARwBzAEEAWgBRAEEAZwBBAEcARQBBAGIAZwBCADUAQQBDAEEAQQBaAGcAQgB2AEEASABJAEEAYgBRAEIAaABBAEcAdwBBAEkAQQBCAHoAQQBIAFEAQQBZAFEAQgAwAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBCAHoAQQBDAEEAQQBZAFEAQgBpAEEARwA4AEEAZABRAEIAMABBAEMAQQBBAGQAQQBCAG8AQQBHAFUAQQBJAEEAQgB4AEEASABVAEEAWQBRAEIAcwBBAEcAawBBAGQAQQBCADUAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYwB3AEIAaABBAEcAWQBBAFoAUQBCADAAQQBIAGsAQQBJAEEAQgB2AEEARwBZAEEASQBBAEIAawBBAEcARQBBAGQAQQBCAGgAQQBDAEEAQQBjAHcAQgBwAEEARwBjAEEAYgBnAEIAbABBAEcAUQBBAEkAQQBCADMAQQBHAGsAQQBkAEEAQgBvAEEAQwBBAEEAZABBAEIAbwBBAEcAVQBBAEkAQQBCAGoAQQBHADgAQQBjAGcAQgB5AEEARwBVAEEAYwB3AEIAdwBBAEcAOABBAGIAZwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwBBAEEAYwBBAEIAeQBBAEcAawBBAGQAZwBCAGgAQQBIAFEAQQBaAFEAQQBnAEEARwBzAEEAWgBRAEIANQBBAEMANAB3AFUAdwBZAEQAVgBSADAAagBCAEUAdwB3AFMAbwBBAFUAYQBJAFMAbwBsAG8AVgBsAGsAVgAvAFAANABKAEcAawBnAFUARwBqAGcAegBqAHIAVgBTAEMAaABKADYAUQBsAE0AQwBNAHgASQBUAEEAZgBCAGcATgBWAEIAQQBNAFQARwBGAFIAdgBhADIAVgB1AEkARgBOAHAAWgAyADUAcABiAG0AYwBnAFUASABWAGkAYgBHAGwAagBJAEUAdABsAGUAWQBJAEoAQQBLAHMAKwBGAFMAdwBrAHkAZQBjAGgATQBCADAARwBBADEAVQBkAEQAZwBRAFcAQgBCAFQAeQBjAGYAcgBhAGsATABxAGkAVgAxADQAbABVACsAMgAxAFcARwBWAHQAcQB2AGgAagArAFQAQQBKAEIAZwBjAHEAaABrAGoATwBPAEEAUQBEAEEAegBBAEEATQBDADAAQwBGAEcAegB5AGgAZQB2AHgAYgBNAEoAZQBHADgANwByAFcAZABaAFkAagBuAHQAMwA0AG0AZwBwAEEAaABVAEEAdQByAGkAMQAyAHMAUQBqAFcATwBuAHEASQBxAG8AUABoAHEAcgBWAGMAMABqAGQAQgBIAEEAMQA8AC8AQwBlAHIAdAA+ADwARQB4AHAAaQByAGUAZABUAGkAbQBlAD4AMgAwADEANgAtADAANAAtADEAMQBUADEAMAA6ADQANQA6ADUAMAA8AC8ARQB4AHAAaQByAGUAZABUAGkAbQBlAD4APAAvAEMAZQByAHQASQBuAGYAbwA+AA==</Certificate><Pwd Det=\"true\">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAOhqL7Wgi2UW4vXUsKEfOKwQAAAACAAAAAAAQZgAAAAEAACAAAAAm/VdzmYB5/EnWsbjAjZV11GsmgVzICRrmxLLHhYzgbgAAAAAOgAAAAAIAACAAAAA3A3nD3FFnIpzY+i6Zi1inAkR70cSeO/zUTGDSyVYNC0AAAAAp3zdUqked6ag31/V0aQpEikh1z7TOa8I/5iYCETC32be0VxE9lk83i5DMsycpBaKy/zh0EptWTmggwIdRLQtQQAAAALMG8mUNNBz8dFGrIHq89p0I9knqmraLqjGiWW5zx9gQ/WL3XPM1IvYw6t5Ln1WL5aoiZMIOJtAsjgeOwWmv6RA=</Pwd></User></Data>


[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-115903190-4080511109-3081035828-1000\02srxlojikzr]
"DeviceId"="<Data><User username=\"02SRXLOJIKZR\"><Pwd Det=\"false\">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAOhqL7Wgi2UW4vXUsKEfOKwQAAAACAAAAAAAQZgAAAAEAACAAAACR4Zn1qiEXYMW3gyROD+UGlAZy8CIxXEgAscZgkf+0HQAAAAAOgAAAAAIAACAAAAAMwW/rx7LIk6ORdSk0HwWhDpzme5AbCUgScWp3xjrDPzAAAAARFrNwDIXLtcJyR5cG8yryAk5EC03AdawGYuahid36mjCplYdWPQk+kV4pZdMsi8pAAAAAtsx3q6bmlxY8mlRI7FsoqVoKx/tWoOo8uDj9NoBkJpl2Q/9jMq0awTAFWXP+oSiymCBJCX4hO6Qe9BIDRckljw==</Pwd><Certificate targetname=\"WindowsLive:(cert):name=02srxlojikzr;serviceuri=msn-messenger-didc\" keyword=\"Microsoft_WindowsLive:certificate:\" type=\"1\">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEATwBoAHEATAA3AFcAZwBpADIAVQBXADQAdgBYAFUAcwBLAEUAZgBPAEsAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEAOAAzAHEARQBUAG0ALwBrAHEANQBsAFkARABHADQAWQBrAHQAeQB6AHMAZwB0AGsAVgBVAHcASQBOAHYANwBIAGEAbwBSAEYAaQBSADEAWQBCAFYAUQBBAEEAQQBBAEEATwBnAEEAQQBBAEEAQQBJAEEAQQBDAEEAQQBBAEEARABUAFoAWgBhAEcAegBDAEkAWQA5AEkANwB0AG8ANQBVADMAegBwAGYAQwAyAGwAQwBLAEcAbABFAEkAcQBUAEcARQAzAGwANwBzAFcATAB6AFEAKwBHAEEAQwBBAEEAQwBUAHEAawBoAGEAagBFAHEATwBjAE8AawBoAFgAUABKAE4AWgBvAFQAZABiAFcAbgBMAFYAdABHADEANAByAFAAMQBRAEwARgBrAGkAVwAzAGQANgBlAEQAWQBwAE0AUABNADEAVABPAFoATQB4AHEAUwB4AHUAagA0AG0AYgBuADIARABJAFgAVAArAEkAVwBrAGkAOQBmAHAATgBiAGMAeQA1AGkAUQBpAE0AVwBaAE4ARABRADUAUQBBAFkATwBHAFAAcQBOAHMATQBlAEoAcABzADQAcABSAE8AZgBPAFYAbwBJAG8AUABvAGsALwBsAGwAQwBUAGwAVgA5ADMAKwBIADIAaQBRAEgATABXAHoASQA1AGMAZQBCAG8ANQBNAGEAUABmAEQAegB0AGgASABzAFMAQwBGAFUAZgAzAEgANgBmAHYATQBNAFIAegB3AFIAcQBYAHIAQgBWAHkAMwB0AFgALwBaAE0AZABjAFYAaQAvAFUAWgBtAEUAZwBTAEEARABKAHkAVwBEAGYAYQBSAHcAcABMADYAcABFAG4AQQArAFMAdQBYAG4ARQBaAFkAcgB5AFkAMQBKAGIAMgBLAGIAVABhAGkAOQBDAHQANwBrAFYANABaAEYAdwBpAGwAcQBwAEMAZgAwAHEAMgBaAE8ARQBPAFIAdwBhAGcANABMAEkAMQBXAEwAZQAwADQASgBOAGkAOQBlAEcALwBLAGoATwBLADkAQQBIAEUAYQArAEYAQgBKAHMAbQB3AGwAQQBsAEQAYwBkAHQAZABmAGEAQgBSAHIARgBuAGIAbgBrAHAAZABFAE4ANQBsAEEAWQBhAEYALwBPAGEARABnAEIALwBQAGkAWAAyAGsAQgBnAEoAWgB6AHAAbwBQAGMAaQBPAGMAMABhADYAaAA3ACsAYwBOAGQAaQBxAFQAagBVAEMAYwB0AFMAbAB1AFkAdQBKAG0AZwA0AEsARgBYAHEAVAAyAEQAcgB1AFcAKwBWAEgAQwBPAC8AOQBOAGgANQB1AHQATAB4AHQAMQBoAGkAcABoAFgAYQBvAHkAcwBsAFMATwBPAG8ARAAyADUAUQBxAE0AUABsAHQAKwAzADIANgBnAEwAaABaAEEAKwBvAFoARwBwAGUARABqAHcAMQA2AC8ANQAvADkAMQBEAHgAUQBpADAAbABLAGUANgBpAEsAQgAxAHAAeABGAEcAUwAxAE0AYQBqAEYAdQBQAFoARwB2AHAAVABwAEQANABkAFYAUgA3AGsAcwBRAEQAMQBLAGgANQBkAGcAWgBzADIASwBXAEgAcwBVAHkAbAA1AHEAMgA3AEEANQBiAGoANABlAG8AbwBUAFgAcwBVADQAaABvAEEARABwAEkAaQBGAGEAWQAzAEIAWgBXAEQATQBZAFoASQBZAGYAcgA4AHYATABQAHEANQBnAE0AaAAvAGEAcgA5AHcAMwBpAGsAMQBWAC8AVABWADAANgBIAHUAeAB0AGkARwBHAFUAMABLADAAZwA3AFEAZgBPAFUAVABGAE0ARQAyAFcARgBaAHEAYQBsAGEAZwBHADgAVAA0AEIAMABMAEUASABTAHUAdABNAFUAagA5AFAAbwBnAEcASgBDACsAcQBOADkAUABkADIANABOAHoAMQBjAEsAOQBrAFgAUQB6AEIASgAyAGoATwB1ADgAaABBADcAVgByAEEAagBLADkAMwBtAFUAVwBTADUAcwBCADIAcABHAE8AaQAyAHEASwBXAEgASwBhAGsAYwBKAGgAMwBKADgARABhAGQAaQAvAGcAZQBOAHoARgBDAHEAeQByAE4AZABtAGYAVAAxADQAYQBpADkAUgBXAHMAdQBkAHMAdABTAFAARwA5AHkAWQB4AEkAUwA0AHQAMQBvAGwAVgBxAGEASQBDAGUALwB0AGwAQwA2AGoARwBkAE4AYgBmAEIAaABMAHAAYgBnAE0AbgBZAHoAZQBFAEUAbABWAFYANABkAFkANQA1AEQAMgBhADQAcwAzADgANQAyAE4AYgBaAGEARQBxAEUAZwAzAHAAVwBHADUAcgBZAHoAbQA3ADIAKwBzADQAWgB0AFkARAB0AGUAeAB1AEgASQB3AFgAWAB2ADEASABpADgAZwBUAGQAVwBFAEEAQQBBAEEARABCAGcAMABrAHMANwBJADkAaAAzAFcAOABiAGgATABZAGIAdwBwAE8AegBDAHcASwA4AFYAZQBJAHAAeQBYAG4ANQBqAHYAcgBnAHYAZwBjAFMAbwBoAEUAUQBxADYAWgBwAHgALwBYAGEAQgBoAEYAQwBxAE8ASgBJAFQAMQAvAGYAVwA0AFIAYgBIAEcAagBnAEUAQgBYAHQAegBHAGUAUQBsAGMAVQBXADwALwBLAGUAeQBwAGEAaQByAD4APABLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA4ADwALwBLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA8AEMAZQByAHQAPgBNAEkASQBFAEkARABDAEMAQQArAEMAZwBBAHcASQBCAEEAZwBJAFUAMABSAHcAVQBzAGIAdwBNAEEAUgBpAE4AWABPAG0AcQA5AEEATQBhAGwAcQBUAFoATABOAGsAdwBDAFEAWQBIAEsAbwBaAEkAegBqAGcARQBBAHoAQQBqAE0AUwBFAHcASAB3AFkARABWAFEAUQBEAEUAeABoAFUAYgAyAHQAbABiAGkAQgBUAGEAVwBkAHUAYQBXADUAbgBJAEYAQgAxAFkAbQB4AHAAWQB5AEIATABaAFgAawB3AEgAaABjAE4ATQBUAFUAeABNAEQARQAwAE0AVABFAHcATQB6AEkAeQBXAGgAYwBOAE0AVABZAHcATgBEAEUAeABNAFQARQB3AE0AegBJAHkAVwBqAEEAdABNAFMAcwB3AEsAUQBZAEQAVgBRAFEARABIAGkASQBBAE0AQQBBAHcAQQBEAEUAQQBPAEEAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAYwBBAE0AZwBBADEAQQBFAFEAQQBRAHcAQQB5AEEARABnAEEAUgBnAEEAQQBNAEkARwBmAE0AQQAwAEcAQwBTAHEARwBTAEkAYgAzAEQAUQBFAEIAQQBRAFUAQQBBADQARwBOAEEARABDAEIAaQBRAEsAQgBnAFEARABTADMASABoAEsAOQAzAEYAQwBlAFoAQQArAEYATABvADUAUgB3ADQASABFAEwAMAAyAFcARgBYADgAbABsAHgAYgB3AGcASgAvAEMAcwBvAEMAcwB0AHIAZABmAEkAbgAzAEUARABUAFIAUQBSAGEANgBBADgAUABlADgAUABrAEIASABUAGYAbgBpAGEAOQBqAFgAQgBCAHAAVgBWAHAARgB3ADMAMgBVAEwAUQBJAE0AdABLAE0AMwB4AEYAWgA2AHkAeABLAEMANwBaAEYAbABOAEUAcgBZAGMASQBFAGoARgA2ADUANABaAEgAYwByADYAdwB3AFgAWAArADkAbgA3ADEAOQBTADUAMwBXAEwAZgB3AEEAdABvAEsAZABWAEUAOQAzAHEARQBJAHUAeABTADQAVgBzAE0ATgBYADIARgBLACsAegA0AFIAdQB2ADMAUQBJAEQAQQBRAEEAQgBvADQASQBDAG8ARABDAEMAQQBwAHcAdwBEAGcAWQBEAFYAUgAwAFAAQQBRAEgALwBCAEEAUQBEAEEAZwBXAGcATQBCAE0ARwBBADEAVQBkAEoAUQBRAE0ATQBBAG8ARwBDAEMAcwBHAEEAUQBVAEYAQgB3AE0AQwBNAEkASQBCAC8AdwBZAEQAVgBSADAAZwBCAEkASQBCADkAagBDAEMAQQBmAEkAdwBnAGcASAB1AEIAZwBvAHIAQgBnAEUARQBBAFkASQAzAE0AdwBNAEMATQBJAEkAQgAzAGoAQwBDAEEAZABvAEcAQwBDAHMARwBBAFEAVQBGAEIAdwBJAEMATQBJAEkAQgB6AEIANgBDAEEAYwBnAEEAVABRAEIAcABBAEcATQBBAGMAZwBCAHYAQQBIAE0AQQBiAHcAQgBtAEEASABRAEEASQBBAEIAawBBAEcAOABBAFoAUQBCAHoAQQBDAEEAQQBiAGcAQgB2AEEASABRAEEASQBBAEIAMwBBAEcARQBBAGMAZwBCAHkAQQBHAEUAQQBiAGcAQgAwAEEAQwBBAEEAYgB3AEIAeQBBAEMAQQBBAFkAdwBCAHMAQQBHAEUAQQBhAFEAQgB0AEEAQwBBAEEAZABBAEIAbwBBAEcARQBBAGQAQQBBAGcAQQBIAFEAQQBhAEEAQgBsAEEAQwBBAEEAYQBRAEIAdQBBAEcAWQBBAGIAdwBCAHkAQQBHADAAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEMAQQBBAFoAQQBCAHAAQQBIAE0AQQBjAEEAQgBzAEEARwBFAEEAZQBRAEIAbABBAEcAUQBBAEkAQQBCAHAAQQBHADQAQQBJAEEAQgAwAEEARwBnAEEAYQBRAEIAegBBAEMAQQBBAFkAdwBCAGwAQQBIAEkAQQBkAEEAQgBwAEEARwBZAEEAYQBRAEIAagBBAEcARQBBAGQAQQBCAGwAQQBDAEEAQQBhAFEAQgB6AEEAQwBBAEEAWQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEcARQBBAFkAdwBCAGoAQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAWgBRAEEAcwBBAEMAQQBBAGIAZwBCAHYAQQBIAEkAQQBJAEEAQgBrAEEARwA4AEEAWgBRAEIAegBBAEMAQQBBAGEAUQBCADAAQQBDAEEAQQBiAFEAQgBoAEEARwBzAEEAWgBRAEEAZwBBAEcARQBBAGIAZwBCADUAQQBDAEEAQQBaAGcAQgB2AEEASABJAEEAYgBRAEIAaABBAEcAdwBBAEkAQQBCAHoAQQBIAFEAQQBZAFEAQgAwAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBCAHoAQQBDAEEAQQBZAFEAQgBpAEEARwA4AEEAZABRAEIAMABBAEMAQQBBAGQAQQBCAG8AQQBHAFUAQQBJAEEAQgB4AEEASABVAEEAWQBRAEIAcwBBAEcAawBBAGQAQQBCADUAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYwB3AEIAaABBAEcAWQBBAFoAUQBCADAAQQBIAGsAQQBJAEEAQgB2AEEARwBZAEEASQBBAEIAawBBAEcARQBBAGQAQQBCAGgAQQBDAEEAQQBjAHcAQgBwAEEARwBjAEEAYgBnAEIAbABBAEcAUQBBAEkAQQBCADMAQQBHAGsAQQBkAEEAQgBvAEEAQwBBAEEAZABBAEIAbwBBAEcAVQBBAEkAQQBCAGoAQQBHADgAQQBjAGcAQgB5AEEARwBVAEEAYwB3AEIAdwBBAEcAOABBAGIAZwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwBBAEEAYwBBAEIAeQBBAEcAawBBAGQAZwBCAGgAQQBIAFEAQQBaAFEAQQBnAEEARwBzAEEAWgBRAEIANQBBAEMANAB3AFUAdwBZAEQAVgBSADAAagBCAEUAdwB3AFMAbwBBAFUAYQBJAFMAbwBsAG8AVgBsAGsAVgAvAFAANABKAEcAawBnAFUARwBqAGcAegBqAHIAVgBTAEMAaABKADYAUQBsAE0AQwBNAHgASQBUAEEAZgBCAGcATgBWAEIAQQBNAFQARwBGAFIAdgBhADIAVgB1AEkARgBOAHAAWgAyADUAcABiAG0AYwBnAFUASABWAGkAYgBHAGwAagBJAEUAdABsAGUAWQBJAEoAQQBLAHMAKwBGAFMAdwBrAHkAZQBjAGgATQBCADAARwBBADEAVQBkAEQAZwBRAFcAQgBCAFEAdQBiAFUAagBHAHQAdgBzAEwAaQBPAEEAVgBkAHoAdgBNAHEAaQBIAEIARgBXADIAZQBXAGoAQQBKAEIAZwBjAHEAaABrAGoATwBPAEEAUQBEAEEAeQA4AEEATQBDAHcAQwBGAEcAbwBOAEgAagBZAE4ARQBXAHgAUABOAEkASABsAGIAUQA4AC8ARwBnAFEAdQAzADQAZgBaAEEAaABSAEkAdQBPAHAAMABiAEYAYQA2ADAANQBxAHUAbwBiAGQAUgBiAFkAaQBDAEcAbQA1AFcARgB6AFUAeQA8AC8AQwBlAHIAdAA+ADwARQB4AHAAaQByAGUAZABUAGkAbQBlAD4AMgAwADEANgAtADAANAAtADEAMQBUADEAMQA6ADAAOAA6ADIAMQA8AC8ARQB4AHAAaQByAGUAZABUAGkAbQBlAD4APAAvAEMAZQByAHQASQBuAGYAbwA+AA==</Certificate></User></Data>


[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\PhysicalDeviceID\01bGLoruNiH4wKXcJciMz5MQ]
"DeviceId"="<Data><User username=\"01BGLORUNIH4WKXCJCIMZ5MQ\"><Certificate targetname=\"WindowsLive:(cert):name=01bglorunih4wkxcjcimz5mq;serviceuri=msn-messenger-didc\" keyword=\"Microsoft_WindowsLive:certificate:\" type=\"1\">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEATwBoAHEATAA3AFcAZwBpADIAVQBXADQAdgBYAFUAcwBLAEUAZgBPAEsAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEANwBjAFAAcABnAGoASwBnADMAKwAzAEMASABLAHIAcgBMAFkAZQBYAHoAYwBHAFkATgBHADIAeQA3AE8AMQA1AHkANwBZAGwAQQBKAHQAbQBuADUAZwBBAEEAQQBBAEEATwBnAEEAQQBBAEEAQQBJAEEAQQBDAEEAQQBBAEEARABRADEATQBrAEQAKwAxAEUAVQBXAGYARwBxAEUAOAB0ADEAOQAyAEYAQgBnAFMARgBqADEAQQBoAFMAWgBRAEEAcwBFADYAVQB4AEMAZgB2AEoAeABXAEEAQwBBAEEAQgBxAHAAbgA3AGUAdgBCAFEARgA3AHEANwBTAEcAbQB5AEwAagBTAEgAZQBDADIASQBqAHgANgBpAFIAbQBIAHIAOQB5AHYANQBIADgAVQB5AEUAWQBCAHUAZwB3AFIASwBqAE4AOABCAHQANgBwAE4AdABpAFIAMABFAGwAdQA1AGkAUAAwAGwAbwB1AGgAMQBUAFQAZAA2AGUAMgBqAG8AZwBCAGcAeABiAGsAQgBWAGwANQBqAGgAYgA3AGQARABsAGMARAAwAHgAZQBlAHQAagByADEAZQBKAGcAWQBkAFUAUgBxAFgARABLADAAOAB1AHEAMwBsAEYATwB4AFgAUgBDAGkAVwBBAHEASwB5AEsARABjAGUAagBYADMAegBvAGMAcAAvAFcASQBFAHoARQBnAEQAagAzAFkAYwA0AE4AVwBIAEQARQBJAHMARQBxAFYAcwBtADkAeQAxAEYAZABhAGEAZwBWAGQAegBVADAARwBzAGYARAAyADIAUQBKAFUATABDAFAAUgB6ADMAUQB3ADkATABaAHkAaQBSAEYAZgBMAE0AeABKAEQAZQBuAHEAYQBTADYASQA0AHMATABIAGUAUABRAEYAKwBwAFYAOQBrAHMAZQBFAEoAUQBPAFoAaABVADEAcgBHAEkAcgBBAG0AbgB1ADAAMAByAFMAUQBjAFMAeQBxAHgAMQBwAFYAcQAxAFMALwArAHkARABBACsAMgBTAHcAeQA1AE8AMABoAGYATQBjAHkATwBXAEMAcABJADgANQBBADMAVABsAGIAYwBaAFcAUQB4AGgAbwA2AGQAbwBVADMAcAB2ADAARQArAGYAVABUACsAZgBNAEQAcgBwAE0AdgByAEYARQBUAE0AbwBKAEkAWAAyAGQAdwA2ADEARgB5AHoAWABiAFEAaAA2ADEAMQBoAHkAagAxAFEARwB5AGwAWgBIAHUAbwBQAGIAZgBFAE4AZgBTAHIARAArAFoAcwA1AEQALwBxAFMARQA4AGcAZABjAFEAeABDAGgAdABaADQAVgBCAFcAZwBEAEEAMgBIAEsANwB4ADcAQwBXAEkAMABoAHYAOQBtAFoANgBYAGMAdQA2AGkATQBDAEMAdABoACsAcgBoADAAcABjAEoAaABsAHMASQBMAG4AWgBPAGMAaABEAFkANAA0AFQAcgBWAEUAMgAzADcATQBWAEcATABSAGIAegBDAGoAdQB5AFYAdABoAC8AdABwAE0AZQBsAHcAMQA3ADkAUABwAHYAdgBPAFcASABoAEcAbgBnAE8AVwByAFUASgAzAFAAUQBRAGoAVQA3AGMAeABMAG4AagAwAGkASwBoAHQAcwBuAHEAaABkADYASABWAHYAbQBBAEMAVABUAFAAegBLAE0AcwB3AFYANABTADMAcgA2AGQASAB2ACsASABiADIAZABOAEIAeQA5AHkANwBMADIAWgAvAEMAZgBJAHIAbgBSAEQAVQBCAFMAdwAzADkARwA4AEQAOABxADgAWQBKADMAMABoAFoARwBQAGgAcgBRAG4AKwBpAHcANwBVAFoASQAxAFcARwBFAHcAUgBmAFEAUwBVAGgAVwA3ADQAcwBWAHAAQgA3ADYAcQBCAC8AYQBRAHEASwBnAFEAdQBaAGQAUQBOADkAcwBoADIAVABKAHYANQA2AEoARwBoADkAbAA4AGQANAA2AFIANwBUADEASgBrAGwAaQBrAHMAQQBMAGcAcwBzAEMARgBFAHcAWgBwAGsALwA0AE0AdABQAFQAQgBxAEgAcgBFAHMAagBBADkAUwA3AHkAUABLAC8AaAB0AFMAdgBwAFYAQgBQAGUAYQBpAFMAYwBpAHgAQwBZAFAAUQA2AEsARgB1AGMAbQBHAGIAMgBaAEEAbwBjAG4AOQB1AHMASQA1AEsANABhAFIAdABEAEsARQBOAHEAMABnAHEASgBIAFcAMABIAHEAbQBPAC8ASwByAGsAeQBvAHQARQBYAEwAKwA3AEsARwBGAFQARwByAHYARgBOAFcAMABhAHAATgA5AGEAZABSAHAAeQBIADIAZQArAEwARQBNAFYARgBxAFoAcgBoAGgAaQA2ADMAdABVAHEAbgBGAHEAWABvAHgAZQBMADMAWQBkAGYAbAAwAEEAQQBBAEEARAA2AEgAWABWAEgATABPAGMAcgBkAGQAaABqAEsALwAxAFkAbABYAEEAMAB5ACsARgAxAFYAaQBKAFkAUwBVAE8AOQBLAHYAYgBEAEwASQBUAGYAcQAwAEwAQgB6AGEAawBRAGwAZQBvAFkAQQBIAEwAdgB0AEEAMgB3AFYAcgBEAE0ATwB2ADUAUQBxAGgAbQBJAEIASwBpAFIAZQA4AEsAQwA5AE0AWQBkADwALwBLAGUAeQBwAGEAaQByAD4APABLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA4ADwALwBLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA8AEMAZQByAHQAPgBNAEkASQBFAEkAVABDAEMAQQArAEMAZwBBAHcASQBCAEEAZwBJAFUAWgBtAGcAZgBHAHgAQwBHAFMAbQBvAGQASQBLAEUAVwBYAFoAUAB5ADIAeQBQAHoAdQBGADgAdwBDAFEAWQBIAEsAbwBaAEkAegBqAGcARQBBAHoAQQBqAE0AUwBFAHcASAB3AFkARABWAFEAUQBEAEUAeABoAFUAYgAyAHQAbABiAGkAQgBUAGEAVwBkAHUAYQBXADUAbgBJAEYAQgAxAFkAbQB4AHAAWQB5AEIATABaAFgAawB3AEgAaABjAE4ATQBUAFUAeABNAEQARQAwAE0AVABBADAATQBEAFUAdwBXAGgAYwBOAE0AVABZAHcATgBEAEUAeABNAFQAQQAwAE0ARABVAHcAVwBqAEEAdABNAFMAcwB3AEsAUQBZAEQAVgBRAFEARABIAGkASQBBAE0AQQBBAHcAQQBEAEUAQQBPAEEAQQAzAEEARQBZAEEAUgBnAEIARgBBAEUARQBBAE8AUQBBAHgAQQBFAFUAQQBRAGcAQQAwAEEARQBRAEEATgBnAEEAQQBNAEkARwBmAE0AQQAwAEcAQwBTAHEARwBTAEkAYgAzAEQAUQBFAEIAQQBRAFUAQQBBADQARwBOAEEARABDAEIAaQBRAEsAQgBnAFEAQwB6AGMAYwBMAGoARABBAGgAbwBCAFUAOQBKAFMAdwBTAHoAVABrADgAZQBTAGYATwBzAGEAegBFAFAAcgBrAC8ASABGAFkAWQB3AFgASQBOAG4AeABIAGEAKwBWADgANgByAG4ASwAyAFQAUwBKAEcARQBDAGQATwA0AHYAaQBEAC8AVQBQAFgAQQA1AFQAagBFADQAbABFAFoAbABFAFEAWgBOAG8AZAA3AGYAVgA0AFEAMgB5AFIARQA4ADEAeQBKAFoANwBRAFkANwAzAEsAZwBkAGwAVABqAEQAUwBZAGIAQgBMAGoAeABJAGEALwB0AFYALwBmAFAAMwBQAFoAdABWAEkAMwBiADIAVgBOAGgARAB6AEUASgBnAGEAZgBoAEcARwBXAFcAcABKAGIAMwBHAHEASABvAHgAagA2ADYAVQA3AEQAWQBGAG0AOAB4AFUAUQBJAEQAQQBRAEEAQgBvADQASQBDAG8ARABDAEMAQQBwAHcAdwBEAGcAWQBEAFYAUgAwAFAAQQBRAEgALwBCAEEAUQBEAEEAZwBXAGcATQBCAE0ARwBBADEAVQBkAEoAUQBRAE0ATQBBAG8ARwBDAEMAcwBHAEEAUQBVAEYAQgB3AE0AQwBNAEkASQBCAC8AdwBZAEQAVgBSADAAZwBCAEkASQBCADkAagBDAEMAQQBmAEkAdwBnAGcASAB1AEIAZwBvAHIAQgBnAEUARQBBAFkASQAzAE0AdwBNAEMATQBJAEkAQgAzAGoAQwBDAEEAZABvAEcAQwBDAHMARwBBAFEAVQBGAEIAdwBJAEMATQBJAEkAQgB6AEIANgBDAEEAYwBnAEEAVABRAEIAcABBAEcATQBBAGMAZwBCAHYAQQBIAE0AQQBiAHcAQgBtAEEASABRAEEASQBBAEIAawBBAEcAOABBAFoAUQBCAHoAQQBDAEEAQQBiAGcAQgB2AEEASABRAEEASQBBAEIAMwBBAEcARQBBAGMAZwBCAHkAQQBHAEUAQQBiAGcAQgAwAEEAQwBBAEEAYgB3AEIAeQBBAEMAQQBBAFkAdwBCAHMAQQBHAEUAQQBhAFEAQgB0AEEAQwBBAEEAZABBAEIAbwBBAEcARQBBAGQAQQBBAGcAQQBIAFEAQQBhAEEAQgBsAEEAQwBBAEEAYQBRAEIAdQBBAEcAWQBBAGIAdwBCAHkAQQBHADAAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEMAQQBBAFoAQQBCAHAAQQBIAE0AQQBjAEEAQgBzAEEARwBFAEEAZQBRAEIAbABBAEcAUQBBAEkAQQBCAHAAQQBHADQAQQBJAEEAQgAwAEEARwBnAEEAYQBRAEIAegBBAEMAQQBBAFkAdwBCAGwAQQBIAEkAQQBkAEEAQgBwAEEARwBZAEEAYQBRAEIAagBBAEcARQBBAGQAQQBCAGwAQQBDAEEAQQBhAFEAQgB6AEEAQwBBAEEAWQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEcARQBBAFkAdwBCAGoAQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAWgBRAEEAcwBBAEMAQQBBAGIAZwBCAHYAQQBIAEkAQQBJAEEAQgBrAEEARwA4AEEAWgBRAEIAegBBAEMAQQBBAGEAUQBCADAAQQBDAEEAQQBiAFEAQgBoAEEARwBzAEEAWgBRAEEAZwBBAEcARQBBAGIAZwBCADUAQQBDAEEAQQBaAGcAQgB2AEEASABJAEEAYgBRAEIAaABBAEcAdwBBAEkAQQBCAHoAQQBIAFEAQQBZAFEAQgAwAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBCAHoAQQBDAEEAQQBZAFEAQgBpAEEARwA4AEEAZABRAEIAMABBAEMAQQBBAGQAQQBCAG8AQQBHAFUAQQBJAEEAQgB4AEEASABVAEEAWQBRAEIAcwBBAEcAawBBAGQAQQBCADUAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYwB3AEIAaABBAEcAWQBBAFoAUQBCADAAQQBIAGsAQQBJAEEAQgB2AEEARwBZAEEASQBBAEIAawBBAEcARQBBAGQAQQBCAGgAQQBDAEEAQQBjAHcAQgBwAEEARwBjAEEAYgBnAEIAbABBAEcAUQBBAEkAQQBCADMAQQBHAGsAQQBkAEEAQgBvAEEAQwBBAEEAZABBAEIAbwBBAEcAVQBBAEkAQQBCAGoAQQBHADgAQQBjAGcAQgB5AEEARwBVAEEAYwB3AEIAdwBBAEcAOABBAGIAZwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwBBAEEAYwBBAEIAeQBBAEcAawBBAGQAZwBCAGgAQQBIAFEAQQBaAFEAQQBnAEEARwBzAEEAWgBRAEIANQBBAEMANAB3AFUAdwBZAEQAVgBSADAAagBCAEUAdwB3AFMAbwBBAFUAYQBJAFMAbwBsAG8AVgBsAGsAVgAvAFAANABKAEcAawBnAFUARwBqAGcAegBqAHIAVgBTAEMAaABKADYAUQBsAE0AQwBNAHgASQBUAEEAZgBCAGcATgBWAEIAQQBNAFQARwBGAFIAdgBhADIAVgB1AEkARgBOAHAAWgAyADUAcABiAG0AYwBnAFUASABWAGkAYgBHAGwAagBJAEUAdABsAGUAWQBJAEoAQQBLAHMAKwBGAFMAdwBrAHkAZQBjAGgATQBCADAARwBBADEAVQBkAEQAZwBRAFcAQgBCAFQAeQBjAGYAcgBhAGsATABxAGkAVgAxADQAbABVACsAMgAxAFcARwBWAHQAcQB2AGgAagArAFQAQQBKAEIAZwBjAHEAaABrAGoATwBPAEEAUQBEAEEAegBBAEEATQBDADAAQwBGAEcAegB5AGgAZQB2AHgAYgBNAEoAZQBHADgANwByAFcAZABaAFkAagBuAHQAMwA0AG0AZwBwAEEAaABVAEEAdQByAGkAMQAyAHMAUQBqAFcATwBuAHEASQBxAG8AUABoAHEAcgBWAGMAMABqAGQAQgBIAEEAMQA8AC8AQwBlAHIAdAA+ADwARQB4AHAAaQByAGUAZABUAGkAbQBlAD4AMgAwADEANgAtADAANAAtADEAMQBUADEAMAA6ADQANQA6ADUAMAA8AC8ARQB4AHAAaQByAGUAZABUAGkAbQBlAD4APAAvAEMAZQByAHQASQBuAGYAbwA+AA==</Certificate><Pwd Det=\"true\">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAOhqL7Wgi2UW4vXUsKEfOKwQAAAACAAAAAAAQZgAAAAEAACAAAAAm/VdzmYB5/EnWsbjAjZV11GsmgVzICRrmxLLHhYzgbgAAAAAOgAAAAAIAACAAAAA3A3nD3FFnIpzY+i6Zi1inAkR70cSeO/zUTGDSyVYNC0AAAAAp3zdUqked6ag31/V0aQpEikh1z7TOa8I/5iYCETC32be0VxE9lk83i5DMsycpBaKy/zh0EptWTmggwIdRLQtQQAAAALMG8mUNNBz8dFGrIHq89p0I9knqmraLqjGiWW5zx9gQ/WL3XPM1IvYw6t5Ln1WL5aoiZMIOJtAsjgeOwWmv6RA=</Pwd></User></Data>


[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-115903190-4080511109-3081035828-1000\02srxlojikzr]
"DeviceId"="<Data><User username=\"02SRXLOJIKZR\"><Pwd Det=\"false\">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAOhqL7Wgi2UW4vXUsKEfOKwQAAAACAAAAAAAQZgAAAAEAACAAAACR4Zn1qiEXYMW3gyROD+UGlAZy8CIxXEgAscZgkf+0HQAAAAAOgAAAAAIAACAAAAAMwW/rx7LIk6ORdSk0HwWhDpzme5AbCUgScWp3xjrDPzAAAAARFrNwDIXLtcJyR5cG8yryAk5EC03AdawGYuahid36mjCplYdWPQk+kV4pZdMsi8pAAAAAtsx3q6bmlxY8mlRI7FsoqVoKx/tWoOo8uDj9NoBkJpl2Q/9jMq0awTAFWXP+oSiymCBJCX4hO6Qe9BIDRckljw==</Pwd><Certificate targetname=\"WindowsLive:(cert):name=02srxlojikzr;serviceuri=msn-messenger-didc\" keyword=\"Microsoft_WindowsLive:certificate:\" type=\"1\">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEATwBoAHEATAA3AFcAZwBpADIAVQBXADQAdgBYAFUAcwBLAEUAZgBPAEsAdwBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEAOAAzAHEARQBUAG0ALwBrAHEANQBsAFkARABHADQAWQBrAHQAeQB6AHMAZwB0AGsAVgBVAHcASQBOAHYANwBIAGEAbwBSAEYAaQBSADEAWQBCAFYAUQBBAEEAQQBBAEEATwBnAEEAQQBBAEEAQQBJAEEAQQBDAEEAQQBBAEEARABUAFoAWgBhAEcAegBDAEkAWQA5AEkANwB0AG8ANQBVADMAegBwAGYAQwAyAGwAQwBLAEcAbABFAEkAcQBUAEcARQAzAGwANwBzAFcATAB6AFEAKwBHAEEAQwBBAEEAQwBUAHEAawBoAGEAagBFAHEATwBjAE8AawBoAFgAUABKAE4AWgBvAFQAZABiAFcAbgBMAFYAdABHADEANAByAFAAMQBRAEwARgBrAGkAVwAzAGQANgBlAEQAWQBwAE0AUABNADEAVABPAFoATQB4AHEAUwB4AHUAagA0AG0AYgBuADIARABJAFgAVAArAEkAVwBrAGkAOQBmAHAATgBiAGMAeQA1AGkAUQBpAE0AVwBaAE4ARABRADUAUQBBAFkATwBHAFAAcQBOAHMATQBlAEoAcABzADQAcABSAE8AZgBPAFYAbwBJAG8AUABvAGsALwBsAGwAQwBUAGwAVgA5ADMAKwBIADIAaQBRAEgATABXAHoASQA1AGMAZQBCAG8ANQBNAGEAUABmAEQAegB0AGgASABzAFMAQwBGAFUAZgAzAEgANgBmAHYATQBNAFIAegB3AFIAcQBYAHIAQgBWAHkAMwB0AFgALwBaAE0AZABjAFYAaQAvAFUAWgBtAEUAZwBTAEEARABKAHkAVwBEAGYAYQBSAHcAcABMADYAcABFAG4AQQArAFMAdQBYAG4ARQBaAFkAcgB5AFkAMQBKAGIAMgBLAGIAVABhAGkAOQBDAHQANwBrAFYANABaAEYAdwBpAGwAcQBwAEMAZgAwAHEAMgBaAE8ARQBPAFIAdwBhAGcANABMAEkAMQBXAEwAZQAwADQASgBOAGkAOQBlAEcALwBLAGoATwBLADkAQQBIAEUAYQArAEYAQgBKAHMAbQB3AGwAQQBsAEQAYwBkAHQAZABmAGEAQgBSAHIARgBuAGIAbgBrAHAAZABFAE4ANQBsAEEAWQBhAEYALwBPAGEARABnAEIALwBQAGkAWAAyAGsAQgBnAEoAWgB6AHAAbwBQAGMAaQBPAGMAMABhADYAaAA3ACsAYwBOAGQAaQBxAFQAagBVAEMAYwB0AFMAbAB1AFkAdQBKAG0AZwA0AEsARgBYAHEAVAAyAEQAcgB1AFcAKwBWAEgAQwBPAC8AOQBOAGgANQB1AHQATAB4AHQAMQBoAGkAcABoAFgAYQBvAHkAcwBsAFMATwBPAG8ARAAyADUAUQBxAE0AUABsAHQAKwAzADIANgBnAEwAaABaAEEAKwBvAFoARwBwAGUARABqAHcAMQA2AC8ANQAvADkAMQBEAHgAUQBpADAAbABLAGUANgBpAEsAQgAxAHAAeABGAEcAUwAxAE0AYQBqAEYAdQBQAFoARwB2AHAAVABwAEQANABkAFYAUgA3AGsAcwBRAEQAMQBLAGgANQBkAGcAWgBzADIASwBXAEgAcwBVAHkAbAA1AHEAMgA3AEEANQBiAGoANABlAG8AbwBUAFgAcwBVADQAaABvAEEARABwAEkAaQBGAGEAWQAzAEIAWgBXAEQATQBZAFoASQBZAGYAcgA4AHYATABQAHEANQBnAE0AaAAvAGEAcgA5AHcAMwBpAGsAMQBWAC8AVABWADAANgBIAHUAeAB0AGkARwBHAFUAMABLADAAZwA3AFEAZgBPAFUAVABGAE0ARQAyAFcARgBaAHEAYQBsAGEAZwBHADgAVAA0AEIAMABMAEUASABTAHUAdABNAFUAagA5AFAAbwBnAEcASgBDACsAcQBOADkAUABkADIANABOAHoAMQBjAEsAOQBrAFgAUQB6AEIASgAyAGoATwB1ADgAaABBADcAVgByAEEAagBLADkAMwBtAFUAVwBTADUAcwBCADIAcABHAE8AaQAyAHEASwBXAEgASwBhAGsAYwBKAGgAMwBKADgARABhAGQAaQAvAGcAZQBOAHoARgBDAHEAeQByAE4AZABtAGYAVAAxADQAYQBpADkAUgBXAHMAdQBkAHMAdABTAFAARwA5AHkAWQB4AEkAUwA0AHQAMQBvAGwAVgBxAGEASQBDAGUALwB0AGwAQwA2AGoARwBkAE4AYgBmAEIAaABMAHAAYgBnAE0AbgBZAHoAZQBFAEUAbABWAFYANABkAFkANQA1AEQAMgBhADQAcwAzADgANQAyAE4AYgBaAGEARQBxAEUAZwAzAHAAVwBHADUAcgBZAHoAbQA3ADIAKwBzADQAWgB0AFkARAB0AGUAeAB1AEgASQB3AFgAWAB2ADEASABpADgAZwBUAGQAVwBFAEEAQQBBAEEARABCAGcAMABrAHMANwBJADkAaAAzAFcAOABiAGgATABZAGIAdwBwAE8AegBDAHcASwA4AFYAZQBJAHAAeQBYAG4ANQBqAHYAcgBnAHYAZwBjAFMAbwBoAEUAUQBxADYAWgBwAHgALwBYAGEAQgBoAEYAQwBxAE8ASgBJAFQAMQAvAGYAVwA0AFIAYgBIAEcAagBnAEUAQgBYAHQAegBHAGUAUQBsAGMAVQBXADwALwBLAGUAeQBwAGEAaQByAD4APABLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA4ADwALwBLAGUAeQBHAGUAbgBGAGwAYQBnAHMAPgA8AEMAZQByAHQAPgBNAEkASQBFAEkARABDAEMAQQArAEMAZwBBAHcASQBCAEEAZwBJAFUAMABSAHcAVQBzAGIAdwBNAEEAUgBpAE4AWABPAG0AcQA5AEEATQBhAGwAcQBUAFoATABOAGsAdwBDAFEAWQBIAEsAbwBaAEkAegBqAGcARQBBAHoAQQBqAE0AUwBFAHcASAB3AFkARABWAFEAUQBEAEUAeABoAFUAYgAyAHQAbABiAGkAQgBUAGEAVwBkAHUAYQBXADUAbgBJAEYAQgAxAFkAbQB4AHAAWQB5AEIATABaAFgAawB3AEgAaABjAE4ATQBUAFUAeABNAEQARQAwAE0AVABFAHcATQB6AEkAeQBXAGgAYwBOAE0AVABZAHcATgBEAEUAeABNAFQARQB3AE0AegBJAHkAVwBqAEEAdABNAFMAcwB3AEsAUQBZAEQAVgBRAFEARABIAGkASQBBAE0AQQBBAHcAQQBEAEUAQQBPAEEAQQB3AEEARABBAEEATQBBAEEAdwBBAEQAYwBBAE0AZwBBADEAQQBFAFEAQQBRAHcAQQB5AEEARABnAEEAUgBnAEEAQQBNAEkARwBmAE0AQQAwAEcAQwBTAHEARwBTAEkAYgAzAEQAUQBFAEIAQQBRAFUAQQBBADQARwBOAEEARABDAEIAaQBRAEsAQgBnAFEARABTADMASABoAEsAOQAzAEYAQwBlAFoAQQArAEYATABvADUAUgB3ADQASABFAEwAMAAyAFcARgBYADgAbABsAHgAYgB3AGcASgAvAEMAcwBvAEMAcwB0AHIAZABmAEkAbgAzAEUARABUAFIAUQBSAGEANgBBADgAUABlADgAUABrAEIASABUAGYAbgBpAGEAOQBqAFgAQgBCAHAAVgBWAHAARgB3ADMAMgBVAEwAUQBJAE0AdABLAE0AMwB4AEYAWgA2AHkAeABLAEMANwBaAEYAbABOAEUAcgBZAGMASQBFAGoARgA2ADUANABaAEgAYwByADYAdwB3AFgAWAArADkAbgA3ADEAOQBTADUAMwBXAEwAZgB3AEEAdABvAEsAZABWAEUAOQAzAHEARQBJAHUAeABTADQAVgBzAE0ATgBYADIARgBLACsAegA0AFIAdQB2ADMAUQBJAEQAQQBRAEEAQgBvADQASQBDAG8ARABDAEMAQQBwAHcAdwBEAGcAWQBEAFYAUgAwAFAAQQBRAEgALwBCAEEAUQBEAEEAZwBXAGcATQBCAE0ARwBBADEAVQBkAEoAUQBRAE0ATQBBAG8ARwBDAEMAcwBHAEEAUQBVAEYAQgB3AE0AQwBNAEkASQBCAC8AdwBZAEQAVgBSADAAZwBCAEkASQBCADkAagBDAEMAQQBmAEkAdwBnAGcASAB1AEIAZwBvAHIAQgBnAEUARQBBAFkASQAzAE0AdwBNAEMATQBJAEkAQgAzAGoAQwBDAEEAZABvAEcAQwBDAHMARwBBAFEAVQBGAEIAdwBJAEMATQBJAEkAQgB6AEIANgBDAEEAYwBnAEEAVABRAEIAcABBAEcATQBBAGMAZwBCAHYAQQBIAE0AQQBiAHcAQgBtAEEASABRAEEASQBBAEIAawBBAEcAOABBAFoAUQBCAHoAQQBDAEEAQQBiAGcAQgB2AEEASABRAEEASQBBAEIAMwBBAEcARQBBAGMAZwBCAHkAQQBHAEUAQQBiAGcAQgAwAEEAQwBBAEEAYgB3AEIAeQBBAEMAQQBBAFkAdwBCAHMAQQBHAEUAQQBhAFEAQgB0AEEAQwBBAEEAZABBAEIAbwBBAEcARQBBAGQAQQBBAGcAQQBIAFEAQQBhAEEAQgBsAEEAQwBBAEEAYQBRAEIAdQBBAEcAWQBBAGIAdwBCAHkAQQBHADAAQQBZAFEAQgAwAEEARwBrAEEAYgB3AEIAdQBBAEMAQQBBAFoAQQBCAHAAQQBIAE0AQQBjAEEAQgBzAEEARwBFAEEAZQBRAEIAbABBAEcAUQBBAEkAQQBCAHAAQQBHADQAQQBJAEEAQgAwAEEARwBnAEEAYQBRAEIAegBBAEMAQQBBAFkAdwBCAGwAQQBIAEkAQQBkAEEAQgBwAEEARwBZAEEAYQBRAEIAagBBAEcARQBBAGQAQQBCAGwAQQBDAEEAQQBhAFEAQgB6AEEAQwBBAEEAWQB3AEIAMQBBAEgASQBBAGMAZwBCAGwAQQBHADQAQQBkAEEAQQBnAEEARwA4AEEAYwBnAEEAZwBBAEcARQBBAFkAdwBCAGoAQQBIAFUAQQBjAGcAQgBoAEEASABRAEEAWgBRAEEAcwBBAEMAQQBBAGIAZwBCAHYAQQBIAEkAQQBJAEEAQgBrAEEARwA4AEEAWgBRAEIAegBBAEMAQQBBAGEAUQBCADAAQQBDAEEAQQBiAFEAQgBoAEEARwBzAEEAWgBRAEEAZwBBAEcARQBBAGIAZwBCADUAQQBDAEEAQQBaAGcAQgB2AEEASABJAEEAYgBRAEIAaABBAEcAdwBBAEkAQQBCAHoAQQBIAFEAQQBZAFEAQgAwAEEARwBVAEEAYgBRAEIAbABBAEcANABBAGQAQQBCAHoAQQBDAEEAQQBZAFEAQgBpAEEARwA4AEEAZABRAEIAMABBAEMAQQBBAGQAQQBCAG8AQQBHAFUAQQBJAEEAQgB4AEEASABVAEEAWQBRAEIAcwBBAEcAawBBAGQAQQBCADUAQQBDAEEAQQBiAHcAQgB5AEEAQwBBAEEAYwB3AEIAaABBAEcAWQBBAFoAUQBCADAAQQBIAGsAQQBJAEEAQgB2AEEARwBZAEEASQBBAEIAawBBAEcARQBBAGQAQQBCAGgAQQBDAEEAQQBjAHcAQgBwAEEARwBjAEEAYgBnAEIAbABBAEcAUQBBAEkAQQBCADMAQQBHAGsAQQBkAEEAQgBvAEEAQwBBAEEAZABBAEIAbwBBAEcAVQBBAEkAQQBCAGoAQQBHADgAQQBjAGcAQgB5AEEARwBVAEEAYwB3AEIAdwBBAEcAOABBAGIAZwBCAGsAQQBHAGsAQQBiAGcAQgBuAEEAQwBBAEEAYwBBAEIAeQBBAEcAawBBAGQAZwBCAGgAQQBIAFEAQQBaAFEAQQBnAEEARwBzAEEAWgBRAEIANQBBAEMANAB3AFUAdwBZAEQAVgBSADAAagBCAEUAdwB3AFMAbwBBAFUAYQBJAFMAbwBsAG8AVgBsAGsAVgAvAFAANABKAEcAawBnAFUARwBqAGcAegBqAHIAVgBTAEMAaABKADYAUQBsAE0AQwBNAHgASQBUAEEAZgBCAGcATgBWAEIAQQBNAFQARwBGAFIAdgBhADIAVgB1AEkARgBOAHAAWgAyADUAcABiAG0AYwBnAFUASABWAGkAYgBHAGwAagBJAEUAdABsAGUAWQBJAEoAQQBLAHMAKwBGAFMAdwBrAHkAZQBjAGgATQBCADAARwBBADEAVQBkAEQAZwBRAFcAQgBCAFEAdQBiAFUAagBHAHQAdgBzAEwAaQBPAEEAVgBkAHoAdgBNAHEAaQBIAEIARgBXADIAZQBXAGoAQQBKAEIAZwBjAHEAaABrAGoATwBPAEEAUQBEAEEAeQA4AEEATQBDAHcAQwBGAEcAbwBOAEgAagBZAE4ARQBXAHgAUABOAEkASABsAGIAUQA4AC8ARwBnAFEAdQAzADQAZgBaAEEAaABSAEkAdQBPAHAAMABiAEYAYQA2ADAANQBxAHUAbwBiAGQAUgBiAFkAaQBDAEcAbQA1AFcARgB6AFUAeQA8AC8AQwBlAHIAdAA+ADwARQB4AHAAaQByAGUAZABUAGkAbQBlAD4AMgAwADEANgAtADAANAAtADEAMQBUADEAMQA6ADAAOAA6ADIAMQA8AC8ARQB4AHAAaQByAGUAZABUAGkAbQBlAD4APAAvAEMAZQByAHQASQBuAGYAbwA+AA==</Certificate></User></Data>


==== Registry Search Results for "gizmo" ======================


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_GIZMODRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_GIZMODRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_GIZMODRV\0000]
"Service"="GizmoDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_GIZMODRV\0000]
"DeviceDesc"="Gizmo Device Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_GIZMODRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_GIZMODRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_GIZMODRV\0000]
"Service"="GizmoDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_GIZMODRV\0000]
"DeviceDesc"="Gizmo Device Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GIZMODRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GIZMODRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GIZMODRV\0000]
"Service"="GizmoDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_GIZMODRV\0000]
"DeviceDesc"="Gizmo Device Driver"

==== Registry Search Results for "KMSpico" ======================


[HKEY_USERS\S-1-5-21-115903190-4080511109-3081035828-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\526abf0c_0]
@="{0.0.0.00000000}.{23fa3b4d-6fc2-45e8-aa12-1b2384590d57}|\\Device\\HarddiskVolume2\\Program Files\\KMSpico\\KMSELDI.exe%b{00000000-0000-0000-0000-000000000000}"

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4003 MB
CPU Info: Intel(R) Celeron(R) CPU G530T @ 2.00GHz
CPU Speed: 2002,3 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
CD / DVD Drives: 3x (E: | G: | H: | ) E: hp      CDDVDW SH-216ALN | G: MagicISOVirtual DVD-ROM  | H:
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  448,3GB | D:  17,4GB
Hard Disks - Free: C:  352,7GB | D:  2,2GB
Manufacturer *: AMI
BIOS Info: AT/AT COMPATIBLE | 11/18/11 | HPQOEM - 1072009
Time Zone: West-Europa (standaardtijd)
Motherboard *: PEGATRON CORPORATION 2AD4
Country: Nederland 
Language: NLD 

==== System Specs (Software) ======================

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
Default Browser: Google Chrome	46.0.2490.80
Internet Explorer Version: 11.0.9600.18059 
Google Chrome version: 46.0.2490.80

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-11-02 07:36:39	6C47927863C2E16819FE4DBEF6FA7EAF	7818	----a-w-	C:\Windows\BROPJ152W.INI
2015-10-24 19:17:49	127AA81343A7C6F665C22CB1293B0A90	67072	----a-w-	C:\Windows\splwow64.exe
2015-10-15 08:35:56	B32189BDFF6E577A92BAA61AD49264E6	193536	----a-w-	C:\Windows\notepad.exe
2015-10-14 14:22:59	677B7A478C237940CB3136864BC8AB47	37	----a-w-	C:\Windows\iltwain.ini
2015-10-14 11:18:18	B030901A00A225688E3DE9FEB9545370	23521	----a-w-	C:\Windows\BRRBCOM.INI
2015-10-14 11:18:18	05AEF0BCAD3DA3A4D6F343B870A7BA2C	7819	----a-w-	C:\Windows\BROPJ552DW.INI
====== C:\Users\GEAtje\AppData\Local\Temp ====
2015-11-05 19:16:42	A560DBA4BC0D93CE2CB25FD68C5D191E	71168	----a-w-	C:\Users\GEAtje\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyz9pny.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-11-02 07:37:59	38E5E24BEDE6F59AFC648CB7EF897D69	180224	----a-w-	C:\Windows\SysWOW64\BROSNMP.DLL
2015-10-24 20:13:51	2413D2216D08FAF7D7178D9E0B481AEB	2285056	----a-w-	C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-10-24 19:19:52	908BBA41A5B57DDB126B85EC14DD58EF	76288	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2015-10-24 19:19:52	0E036A353DB9D8F4F642AC0F9412F09E	47616	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-24 19:19:52	04BB7AF8E0DAE83982155F0752308666	64000	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-24 19:19:51	C89372B642726F1CF3EB479397976DA3	279040	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2015-10-24 19:19:51	C848E013BB85C48C787001E1EA36905F	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-24 19:19:51	A7028D5D5E3DCF820B3C0AFE0137A87E	130048	----a-w-	C:\Windows\SysWOW64\occache.dll
2015-10-24 19:19:51	9F36964CDB9A920779314395E3911503	504832	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2015-10-24 19:19:51	098F6097F919EE77EA490E16D11E427A	1311232	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2015-10-24 19:19:51	00FBEDF0E74AD8815469A95271C0E562	345688	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2015-10-24 19:19:50	D586CB95B4EADC0525E8929A241898F5	20357632	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2015-10-24 19:19:50	060409834CC8FAC3F1231DA3F0648CC5	689152	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2015-10-24 19:19:49	B87A11C95703AB19ACB43993DDA0F1A3	62464	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2015-10-24 19:19:49	7E8EABA6A2B10FE11E2381378A57322B	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2015-10-24 19:19:49	12DCE9300FF5B74DC2F7DBAC96B0614E	710144	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2015-10-24 19:19:48	F274AF14C7DB6C52C023BCBDA4197D17	47104	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2015-10-24 19:19:48	9F4234838400CC3A964AF53DE4410A50	2279936	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2015-10-24 19:19:48	8C9BCE16E894D4FBCE151F4A5FE05F55	30720	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2015-10-24 19:19:48	816B489E2BBFE2479C844AAD486ABB42	2052608	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2015-10-24 19:19:48	73189A2739491ABB556872737C501F8E	663552	----a-w-	C:\Windows\SysWOW64\jscript.dll
2015-10-24 19:19:48	584E6632F1F4027AB64DEB0F4139E7D7	620032	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2015-10-24 19:19:47	BE1263EE0CB8CF942FC35CC86E0C3941	12853760	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2015-10-24 19:19:47	AFC4F34507B555D1C9C4F049CCA1475F	416256	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2015-10-24 19:19:47	4A3CA2C73C4D66A90C63E9E532746020	480256	----a-w-	C:\Windows\SysWOW64\ieui.dll
2015-10-24 19:19:45	DE53F76D63CA64E172B336BC7CFF6EDA	4527616	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2015-10-24 19:19:45	CEDBC9DBD9800E0EE81B0840EBC2BAC5	1155072	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-24 19:19:45	A25C9DD040CA9799C2A7E41732D0752A	230400	----a-w-	C:\Windows\SysWOW64\webcheck.dll
2015-10-24 19:19:45	17B66052348D3A3681A9411EDD839E18	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2015-10-24 19:19:44	E401E66CCB2AE219CF41F7F901C410C1	2011136	----a-w-	C:\Windows\SysWOW64\wininet.dll
2015-10-24 19:19:44	A7012A7032207D1C16B7236EDF91F4BB	168960	----a-w-	C:\Windows\SysWOW64\msrating.dll
2015-10-24 19:19:44	5EE17D52CAF79663211C01C614594620	341504	----a-w-	C:\Windows\SysWOW64\html.iec
2015-10-24 19:19:29	C7673B3F8BB35221B42D67BF7ADAFDFD	7168	----a-w-	C:\Windows\SysWOW64\KBDYAK.DLL
2015-10-24 19:19:29	730B7C639957EA0BF37C1459831A1E19	6656	----a-w-	C:\Windows\SysWOW64\KBDRU1.DLL
2015-10-24 19:19:29	72222991598E173BBE1429426926C020	7168	----a-w-	C:\Windows\SysWOW64\KBDTAT.DLL
2015-10-24 19:19:29	45B308F20FEF040BD7321E85F69DF5E2	6656	----a-w-	C:\Windows\SysWOW64\KBDRU.DLL
2015-10-24 19:19:28	2BD0519015E899A2FF52210CC5875F88	6656	----a-w-	C:\Windows\SysWOW64\KBDBASH.DLL
2015-10-24 19:19:20	14800BD31701A5047AC3145BB1E698AE	3419136	----a-w-	C:\Windows\SysWOW64\d2d1.dll
2015-10-24 19:00:07	CE21524C53E9671A7108B28FB9B4E474	1251328	----a-w-	C:\Windows\SysWOW64\DWrite.dll
2015-10-24 19:00:07	965CFC7687F0D188F215DC142FC8F6A1	1987584	----a-w-	C:\Windows\SysWOW64\d3d10warp.dll
2015-10-24 19:00:03	5F3628DCF926C4499BE1DC74431DFBC8	1230848	----a-w-	C:\Windows\SysWOW64\WindowsCodecs.dll
2015-10-24 18:59:54	9566C8BBD2271A7962D4432A624762AD	417792	----a-w-	C:\Windows\SysWOW64\WMPhoto.dll
====== C:\Windows\SysWOW64\drivers =====
2015-10-30 20:16:27	79D51E7F5926E8CE1B3EBECEBAE28CFF	255552	----a-w-	C:\Windows\SysWOW64\drivers\mcdbus.sys
2015-10-14 10:22:47	D41D8CD98F00B204E9800998ECF8427E	0	--sha-r-	C:\Windows\SysWOW64\drivers\103C_HP_cPC_CQ2700ED_Y53316J_0U_QCZC213_E12CE1PRW602_4A_I2AD4_SPEGATRON CORPORATION_V1.02_B7.09_T111125_W73-1_L413_M4003_J500_7Intel_86A7_92.00_#120530_N19692062_Z_G80860102_Ohp CDDVDW SH-216ALN_DMED3673.MRK
====== C:\Windows\Sysnative =====
2015-11-02 07:38:38	4277711E5A86DFE600355730EC92925E	87040	----a-w-	C:\Windows\Sysnative\BrNetSti.dll
2015-11-02 07:37:58	C0F76DBB3732352EC12C93EA96B9C670	227328	----a-w-	C:\Windows\Sysnative\BRCOI13I.DLL
2015-10-24 20:13:51	3469B9FAE899139FEE7356E91693376A	2777088	----a-w-	C:\Windows\Sysnative\msmpeg2vdec.dll
2015-10-24 19:19:52	9AEE2A881FD10E6A463588303D8027AD	114688	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2015-10-24 19:19:52	3A0773E21355B41176ACAD8BB099D9B3	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2015-10-24 19:19:51	BF8A5B4E696F4E8F3B2B5E9902467418	720896	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2015-10-24 19:19:51	9E0D0522908C1106E0D77708CB9926FE	34304	----a-w-	C:\Windows\Sysnative\iernonce.dll
2015-10-24 19:19:51	80E9DF296F127B3BC965EBC5A2C8F044	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2015-10-24 19:19:51	521E1A87D4F750FD9694DBF3AB37B38F	77824	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2015-10-24 19:19:49	3295B811A0260C0A5B346ECB73C5FCF0	152064	----a-w-	C:\Windows\Sysnative\occache.dll
2015-10-24 19:19:48	8A2A46DD0C51E5D2D0A2EF2AA289DA4D	1546752	----a-w-	C:\Windows\Sysnative\urlmon.dll
2015-10-24 19:19:48	4AEB3F2FB0CC23A18ED997F6C0476819	391784	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2015-10-24 19:19:48	12C1DECE9502828C0A5ADB50AB1673A0	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2015-10-24 19:19:47	D661A17B4634171C58373699CBD6455B	315392	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2015-10-24 19:19:47	6E1EEB1CE2F9F3AB14A9E8A6B1E82455	801280	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2015-10-24 19:19:47	2A898891EB7FBCF0774F0B96AAD05561	968704	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2015-10-24 19:19:46	F6F91F217D760981017E4AA4F1C7E633	66560	----a-w-	C:\Windows\Sysnative\iesetup.dll
2015-10-24 19:19:46	7C3050383491011FEDD40961A37A2D99	2126336	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2015-10-24 19:19:46	0FA614470B3A78FC5B8F3F3F742B9837	800768	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2015-10-24 19:19:45	E91FD3ACC10C971CBA991FCD058ABB58	2886656	----a-w-	C:\Windows\Sysnative\iertutil.dll
2015-10-24 19:19:45	A865136AC6436533E0A4A3C67F259401	585728	----a-w-	C:\Windows\Sysnative\vbscript.dll
2015-10-24 19:19:44	88D3F690043A1AA43F33DEC6DDA82178	616960	----a-w-	C:\Windows\Sysnative\ieui.dll
2015-10-24 19:19:44	84C63F3D2D488A918A947E06BD1105EF	54784	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2015-10-24 19:19:44	45A56A2CC2D6A4B649B7DC3B5DF259FF	489984	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2015-10-24 19:19:43	BC92D9D88959542FBAF1F8CF21F86B38	14458368	----a-w-	C:\Windows\Sysnative\ieframe.dll
2015-10-24 19:19:43	4A9FFAC9325EFFDEFD7E8C0830B0ABEC	92160	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2015-10-24 19:19:42	B0917E6238C1675E48CFE64947DD9FD9	144384	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2015-10-24 19:19:42	5175A9C2C71D49394424C07CA856B803	1359360	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2015-10-24 19:19:42	454669BB12162610D93954BCC942A41C	817664	----a-w-	C:\Windows\Sysnative\jscript.dll
2015-10-24 19:19:42	373B3EFBBF1A2706F8660C4DE4202694	262144	----a-w-	C:\Windows\Sysnative\webcheck.dll
2015-10-24 19:19:41	E36C7069B9C56DF9A53DD4FA5DCDDE72	5990912	----a-w-	C:\Windows\Sysnative\jscript9.dll
2015-10-24 19:19:41	BD06D875FB79E92DAF724C91DE743AFA	2487808	----a-w-	C:\Windows\Sysnative\wininet.dll
2015-10-24 19:19:41	1DE918244ED8AB9D3F2C4B9A1F91A24D	814080	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2015-10-24 19:19:40	BEA081F4F2D507D6461B142AB11995B3	199680	----a-w-	C:\Windows\Sysnative\msrating.dll
2015-10-24 19:19:40	58DD42AC31D1F86D303BAAF5955A59BA	417792	----a-w-	C:\Windows\Sysnative\html.iec
2015-10-24 19:19:40	0783994A921469A6E97F3117AA0934DD	88064	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
2015-10-24 19:19:39	99BA96F5AC545D857E662A9FC576D919	25851904	----a-w-	C:\Windows\Sysnative\mshtml.dll
2015-10-24 19:19:29	BE67D99EDA34A68B827868371B5529AD	7168	----a-w-	C:\Windows\Sysnative\KBDTAT.DLL
2015-10-24 19:19:28	EA21295A386C6DB2A2A90E657B37C5F4	7168	----a-w-	C:\Windows\Sysnative\KBDYAK.DLL
2015-10-24 19:19:28	920B5C1CC0BAB6E574297BC3D945DA31	7168	----a-w-	C:\Windows\Sysnative\KBDBASH.DLL
2015-10-24 19:19:28	80EDA24B00478FA795F90DFA09C12E86	7168	----a-w-	C:\Windows\Sysnative\KBDRU1.DLL
2015-10-24 19:19:28	353C4A38042819CA83AEFC6F2E7051CD	6656	----a-w-	C:\Windows\Sysnative\KBDRU.DLL
2015-10-24 19:19:20	C676E5EA388AF7C4C031F56F9B42E362	3928064	----a-w-	C:\Windows\Sysnative\d2d1.dll
2015-10-24 19:17:49	85DAA09A98C9286D4EA2BA8D0E644377	559104	----a-w-	C:\Windows\Sysnative\spoolsv.exe
2015-10-24 19:00:07	DB94C47BD7F2AD9C58DEC46026D5FD08	1648128	----a-w-	C:\Windows\Sysnative\DWrite.dll
2015-10-24 19:00:07	D5A775990A7C202A037378FDBCDB6141	1180160	----a-w-	C:\Windows\Sysnative\FntCache.dll
2015-10-24 19:00:07	D4FB2E00F49711C9DD3E2C2646D7C767	2565120	----a-w-	C:\Windows\Sysnative\d3d10warp.dll
2015-10-24 19:00:03	0A4D03A4C0F908B15B8A4C48FB18F197	1424896	----a-w-	C:\Windows\Sysnative\WindowsCodecs.dll
2015-10-24 18:59:54	CBA2694BFC61F371181F2BE2BCD66C40	465920	----a-w-	C:\Windows\Sysnative\WMPhoto.dll
====== C:\Windows\Sysnative\drivers =====
2015-10-30 20:42:19	7914A30A3849306FAE9F5DD9C3615F18	141368	----a-w-	C:\Windows\Sysnative\drivers\waemu.sys
2015-10-30 20:16:27	79D51E7F5926E8CE1B3EBECEBAE28CFF	255552	----a-w-	C:\Windows\Sysnative\drivers\mcdbus.sys
2015-10-28 19:50:17	496C3C6BC3D930D0960C9E75AA30F4A7	30264	----a-w-	C:\Windows\Sysnative\drivers\dtlitescsibus.sys
2015-10-16 07:29:49	DDA4CAF29D8C0A297F886BFE561E6659	198656	----a-w-	C:\Windows\Sysnative\drivers\WUDFRd.sys
2015-10-16 07:29:49	AB886378EEB55C6C75B4F2D14B6C869F	87040	----a-w-	C:\Windows\Sysnative\drivers\WUDFPf.sys
2015-10-16 07:29:49	933222B19FF3E7EA5F65517EA1F7D57E	3	----a-w-	C:\Windows\Sysnative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-10-15 08:44:48	67050452C0118BAF2883928E6FCCFE47	94656	----a-w-	C:\Windows\Sysnative\drivers\mountmgr.sys
2015-10-15 08:42:51	ED6E75158D28D33A2E2A020AC5B2B59D	663552	----a-w-	C:\Windows\Sysnative\drivers\PEAuth.sys
2015-10-15 08:41:52	6BD9295CC032DD3077C671FCCF579A7B	23408	----a-w-	C:\Windows\Sysnative\drivers\fs_rec.sys
2015-10-15 08:41:51	04ADD18EE5CC9FBEDAEC1DD1CD0CB45E	1903552	----a-w-	C:\Windows\Sysnative\drivers\tcpip.sys
2015-10-15 08:41:50	3555BA97171CD153118F73FDCCC8BFDE	376768	----a-w-	C:\Windows\Sysnative\drivers\netio.sys
2015-10-15 08:41:49	17F685B67C74B8F7BFED4308790B71DE	288192	----a-w-	C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2015-10-15 08:41:08	E0D3CD5841E5C7BE7B94BA946AF1E498	116736	----a-w-	C:\Windows\Sysnative\drivers\drmk.sys
2015-10-15 08:41:08	1E0B4CBBA91C6B041A14ECC2186F7E24	230400	----a-w-	C:\Windows\Sysnative\drivers\portcls.sys
2015-10-15 08:40:49	FFA06EF43987ED0DD42AD59B260C0C78	7808	----a-w-	C:\Windows\Sysnative\drivers\usbd.sys
2015-10-15 08:40:49	DCA68B0943D6FA415F0C56C92158A83A	99840	----a-w-	C:\Windows\Sysnative\drivers\usbccgp.sys
2015-10-15 08:40:49	8D1196CFBB223621F2C67D45710F25BA	343040	----a-w-	C:\Windows\Sysnative\drivers\usbhub.sys
2015-10-15 08:40:49	18A85013A3E0F7E1755365D287443965	53248	----a-w-	C:\Windows\Sysnative\drivers\usbehci.sys
2015-10-15 08:40:49	12FEB33791920678F8433701C822BCFD	325120	----a-w-	C:\Windows\Sysnative\drivers\usbport.sys
2015-10-15 08:40:44	92B3172E8C14C1444682F510843A9988	19968	----a-w-	C:\Windows\Sysnative\drivers\usb8023.sys
2015-10-15 08:40:03	AE3334958D8F631FF14A0AEB3D7EFB3A	141312	----a-w-	C:\Windows\Sysnative\drivers\mrxdav.sys
2015-10-15 08:40:00	059F00DEF82BF41E433B7ED465847726	155584	----a-w-	C:\Windows\Sysnative\drivers\ataport.sys
2015-10-15 08:39:13	C6330F7C2E92A00E6773E82F79078AFC	157016	----a-w-	C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-10-15 08:39:13	ACB6782973BD93760D597FC7BB37E692	159232	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb.sys
2015-10-15 08:39:13	8C0376974AA28398FF501E78C04ACB30	129024	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb20.sys
2015-10-15 08:39:13	3A8C03156C3E31E70EF84E48CA179B46	97112	----a-w-	C:\Windows\Sysnative\drivers\ksecdd.sys
2015-10-15 08:39:13	262BF7BB7D0E44CFAA9B12A1E0A6EDF1	290816	----a-w-	C:\Windows\Sysnative\drivers\mrxsmb10.sys
2015-10-15 08:38:56	760E38053BF56E501D562B70AD796B88	950128	----a-w-	C:\Windows\Sysnative\drivers\ndis.sys
2015-10-15 08:38:56	0E01641D96889BDEB22DE12D30575B08	41472	----a-w-	C:\Windows\Sysnative\drivers\RNDISMP.sys
2015-10-15 08:38:32	FA886682CFC5D36718D3E436AACF10B9	497152	----a-w-	C:\Windows\Sysnative\drivers\afd.sys
2015-10-15 08:38:31	E2C933EDBC389386EBE6D2BA953F43D8	785624	----a-w-	C:\Windows\Sysnative\drivers\Wdf01000.sys
2015-10-15 08:38:31	AEA0A67275CFBA0E463E00C6E9A1DDAE	54376	----a-w-	C:\Windows\Sysnative\drivers\WdfLdr.sys
2015-10-15 08:38:31	933222B19FF3E7EA5F65517EA1F7D57E	3	----a-w-	C:\Windows\Sysnative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-10-15 08:38:10	27DABFB4A6B0140C34DBEC713469592B	61440	----a-w-	C:\Windows\Sysnative\drivers\appid.sys
2015-10-15 08:37:50	80B0F7D5CCF86CEB5D402EAAF61FEC31	100864	----a-w-	C:\Windows\Sysnative\drivers\usbcir.sys
2015-10-15 08:37:48	1B16D0BD9841794A6E0CDE0CEF744ABC	45568	----a-w-	C:\Windows\Sysnative\drivers\tcpipreg.sys
2015-10-15 08:37:43	70988118145F5F10EF24720B97F35F65	119296	----a-w-	C:\Windows\Sysnative\drivers\tdx.sys
2015-10-15 08:37:42	9661DA76B4531B2DA272ECCE25A8AF24	42496	----a-w-	C:\Windows\Sysnative\drivers\usbscan.sys
2015-10-15 08:37:42	856E76B3641746ABBC2946BED1372098	32896	----a-w-	C:\Windows\Sysnative\drivers\hidparse.sys
2015-10-15 08:37:42	597C3699384E53CC59587ED50CCE5CA2	76800	----a-w-	C:\Windows\Sysnative\drivers\hidclass.sys
2015-10-15 08:36:23	27667A788130A7F7A5858DE27572E6D7	459336	----a-w-	C:\Windows\Sysnative\drivers\cng.sys
2015-10-15 08:35:52	87CE5C8965E101CCCED1F4675557E868	985536	----a-w-	C:\Windows\Sysnative\drivers\dxgkrnl.sys
2015-10-15 08:35:52	1F04CFB79DD5FB7694468CE3FB3DCC31	265064	----a-w-	C:\Windows\Sysnative\drivers\dxgmms1.sys
2015-10-15 08:35:01	E9766131EEADE40A27DC27D2D68FBA9C	75120	----a-w-	C:\Windows\Sysnative\drivers\partmgr.sys
2015-10-15 08:34:08	36E0DDD19038C92B7C7709BFA03F813F	69888	----a-w-	C:\Windows\Sysnative\drivers\stream.sys
2015-10-15 08:34:07	F61634BEC53F73702A10DE69F6DCAF57	754688	----a-w-	C:\Windows\Sysnative\drivers\http.sys
2015-10-15 08:34:04	B3222734D80013D2C73841B0C549FA63	27584	----a-w-	C:\Windows\Sysnative\drivers\Diskdump.sys
2015-10-15 08:34:04	A3F0BC5897F9D3786A3CB695B163633A	190912	----a-w-	C:\Windows\Sysnative\drivers\storport.sys
2015-10-15 08:34:04	96BB922A0981BC7432C8CF52B5410FE6	274880	----a-w-	C:\Windows\Sysnative\drivers\msiscsi.sys
2015-10-15 08:32:05	FE571E088C2D83619D2D48D4E961BF41	212480	----a-w-	C:\Windows\Sysnative\drivers\rdpwd.sys
2015-10-15 08:32:05	E232A3B43A894BB327FC161529BD9ED1	39936	----a-w-	C:\Windows\Sysnative\drivers\tssecsrv.sys
2015-10-15 08:31:53	8F6322049018354F45F05A2FD2D4E5E0	223752	----a-w-	C:\Windows\Sysnative\drivers\fvevol.sys
2015-10-15 08:31:50	1A29A59A4C5BA6F8C85062A613B7E2B2	1684928	----a-w-	C:\Windows\Sysnative\drivers\ntfs.sys
2015-10-15 08:31:02	6C02A83164F5CC0A262F4199F0871CF5	90624	----a-w-	C:\Windows\Sysnative\drivers\bowser.sys
2015-10-14 12:55:16	627FFBE52FEDF0460C3D7259FC0EDF50	206080	----a-w-	C:\Windows\Sysnative\drivers\ssudmdm.sys
2015-10-14 12:55:16	5492F6FB1F32E10AEF02679872AFD194	110720	----a-w-	C:\Windows\Sysnative\drivers\ssudbus.sys
2015-10-14 12:43:55	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-10-14 12:40:33	51C5ECEB1CDEE2468A1748BE550CFBC8	23552	----a-w-	C:\Windows\Sysnative\drivers\tdtcp.sys
2015-10-14 10:22:46	D41D8CD98F00B204E9800998ECF8427E	0	--sha-r-	C:\Windows\Sysnative\drivers\103C_HP_cPC_CQ2700ED_Y53316J_0U_QCZC213_E12CE1PRW602_4A_I2AD4_SPEGATRON CORPORATION_V1.02_B7.09_T111125_W73-1_L413_M4003_J500_7Intel_86A7_92.00_#120530_N19692062_Z_G80860102_Ohp CDDVDW SH-216ALN_DMED3673.MRK
====== C:\Windows\Tasks ======
2015-11-02 08:16:12	5DDA331A16972BA986C46F8B5364B276	2988	----a-w-	C:\Windows\Sysnative\Tasks\{D51B9355-8F46-4D63-8F6A-736B4EB2A0A3}
2015-10-25 12:12:27	--------	d-----w-	C:\Windows\Sysnative\Tasks\OfficeSoftwareProtectionPlatform
2015-10-25 07:33:36	--------	d-----w-	C:\Windows\Sysnative\Tasks\Remediation
2015-10-14 12:48:48	734793876C041EB49E2660A38E29EC5D	1014	----a-w-	C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-14 12:48:48	62E08FECB03255FDF8C321341D256813	4010	----a-w-	C:\Windows\Sysnative\Tasks\DropboxUpdateTaskMachineUA
2015-10-14 12:48:45	49E50DAE9325F36C78E80912A0F683B0	3758	----a-w-	C:\Windows\Sysnative\Tasks\DropboxUpdateTaskMachineCore
2015-10-14 12:48:44	EC0AABB809AE24457A33767A2D485635	1010	----a-w-	C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-14 11:08:33	D64A741969CCE598B0BEB846FB3C5DAA	3220	----a-w-	C:\Windows\Sysnative\Tasks\HPCeeScheduleForGEATJE-HP$
2015-10-14 11:08:33	6CA30DEADA79F6106F69065111AAF5F8	344	----a-w-	C:\Windows\Tasks\HPCeeScheduleForGEATJE-HP$.job
2015-10-14 10:48:17	DD28AE3A992A35AEF8872F9C1D9DCADC	1052	----a-w-	C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-14 10:48:17	83EBBD9F98AC98F38525EAF5774A5FB5	4052	----a-w-	C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2015-10-14 10:48:17	69AB46E5DA7344D8AD588B620095AA74	3800	----a-w-	C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2015-10-14 10:48:17	4D8D0A260F918A1C989446D391B5B522	1056	----a-w-	C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-14 10:31:23	7972EA61D6D8BB14A8B4DF8A31539478	3858	----a-w-	C:\Windows\Sysnative\Tasks\SetupManager
2015-10-14 10:31:05	5A5ECE3325B5C083F9E84C135AF9133A	3966	----a-w-	C:\Windows\Sysnative\Tasks\User_Feed_Synchronization-{9FCDEE2B-079D-4B58-A8D3-BEFBACE2206F}
2015-10-14 10:30:39	6D9E31A32935F5365A33E0E81D32C53A	3192	----a-w-	C:\Windows\Sysnative\Tasks\HPCeeScheduleForGEAtje
2015-10-14 10:30:38	D1E3F802F92621A6CF9A57A60483C718	336	----a-w-	C:\Windows\Tasks\HPCeeScheduleForGEAtje.job
2015-10-14 10:22:28	591C9027A1A2C26CDBEE2A3B57DF062A	3290	----a-w-	C:\Windows\Sysnative\Tasks\RMCreator
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-11-04 20:55:00	--------	d-----w-	C:\Program Files\Microsoft.NET
2015-10-30 21:14:16	--------	d-----w-	C:\Program Files\Microsoft Synchronization Services
2015-10-30 21:13:54	--------	d-----w-	C:\Program Files\Microsoft SQL Server Compact Edition
2015-10-30 20:58:22	--------	d-----w-	C:\Program Files\trend micro
2015-10-30 19:50:42	--------	d-----w-	C:\Program Files\PowerISO
2015-10-28 19:50:12	--------	d-----w-	C:\Program Files\DAEMON Tools Lite
2015-10-28 18:40:57	--------	d-----w-	C:\Program Files\Concom
2015-10-26 21:04:23	--------	d-----w-	C:\Program Files\Common Files\DESIGNER
2015-10-26 21:03:14	--------	d-----w-	C:\Program Files\Microsoft SQL Server
2015-10-26 20:59:53	--------	d-----w-	C:\Program Files\Microsoft Analysis Services
2015-10-26 20:59:26	--------	d-----w-	C:\Program Files\Microsoft Office
2015-10-25 07:33:25	--------	d-----w-	C:\Program Files\Common Files\AV
2015-10-16 19:30:32	--------	d-----w-	C:\Program Files\Microsoft Silverlight
2015-10-14 14:31:31	--------	d-----w-	C:\Program Files\Bonjour
2015-10-14 11:39:44	--------	d-----w-	C:\Program Files\WinRAR
2015-10-14 11:33:01	--------	d-----w-	C:\Program Files\Windows Live
======= C:\PROGRA~2 =====
2015-10-30 21:12:45	--------	d-----w-	C:\PROGRA~2\Microsoft Visual Studio 8
2015-10-30 20:42:18	--------	d-----w-	C:\PROGRA~2\WinArchiver Virtual Drive
2015-10-30 20:16:27	--------	d-----w-	C:\PROGRA~2\MagicDisc
2015-10-28 19:51:38	--------	d-----w-	C:\PROGRA~2\Disc Soft
2015-10-28 18:47:27	--------	d-----w-	C:\PROGRA~2\CinemaPlus-3.2cV23.10
2015-10-28 18:39:35	--------	d-----w-	C:\PROGRA~2\CinemaPlus-3.2cV25.10
2015-10-28 18:37:38	--------	d-----w-	C:\PROGRA~2\WNetEnhancer
2015-10-28 18:36:56	--------	d-----w-	C:\PROGRA~2\Opera
2015-10-28 18:36:42	--------	d-----w-	C:\PROGRA~2\Max Driver Updater
2015-10-28 18:36:40	--------	d-----w-	C:\PROGRA~2\MaxDrivrUpdater_v71.6314
2015-10-26 21:03:58	--------	d-----w-	C:\PROGRA~2\Microsoft SQL Server
2015-10-26 20:59:52	--------	d-----w-	C:\PROGRA~2\Microsoft Analysis Services
2015-10-25 12:20:13	--------	d-----w-	C:\PROGRA~2\COMMON~1\DESIGNER
2015-10-25 10:47:49	--------	d-----w-	C:\PROGRA~2\TomTom HOME 2
2015-10-25 10:39:48	--------	d-----w-	C:\PROGRA~2\TomTom International B.V
2015-10-16 19:30:32	--------	d-----w-	C:\PROGRA~2\Microsoft Silverlight
2015-10-16 19:02:27	--------	d-----w-	C:\PROGRA~2\COMMON~1\Skype
2015-10-16 19:02:27	--------	d-----r-	C:\PROGRA~2\Skype
2015-10-14 14:31:31	--------	d-----w-	C:\PROGRA~2\Bonjour
2015-10-14 14:22:31	--------	d-----w-	C:\PROGRA~2\DYMO
2015-10-14 12:53:10	--------	d-----w-	C:\PROGRA~2\MyFree Codec
2015-10-14 12:51:01	--------	d-----w-	C:\PROGRA~2\Samsung
2015-10-14 12:48:40	--------	d-----w-	C:\PROGRA~2\Dropbox
2015-10-14 11:30:20	--------	d-----w-	C:\PROGRA~2\Microsoft OneDrive
2015-10-14 11:26:55	--------	d-----w-	C:\PROGRA~2\Browny02
2015-10-14 11:26:51	--------	d-----w-	C:\PROGRA~2\ControlCenter4
2015-10-14 11:26:06	--------	d-----w-	C:\PROGRA~2\Brother
2015-10-14 10:48:15	--------	d-----w-	C:\PROGRA~2\Google
2015-10-14 10:22:32	--------	d-----w-	C:\PROGRA~2\Microsoft Mathematics
======= C: =====
====== C:\Users\GEAtje\AppData\Roaming ======
2015-11-04 19:41:58	--------	d-----w-	C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-11-04 19:41:58	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-11-04 19:41:57	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Temp
2015-11-04 19:41:57	--------	d-----w-	C:\Users\Default\AppData\Local\Temp
2015-11-04 19:41:57	--------	d-----w-	C:\Users\Default User\AppData\Local\Temp
2015-11-02 20:28:06	F78D40A1C0858FE9DA4C14AA7AE3E529	237792	----a-w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2015-11-02 08:16:17	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Diagnostics
2015-10-30 20:16:35	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
2015-10-30 19:51:51	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Chromium
2015-10-28 20:32:40	--------	d-----w-	C:\Users\Default\AppData\Local\Microsoft Help
2015-10-28 20:32:40	--------	d-----w-	C:\Users\Default User\AppData\Local\Microsoft Help
2015-10-28 19:58:41	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Disc_Soft_Ltd
2015-10-28 19:50:15	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\DAEMON Tools Lite
2015-10-28 18:37:20	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Opera Software
2015-10-28 18:37:20	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Opera Software
2015-10-28 18:35:38	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Programs
2015-10-27 18:45:59	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Elephant Games
2015-10-27 17:33:17	--------	d-----w-	C:\Users\GEAtje\AppData\Local\GWX
2015-10-27 08:42:42	--------	d-----w-	C:\Users\GEAtje\AppData\Locallow\Brother
2015-10-27 08:42:42	--------	d-----r-	C:\Users\GEAtje\AppData\Roaming\Brother
2015-10-26 21:21:52	--------	d-----w-	C:\Users\GEAtje\AppData\Local\CrashDumps
2015-10-26 20:59:35	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Microsoft Help
2015-10-26 20:31:21	--------	d-----w-	C:\Users\GEAtje\AppData\Local\MEGAsync
2015-10-25 14:35:54	--------	d-s---w-	C:\Windows\serviceprofiles\Localservice\AppData\Locallow\Microsoft
2015-10-25 10:49:52	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\TomTom
2015-10-25 10:49:52	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Mozilla
2015-10-25 10:49:52	--------	d-----w-	C:\Users\GEAtje\AppData\Local\TomTom
2015-10-15 16:57:02	--------	d-----w-	C:\Users\GEAtje\AppData\Local\DM
2015-10-15 10:26:34	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\HP Support Assistant
2015-10-14 19:19:32	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Hewlett-Packard_Company
2015-10-14 14:46:14	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Odian Games
2015-10-14 14:23:43	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Sanford,_L.P
2015-10-14 14:23:10	--------	d-----w-	C:\Users\GEAtje\AppData\Local\DYMO
2015-10-14 13:46:45	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\TeamViewer
2015-10-14 12:58:43	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Samsung
2015-10-14 12:58:21	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Samsung
2015-10-14 12:49:53	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Dropbox
2015-10-14 12:48:33	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Dropbox
2015-10-14 12:45:08	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Downloaded Installations
2015-10-14 11:49:20	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Windows Live Writer
2015-10-14 11:49:20	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Windows Live Writer
2015-10-14 11:46:48	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\ControlCenter4
2015-10-14 11:44:55	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\CyberLink
2015-10-14 11:39:58	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\WinRAR
2015-10-14 11:39:44	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-14 11:28:09	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Windows Live
2015-10-14 11:24:02	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\InstallShield
2015-10-14 11:08:33	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Hewlett-Packard
2015-10-14 11:03:54	--------	d-----w-	C:\Users\GEAtje\AppData\Local\ElevatedDiagnostics
2015-10-14 10:56:39	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm
2015-10-14 10:55:05	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking
2015-10-14 10:48:05	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Google
2015-10-14 10:47:38	F4D272C13E53B19CC2D25ED9C8B72AFD	116336	----a-w-	C:\Users\GEAtje\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-14 10:47:35	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Apps
2015-10-14 10:47:34	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Deployment
2015-10-14 10:47:03	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Adobe
2015-10-14 10:31:05	--------	d-----w-	C:\Users\GEAtje\AppData\Locallow\Microsoft
2015-10-14 10:30:57	--------	d-----r-	C:\Users\GEAtje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2015-10-14 10:30:57	--------	d-----r-	C:\Users\GEAtje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2015-10-14 10:30:49	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Identities
2015-10-14 10:30:46	--------	d-----w-	C:\Users\GEAtje\AppData\Local\VirtualStore
2015-10-14 10:30:11	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Hewlett-Packard
2015-10-14 10:24:05	--------	d-----w-	C:\Users\GEAtje\AppData\Local\TouchSmartData
2015-10-14 10:23:10	--------	d-----w-	C:\Users\GEAtje\AppData\Local\RemEngine
2015-10-14 10:23:07	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Hewlett-Packard_Company
2015-10-14 10:22:36	--------	d-s---w-	C:\Users\GEAtje\AppData\Roaming\Microsoft
2015-10-14 10:22:36	--------	d-----w-	C:\Users\GEAtje\AppData\Roaming\Media Center Programs
2015-10-14 10:22:36	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Microsoft
2015-10-14 10:22:36	--------	d-----w-	C:\Users\GEAtje\AppData\Local\Hewlett-Packard
2015-10-14 10:22:36	--------	d-----r-	C:\Users\GEAtje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-14 10:22:36	--------	d-----r-	C:\Users\GEAtje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
====== C:\Users\GEAtje ======
2015-11-05 19:35:24	B7B4656E0DB41DB4C677A324CC0F5DE5	6762072	----a-w-	C:\Users\GEAtje\Downloads\ccsetup511 (1).exe
2015-11-05 19:35:21	B7B4656E0DB41DB4C677A324CC0F5DE5	6762072	----a-w-	C:\Users\GEAtje\Downloads\ccsetup511.exe
2015-11-02 07:47:10	F528625BA29ED073D7AB6CAB066315CC	924173	----a-w-	C:\Users\GEAtje\Downloads\BrMain480.exe
2015-11-02 07:35:35	573DED493A33130268671B331FEDC012	151472160	----a-w-	C:\Users\GEAtje\Downloads\DCP-J152W-inst-A1-OCE.EXE
2015-10-30 21:15:20	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-10-30 21:15:20	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-10-30 20:58:06	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\GEAtje\Downloads\RSITx64.exe
2015-10-30 20:42:19	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinArchiver Virtual Drive
2015-10-30 20:42:12	37346092E12CA41A4193D970950A0456	729262	----a-w-	C:\Users\GEAtje\Downloads\WADrive28.exe
2015-10-30 20:38:29	4AF0B87C01FA61690906D990387CD1B1	61064	----a-w-	C:\Users\GEAtje\Downloads\winxpvirtualcdcontrolpanel_21.exe
2015-10-30 20:37:23	4F4ABE635A57662510F55C3D65540A89	7321032	----a-w-	C:\Users\GEAtje\Downloads\Daemon-Tools-DukeN-NL.exe
2015-10-30 20:16:35	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2015-10-30 20:16:09	22EAB34E639CF9596F62CA063486CAEF	1352435	----a-w-	C:\Users\GEAtje\Downloads\setup_magicdisc.exe
2015-10-28 20:02:39	E87CBD264A2CA9B80CC9883B3E6F3AA9	1709792	----a-w-	C:\Users\GEAtje\Downloads\DTLiteInstaller (1).exe
2015-10-28 19:56:00	8BE02B1C74164D70CBDE3CF8AFC460D8	134213272	----a-w-	C:\Users\GEAtje\Downloads\NIS-ESDDef-22.5.4.24-NL.exe
2015-10-28 19:53:33	--------	d-----w-	C:\Users\Public\Documents\Daemon Tools Images
2015-10-28 19:52:01	--------	d--h--w-	C:\ProgramData\Common Files
2015-10-28 19:49:43	--------	d-----w-	C:\ProgramData\DAEMON Tools Lite
2015-10-28 19:47:16	E87CBD264A2CA9B80CC9883B3E6F3AA9	1709792	----a-w-	C:\Users\GEAtje\Downloads\DTLiteInstaller.exe
2015-10-28 18:41:05	--------	d-----w-	C:\ProgramData\SmartPurple
2015-10-27 18:45:59	--------	d-----w-	C:\ProgramData\Elephant Games
2015-10-26 21:05:28	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-26 20:59:24	--------	d-----w-	C:\ProgramData\Microsoft Help
2015-10-26 20:26:25	C334F68F3AAA17578887A0E47AA99A97	9989712	----a-w-	C:\Users\GEAtje\Downloads\MEGAsyncSetup.exe
2015-10-25 10:49:55	--------	d-----w-	C:\ProgramData\TomTom
2015-10-25 10:47:51	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-10-25 10:37:26	5D4C0E1A15D3EFB767069F1BDA4D05F3	31109864	----a-w-	C:\Users\GEAtje\Downloads\TomTomHOME2winlatest.exe
2015-10-16 19:31:52	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-16 19:02:29	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-14 20:15:00	--------	d-----w-	C:\ProgramData\Recovery
2015-10-14 14:46:14	--------	d-----w-	C:\ProgramData\Odian Games
2015-10-14 14:31:30	--------	d-----w-	C:\ProgramData\Apple
2015-10-14 14:23:04	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO
2015-10-14 14:22:28	--------	d-----w-	C:\ProgramData\DYMO
2015-10-14 13:03:50	--------	d-----w-	C:\Users\Public\Documents\NativeFus_Log
2015-10-14 12:53:13	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2015-10-14 12:52:12	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-10-14 12:52:06	--------	d-----r-	C:\Users\GEAtje\Dropbox
2015-10-14 12:51:01	--------	d-----w-	C:\ProgramData\Samsung
2015-10-14 12:50:38	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-14 12:48:33	--------	d-----w-	C:\ProgramData\Dropbox
2015-10-14 11:44:55	--------	d-----w-	C:\Users\Public\CyberLink
2015-10-14 11:39:44	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-14 11:35:32	--------	d-----r-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-10-14 11:30:19	--------	d-----r-	C:\Users\GEAtje\OneDrive
2015-10-14 11:29:57	--------	d-----w-	C:\ProgramData\Microsoft OneDrive
2015-10-14 11:28:03	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-10-14 11:26:55	--------	d-----w-	C:\ProgramData\ControlCenter4
2015-10-14 11:22:16	--------	d-----w-	C:\ProgramData\boost_interprocess
2015-10-14 11:13:04	--------	d-----w-	C:\ProgramData\Brother
2015-10-14 10:48:47	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-14 10:30:57	--------	d-----r-	C:\Users\GEAtje\Searches
2015-10-14 10:30:48	--------	d-----r-	C:\Users\GEAtje\Contacts
2015-10-14 10:23:11	--------	d-----r-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2015-10-14 10:22:37	6FC234AD3752E1267B34FB12BCD6718B	20	--sh--w-	C:\Users\GEAtje\ntuser.ini
2015-10-14 10:22:36	--------	d--h--w-	C:\Users\GEAtje\AppData
2015-10-14 10:22:36	--------	d-----r-	C:\Users\GEAtje\Videos
2015-10-14 10:22:36	--------	d-----r-	C:\Users\GEAtje\Saved Games
2015-10-14 10:22:36	--------	d-----r-	C:\Users\GEAtje\Pictures
2015-10-14 10:22:36	--------	d-----r-	C:\Users\GEAtje\Music
2015-10-14 10:22:36	--------	d-----r-	C:\Users\GEAtje\Links
2015-10-14 10:22:36	--------	d-----r-	C:\Users\GEAtje\Favorites
2015-10-14 10:22:36	--------	d-----r-	C:\Users\GEAtje\Downloads
2015-10-14 10:22:36	--------	d-----r-	C:\Users\GEAtje\Documents
2015-10-14 10:22:36	--------	d-----r-	C:\Users\GEAtje\Desktop
2015-10-14 10:22:33	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics

====== C: exe-files ==
2015-11-05 19:35:24	B7B4656E0DB41DB4C677A324CC0F5DE5	6762072	----a-w-	C:\Users\GEAtje\Downloads\ccsetup511 (1).exe
2015-11-05 19:35:21	B7B4656E0DB41DB4C677A324CC0F5DE5	6762072	----a-w-	C:\Users\GEAtje\Downloads\ccsetup511.exe
2015-11-02 07:47:28	D105932A84750C5FE275A5641DB51010	643072	------w-	C:\Program Files (x86)\Brother\Firmware\FirmwareUpdater.exe
2015-11-02 07:47:28	5F4A92175B8A286D56A987419A0A0217	229376	------w-	C:\Program Files (x86)\Brother\Firmware\Pack.exe
2015-11-02 07:47:10	F528625BA29ED073D7AB6CAB066315CC	924173	----a-w-	C:\Users\GEAtje\Downloads\BrMain480.exe
2015-11-02 07:39:09	F55B617F4B7F26F6CC5F54C02760BB28	289280	------w-	C:\Program Files (x86)\Brother\Brmfl13a\Brinstck.exe
2015-11-02 07:39:09	610941B20B8C62344D428C8EB7020EED	1702912	------w-	C:\Program Files (x86)\Brother\Brmfl13a\BrScUtil.exe
2015-11-02 07:38:37	AFDFC70868F3FB89D2A541CE1DA2878E	102400	------w-	C:\Program Files (x86)\Brother\Brmfl13a\BrStDvPt.exe
2015-11-02 07:38:37	7766E65E9E466339CA583F7F2051CD5B	455432	------w-	C:\Program Files (x86)\Brother\Brmfl13a\BrRemPnP.exe
2015-11-02 07:38:37	27C9A12D64E5E7F6A395A2D0B8610522	45056	----a-w-	C:\Program Files (x86)\Brother\Brmfl13a\Brolink\Brolink0.exe
2015-11-02 07:38:20	E6213CEC602F332BF8E868B7B8BF2BB1	922176	----a-w-	C:\Program Files (x86)\Brother\Brmfl13a\NetScn\dpinstx86.exe
2015-11-02 07:38:20	AA0A91227631A09CD075D315646FB7A9	1047632	----a-w-	C:\Program Files (x86)\Brother\Brmfl13a\NetScn\dpinstx64.exe
2015-11-02 07:37:47	FBAB280D0CAC5E21C72F0A1A7B5B9608	455600	----a-w-	C:\Program Files (x86)\InstallShield Installation Information\{B742757A-7658-4E09-A51A-085CF0F7F4D3}\setup.exe
2015-11-02 07:36:27	D8E18AA0D7E84758376ACB9FF0B3220E	2043392	----a-w-	C:\Users\GEAtje\Downloads\install\wlan_wiz\wlan_assistant\waw.exe
2015-11-02 07:36:26	A26A10298931E44F1880D61C340F48A7	376832	----a-w-	C:\Users\GEAtje\Downloads\install\wlan_wiz\WirelessAPChecker.exe
2015-11-02 07:36:26	8A2D64F4F098393AF4FBB23721299B73	1913344	----a-w-	C:\Users\GEAtje\Downloads\install\wlan_wiz\uwdsw.exe
2015-11-02 07:36:26	88906AC52135299416F23C1E7FCF0A91	94208	----a-w-	C:\Users\GEAtje\Downloads\install\wlan_wiz\difx_2k\BrDifxapi2k.exe
2015-11-02 07:36:26	6D0E275B923220990633888A1340312D	94208	----a-w-	C:\Users\GEAtje\Downloads\install\wlan_wiz\difx_32\BrDifxapi.exe
2015-11-02 07:36:26	6264C18F67E9D6268A812F514657A387	119296	----a-w-	C:\Users\GEAtje\Downloads\install\wlan_wiz\difx_64\BrDifxapi64.exe
2015-11-02 07:36:26	481F60AC74F1CA5D7E17BED1D05470E8	311808	----a-w-	C:\Users\GEAtje\Downloads\install\wlan_wiz\WirelessSetupChecker.exe
2015-11-02 07:36:25	FECFDE5FC3B4162F0501242EE958F121	102400	----a-w-	C:\Users\GEAtje\Downloads\install\wlan_wiz\brwlankey.exe
2015-11-02 07:36:25	9E07671185233FDE9B4A2FCEF551F312	139264	----a-w-	C:\Users\GEAtje\Downloads\install\wlan_wiz\BrWPrWiz.exe
2015-11-02 07:36:21	E6213CEC602F332BF8E868B7B8BF2BB1	922176	----a-w-	C:\Users\GEAtje\Downloads\install\driver\gdi\32_64\dpinstx86.exe
2015-11-02 07:36:21	AA0A91227631A09CD075D315646FB7A9	1047632	----a-w-	C:\Users\GEAtje\Downloads\install\driver\gdi\32_64\dpinstx64.exe
2015-11-02 07:36:17	FBAB280D0CAC5E21C72F0A1A7B5B9608	455600	----a-w-	C:\Users\GEAtje\Downloads\install\data\Disk1\setup.exe
2015-11-02 07:36:17	CE2922F83FB4B170AFFCE0EA448B107B	2707352	----a-w-	C:\Users\GEAtje\Downloads\install\data\Disk1\VC2005RunTime\vcredist32.exe
2015-11-02 07:36:17	B88228D5FEF4B6DC019D69D4471F23EC	5073240	----a-w-	C:\Users\GEAtje\Downloads\install\data\Disk1\VC2010RunTime\vcredist32.exe
2015-11-02 07:36:17	630D75210B325A280C3352F879297ED5	5718872	----a-w-	C:\Users\GEAtje\Downloads\install\data\Disk1\VC2010RunTime\vcredist64.exe
2015-11-02 07:36:17	56EAF4E1237C974F6984EDC93972C123	3175832	----a-w-	C:\Users\GEAtje\Downloads\install\data\Disk1\VC2005RunTime\vcredist64.exe
2015-11-02 07:36:17	342F79337765760AD4E392EB67D5ED2C	2585872	----a-w-	C:\Users\GEAtje\Downloads\install\data\Disk1\WindowsInstaller-KB893803-v2-x86.exe
2015-11-02 07:36:17	1A791E445A12FD0530726920C8296D18	290816	----a-w-	C:\Users\GEAtje\Downloads\install\DCP-J152W\Setup.exe
2015-11-02 07:36:15	2C6E4E668FA2A69EE07D904403418725	106496	----a-w-	C:\Users\GEAtje\Downloads\install\data\Disk1\INSTVIEW\InstView.exe
2015-11-02 07:36:11	27C9A12D64E5E7F6A395A2D0B8610522	45056	----a-w-	C:\Users\GEAtje\Downloads\install\data\Disk1\Brolink\Brolink0.exe
2015-11-02 07:35:35	573DED493A33130268671B331FEDC012	151472160	----a-w-	C:\Users\GEAtje\Downloads\DCP-J152W-inst-A1-OCE.EXE
2015-10-30 20:58:22	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\GEAtje.exe
2015-10-30 20:58:06	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\GEAtje\Downloads\RSITx64.exe
2015-10-30 20:42:19	5BAC2A4F4B910A9ADABDECC21208CFA2	83205	----a-w-	C:\Program Files (x86)\WinArchiver Virtual Drive\uninstall.exe
2015-10-30 20:42:12	37346092E12CA41A4193D970950A0456	729262	----a-w-	C:\Users\GEAtje\Downloads\WADrive28.exe
2015-10-30 20:38:29	4AF0B87C01FA61690906D990387CD1B1	61064	----a-w-	C:\Users\GEAtje\Downloads\winxpvirtualcdcontrolpanel_21.exe
2015-10-30 20:37:23	4F4ABE635A57662510F55C3D65540A89	7321032	----a-w-	C:\Users\GEAtje\Downloads\Daemon-Tools-DukeN-NL.exe
2015-10-30 20:16:28	A03AE84660953220E522068DC5B486C2	9216	----a-w-	C:\Program Files (x86)\MagicDisc\mcdInst64.exe
2015-10-30 20:16:27	A16852B04C0A5654B0B8DFD5E1A25718	576000	----a-w-	C:\Program Files (x86)\MagicDisc\MagicDisc.exe
2015-10-30 20:16:27	973567B98CDFC147DF4E60471D9DF072	153088	----a-w-	C:\Program Files (x86)\MagicDisc\UNWISE.EXE
2015-10-30 20:16:27	3DCAD928C3BB2163F989110B4C9962A2	36864	----a-w-	C:\Program Files (x86)\MagicDisc\muninst.exe
2015-10-30 20:16:09	22EAB34E639CF9596F62CA063486CAEF	1352435	----a-w-	C:\Users\GEAtje\Downloads\setup_magicdisc.exe
=== C: other files ==
2015-11-05 19:38:54	8B2430762099598DA40686F754632EFD	451192	----a-r-	C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys
2015-11-05 19:38:54	891793E00432FA055CF040605C260E49	737952	----a-w-	C:\Windows\System32\drivers\NISx64\1309010.00E\srtsp64.sys
2015-11-05 19:38:54	5CB7F2FD7E30A0F52F93574BFC3A8041	1129120	----a-w-	C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys
2015-11-05 19:38:54	5013A76CAAA1D7CF1C55214B490B4E35	190072	----a-w-	C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys
2015-11-05 19:38:54	3911BD0E68C010E5438A87706ABBE9AB	405624	----a-w-	C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys
2015-11-05 19:38:54	1CB7BB3B0561FB5ECFE37F7731E8BF3E	37536	----a-w-	C:\Windows\System32\drivers\NISx64\1309010.00E\srtspx64.sys
2015-11-05 19:38:53	2C6FFCCA37B002AAB3C7C31A6D780A76	167072	----a-w-	C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys
2015-11-04 19:28:06	8B2430762099598DA40686F754632EFD	451192	----a-r-	C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys
2015-11-04 19:28:06	891793E00432FA055CF040605C260E49	737952	----a-w-	C:\Windows\System32\drivers\NISx64\1309000.009\srtsp64.sys
2015-11-04 19:28:06	5CB7F2FD7E30A0F52F93574BFC3A8041	1129120	----a-w-	C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys
2015-11-04 19:28:06	3911BD0E68C010E5438A87706ABBE9AB	405624	----a-w-	C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys
2015-11-04 19:28:06	1CB7BB3B0561FB5ECFE37F7731E8BF3E	37536	----a-w-	C:\Windows\System32\drivers\NISx64\1309000.009\srtspx64.sys
2015-11-04 19:28:05	5013A76CAAA1D7CF1C55214B490B4E35	190072	----a-w-	C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys
2015-11-04 19:28:05	2C6FFCCA37B002AAB3C7C31A6D780A76	167072	----a-w-	C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys
2015-10-30 20:42:19	7914A30A3849306FAE9F5DD9C3615F18	141368	----a-w-	C:\Windows\System32\drivers\waemu.sys
2015-10-30 20:16:27	79D51E7F5926E8CE1B3EBECEBAE28CFF	255552	----a-w-	C:\Windows\SysWOW64\drivers\mcdbus.sys
2015-10-30 20:16:27	79D51E7F5926E8CE1B3EBECEBAE28CFF	255552	----a-w-	C:\Windows\System32\drivers\mcdbus.sys
2015-10-30 20:16:27	79D51E7F5926E8CE1B3EBECEBAE28CFF	255552	----a-w-	C:\Program Files (x86)\MagicDisc\mcdbus.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-115903190-4080511109-3081035828-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_582BFB67187C4DDF042E1A5BAB51985A"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe                                                                                                                                                                                                              "
"DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun                                                                                                                                                                                                                "
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe"
"ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun"
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"
"BrHelp"="C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN"
"Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"DLSService"="C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
"WAHELPER.EXE"="C:\Program Files (x86)\WinArchiver Virtual Drive\WAHELPER.EXE"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_582BFB67187C4DDF042E1A5BAB51985A"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe                                                                                                                                                                                                              "
"DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun                                                                                                                                                                                                                "
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"Tiny download manager"="\"C:\\Users\\GEAtje\\AppData\\Local\\DM\\TinyDM.exe\" /M"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"HP Software Update"="c:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"


==== Startup Folders ======================

2015-10-30 20:16:35	991	----a-w-	C:\Users\GEAtje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\DropboxUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [14-10-2015 13:48]
C:\Windows\tasks\DropboxUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [14-10-2015 13:48]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14-10-2015 11:48]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
C:\Windows\tasks\HPCeeScheduleForGEATJE-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15-07-2011 12:43]
C:\Windows\tasks\HPCeeScheduleForGEAtje.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15-07-2011 12:43]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForGEAtje" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForGEATJE-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\WSCStub.exe"]
"C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe]
"C:\Windows\SysNative\tasks\SetupManager" ["C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{9FCDEE2B-079D-4B58-A8D3-BEFBACE2206F}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{D51B9355-8F46-4D63-8F6A-736B4EB2A0A3}" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\SymErr.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\SysNative\tasks\Remediation\AntimalwareMigrationTask" ["C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn" [05-11-2015 20:18]

==== Firefox Extensions ======================

ProfilePath: C:\Users\GEAtje\AppData\Roaming\TomTom\HOME\Profiles\hgx0e9gi.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.80

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\Exts\Chrome.crx[26-09-2012 04:11]

Chrome Web Store Payments - GEAtje\AppData\Local\Chromium\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Slides - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Dropbox for Gmail - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec
Google Sheets - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
CinemaPlus-3.2cV25.10 - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh
Google Docs Offline - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Pin It Button - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
Chrome Web Store Payments - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
CinemaPlus-3.2cV23.10 - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp
Gmail - GEAtje\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
CinemaPlus-3.2cV25.10 - GEAtje\AppData\Roaming\Opera Software\Opera Stable\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh
CinemaPlus-3.2cV23.10 - GEAtje\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NIS&pvid=19.9.1.14"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NIS&pvid=19.9.1.14"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox"
{d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia  Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [BrHelp] C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
O4 - HKLM\..\Run: [WAHELPER.EXE] "C:\Program Files (x86)\WinArchiver Virtual Drive\WAHELPER.EXE"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_582BFB67187C4DDF042E1A5BAB51985A] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"                                                                                                                                                                                                              
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun                                                                                                                                                                                                                
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync - klikken om te bellen - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - (no CLSID) - (no file)
O18 - Protocol: mso-minsb.16 - (no CLSID) - (no file)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - (no CLSID) - (no file)
O18 - Protocol: osf.16 - (no CLSID) - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: Dropbox-update-service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox-update-service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinArchiver Service - Unknown owner - C:\Program Files (x86)\WinArchiver Virtual Drive\WAService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GEAtje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\GEAtje\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\GEAtje\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\GEAtje\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\GEAtje\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=352 folders=114 294642224 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\GEAtje\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\GEAtje\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on do 05-11-2015 at 21:44:25,10 ======================