Zoek.exe v5.0.0.1 Updated 22-November-2015 Tool run by Olaf De Wit on ma 23/11/2015 at 21:10:17,12. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Olaf De Wit\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\WINDOWS\system32\wininit.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe C:\WINDOWS\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe C:\WINDOWS\System32\svchost.exe -k utcsvc C:\WINDOWS\system32\dashost.exe C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe c:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\WUDFHost.exe C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Dell Customer Connect\DCCService.exe C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe C:\Program Files (x86)\Dell Update\DellUpService.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe C:\Program Files\Dell\DellDataVault\DellDataVault.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\WinLogon.exe C:\WINDOWS\System32\dwm.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\WINDOWS\system32\nvvsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\WINDOWS\system32\taskhostex.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\conhost.exe C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe C:\WINDOWS\system32\GWX\GWX.exe C:\Program Files\CCleaner\CCleaner64.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Dell Update\DellUpTray.exe C:\Windows\System32\WWAHost.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe C:\Users\Olaf De Wit\Downloads\zoek.exe C:\WINDOWS\system32\conhost.exe ==== System Restore Info ====================== 23/11/2015 21:12:56 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Empty Folders Check ====================== C:\Users\Olaf De Wit\AppData\Roaming\QuickScan deleted successfully C:\Users\Olaf De Wit\AppData\Local\CrashDumps deleted successfully C:\Users\Olaf De Wit\AppData\Local\EmieSiteList deleted successfully C:\Users\Olaf De Wit\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\OLAFDE~1\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.schijtprofiel user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20152311_2124_.backup ProfilePath: C:\Users\OLAFDE~1\AppData\Roaming\Mozilla\Firefox\Profiles\iwfxxajf.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20152311_2124_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled] ==== Batch Command(s) Run By Tool====================== Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ==== Deleting Files \ Folders ====================== C:\Users\Olaf De Wit\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.schijtprofiel\extensions\artur.dubovoy@gmail.com deleted C:\Users\Olaf De Wit\AppData\Roaming\RHEng deleted C:\PROGRA~3\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1} deleted C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\OLAFDE~1\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.schijtprofiel\searchplugins\bing-lavasoft.xml deleted C:\Users\OLAFDE~1\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.schijtprofiel\extensions\firefox@ghostery.com.xpi deleted C:\Users\OLAFDE~1\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.schijtprofiel\Invalidprefs.js deleted C:\Users\OLAFDE~1\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.schijtprofiel\jetpack deleted C:\Users\OLAFDE~1\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.schijtprofiel\extensions\staged deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 12240 MB CPU Info: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz CPU Speed: 3496,6 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: NVIDIA GeForce GTX 645 | NVIDIA GeForce GTX 645 | NVIDIA GeForce GTX 645 | NVIDIA GeForce GTX 645 Monitors: 1x; DELL S2240L(Analog) | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Bluetooth Device (Personal Area Network) | Dell Wireless 1703 802.11b/g/n (2.4GHz) | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (D: | ) D: MATSHITADVD+-RW SW830 Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 919,6GB Hard Disks - Free: C: 834,1GB Manufacturer *: Dell Inc. BIOS Info: AT/AT COMPATIBLE | | DELL - 20100118 Time Zone: Romance (standaardtijd) Motherboard *: Dell Inc. 0KWVT8 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46} Default Browser: Firefox 42.0 Internet Explorer Version: 11.0.9600.18098 Mozilla Firefox version: 41.0.2 (x86 en-US) Mozilla Firefox version: 42.0 (x86 nl) Opera Browser version: 33.0.1990.115 Google Chrome version: 46.0.2490.86 Adobe Reader version: 15.9.20077.160923 Flash Player version: 19.0.0.245 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2015-11-08 13:36:52 9130CCE19B5DB3D2E31F9F789263FC4A 511328 ----a-w- C:\WINDOWS\capicom.dll 2015-11-07 21:44:35 7826082B93262AB6460E77B91C61EA30 128512 ----a-w- C:\WINDOWS\splwow64.exe 2015-11-07 18:25:42 80E856B1AFAEB6195EADAAD65945147C 1001472 ----a-w- C:\WINDOWS\HelpPane.exe 2015-11-07 18:24:35 B67DB709F5FDAA89CA6C2CB6C1E39B3B 154624 ----a-w- C:\WINDOWS\regedit.exe 2015-11-07 18:24:32 727B4519FE9919447108CBEC4768F34A 54272 ----a-w- C:\WINDOWS\twain_32.dll 2015-11-07 18:24:07 335C38783B3F1B383ECAC17DB3705895 9728 ----a-w- C:\WINDOWS\winhlp32.exe 2015-11-07 18:24:06 73E19BE0E0ECD88616B5762F621B0226 11264 ----a-w- C:\WINDOWS\write.exe 2015-11-07 18:13:19 FC2EA5BD5307D2CFA5AAA38E0C0DDCE9 221184 ----a-w- C:\WINDOWS\notepad.exe 2015-11-07 18:13:09 B934411DFE7DEACFA95A1255A48133C9 17408 ----a-w- C:\WINDOWS\hh.exe 2015-11-07 18:07:23 C10A66189DC8C090E7C84873EDCEBC88 2501368 ----a-w- C:\WINDOWS\explorer.exe ====== C:\Users\OLAFDE~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-11-18 19:25:06 10CB162F7D9A2976E0649691F91F6247 830288 ----a-w- C:\WINDOWS\Sysnative\hmpalert.dll 2015-11-18 11:55:38 7C812E287A248FBE329EFD311226BDEB 2775552 ----a-w- C:\WINDOWS\Sysnative\authui.dll 2015-11-18 11:54:49 54A9B188D1E558C9EF987ACAA5E7B997 186880 ----a-w- C:\WINDOWS\Sysnative\dpapisrv.dll 2015-11-18 11:54:04 B96A7E78FF3DFBB01515103C1D1A709D 7168 ----a-w- C:\WINDOWS\Sysnative\KBDAZEL.DLL 2015-11-18 11:54:04 B848BD522613BEFC050115376776142C 7168 ----a-w- C:\WINDOWS\Sysnative\KBDAZE.DLL 2015-11-18 11:54:04 B04F291677C9B91405E84FBCD0437411 7168 ----a-w- C:\WINDOWS\Sysnative\kbdgeoqw.dll 2015-11-18 11:54:04 80582AA01F5BD0FA9DA153630208CD93 513456 ----a-w- C:\WINDOWS\Sysnative\locale.nls 2015-11-18 11:54:04 50B837542006546DEBE89A9AB8B2A17B 7168 ----a-w- C:\WINDOWS\Sysnative\KBDAZST.DLL 2015-11-18 11:54:04 48C3652B04833C1D517A4BF751519F65 323072 ----a-w- C:\WINDOWS\Sysnative\GlobCollationHost.dll 2015-11-18 11:54:02 B80DCE56ABFF1F616609A6747B4F4997 1200128 ----a-w- C:\WINDOWS\Sysnative\Windows.Globalization.dll 2015-11-18 11:53:45 12CEF192F55EC60A9BCA37F4B2E7729B 1385280 ----a-w- C:\WINDOWS\Sysnative\msctf.dll 2015-11-18 11:52:47 B1613F8E78ACA385EC652437482AC4DC 60928 ----a-w- C:\WINDOWS\Sysnative\PCPKsp.dll 2015-11-18 11:52:24 EC302D06155F8E3C383750993FCB6B27 146432 ----a-w- C:\WINDOWS\Sysnative\wininit.exe 2015-11-18 11:52:24 3F8645885823692D93765817759BE21C 572928 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe 2015-11-12 11:50:33 FED867822D206FA0F13A53437B0E4A71 413816 ----a-w- C:\WINDOWS\Sysnative\NvIFROpenGL.dll 2015-11-12 11:50:33 D60CB1BCBBDA6132F2B20E3352835634 177600 ----a-w- C:\WINDOWS\Sysnative\nvinitx.dll 2015-11-12 11:50:33 C3FB32FCB983E4ADBD50E7D5F7191797 1564792 ----a-w- C:\WINDOWS\Sysnative\nvdispgenco6435891.dll 2015-11-12 11:50:33 B0A89D46A41F77B88DCD74E62F6CF16E 22308656 ----a-w- C:\WINDOWS\Sysnative\nvoglv64.dll 2015-11-12 11:50:33 9EB2D77449703AA31975D6F21FF03EB3 877360 ----a-w- C:\WINDOWS\Sysnative\NvFBC64.dll 2015-11-12 11:50:33 90C433059604C0DB27BE123DAC2EC142 15717864 ----a-w- C:\WINDOWS\Sysnative\nvd3dumx.dll 2015-11-12 11:50:33 866511985CEDFAC8531EA3AAD038F8DA 1905272 ----a-w- C:\WINDOWS\Sysnative\nvdispco6435891.dll 2015-11-12 11:50:33 8210ED047E55F8401928FD974BEF2B4C 16553568 ----a-w- C:\WINDOWS\Sysnative\nvopencl.dll 2015-11-12 11:50:33 68630A91680DB848BD8663689E049CBB 2870392 ----a-w- C:\WINDOWS\Sysnative\nvcuvid.dll 2015-11-12 11:50:33 34158A1F3384444BACD0C155999466DB 861816 ----a-w- C:\WINDOWS\Sysnative\NvIFR64.dll 2015-11-12 11:50:33 1BDE5819A2664A96DD45EC76866A0A69 467912 ----a-w- C:\WINDOWS\Sysnative\nvumdshimx.dll 2015-11-12 11:50:33 1BD8E47175B5CDC788F047E80954587D 151368 ----a-w- C:\WINDOWS\Sysnative\nvoglshim64.dll 2015-11-12 11:50:33 081982C8E4B02B9F76F6EFB24EF6EFD2 500872 ----a-w- C:\WINDOWS\Sysnative\nvEncodeAPI64.dll 2015-11-12 11:50:32 6E21AC37938DAEF88D455399948952CC 14835872 ----a-w- C:\WINDOWS\Sysnative\nvcuda.dll 2015-11-12 11:50:32 0F148B4B7EDBA70B362F0DA26492253D 42914096 ----a-w- C:\WINDOWS\Sysnative\nvcompiler.dll 2015-11-10 18:30:30 72350EBADEF82F8B3587D57C3711408B 990208 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll 2015-11-10 18:30:29 F870427E908CCDE2C2DD22E23AAA383D 1441280 ----a-w- C:\WINDOWS\Sysnative\lsasrv.dll 2015-11-10 18:30:29 B8E00D5F2EE6AB7FA96C3A1C18535AC9 106952 ----a-w- C:\WINDOWS\Sysnative\ncryptsslp.dll 2015-11-10 18:30:29 AD58532512F0257BF1E85E7D678F162E 397224 ----a-w- C:\WINDOWS\Sysnative\bcryptprimitives.dll 2015-11-10 18:30:29 03A24C438626230DD55BA36654871626 432640 ----a-w- C:\WINDOWS\Sysnative\schannel.dll 2015-11-10 18:30:28 8C08E7FA48A04A163EAEBCBDE683C36C 137960 ----a-w- C:\WINDOWS\Sysnative\ncrypt.dll 2015-11-10 18:30:28 5ED15CB77AEFBF89634BA6E165484467 445440 ----a-w- C:\WINDOWS\Sysnative\certcli.dll 2015-11-10 18:30:28 1351BB1EBB3D5CD7BA6BA0469EC690E8 4176384 ----a-w- C:\WINDOWS\Sysnative\win32k.sys 2015-11-10 18:30:27 9794010486A884C30555AD6B33C50382 1487008 ----a-w- C:\WINDOWS\Sysnative\winresume.efi 2015-11-10 18:30:27 83768EB0A0B48F4F5F28045830E16D6C 7455064 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe 2015-11-10 18:30:27 4CA91F030529AB0F3924BD412695B71C 1659560 ----a-w- C:\WINDOWS\Sysnative\winload.efi 2015-11-10 18:30:27 3DA758220C9058C5CCE8173B0F1C702A 1355848 ----a-w- C:\WINDOWS\Sysnative\winresume.exe 2015-11-10 18:30:27 378E3D622D254A881FF069E6621C876E 1519592 ----a-w- C:\WINDOWS\Sysnative\winload.exe 2015-11-10 18:30:25 67D3A8E2F5DECD6B6F7194BBF58696E6 25818624 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll 2015-11-10 18:30:23 1DF0E083D4D067B5798504CC3009F21C 14457856 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll 2015-11-10 18:30:22 7EFA2CD22DB05CBC41FF77E16431EF3B 5990912 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll 2015-11-10 18:30:21 FBF2564A3F45F69A5D56D30129635691 817664 ----a-w- C:\WINDOWS\Sysnative\jscript.dll 2015-11-10 18:30:21 B9DFC06F70545E14A0704698FBD9F926 2886656 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll 2015-11-10 18:30:21 08D283FD8FEC1B45932783E8640C700F 1547264 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll 2015-11-10 18:30:20 95F3687EF1486833AC713A23C671B397 720896 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe 2015-11-10 18:30:20 033E70DEEE5FED5E9A3E197A2DB1A618 2487808 ----a-w- C:\WINDOWS\Sysnative\wininet.dll 2015-11-10 18:30:19 DC1AE8930979FCDC137F44B848556439 801280 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll 2015-11-10 18:30:19 82DCCAEDD8E994AC48A61102AC9FFF36 1032704 ----a-w- C:\WINDOWS\Sysnative\inetcomm.dll 2015-11-10 18:30:19 5EE8E2E6BFFC9DA9D816A62B904116CD 585728 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll 2015-11-10 18:30:19 1275AFB2B4E55172F0AE939311F95468 800768 ----a-w- C:\WINDOWS\Sysnative\ieapfltr.dll 2015-11-10 18:30:13 AF8A43C376F83A4A1E7DA16461EDE114 1083904 ----a-w- C:\WINDOWS\Sysnative\IKEEXT.DLL ====== C:\WINDOWS\Sysnative\drivers ===== 2015-11-18 19:25:06 758AFAD0F987B4AD78829A342C71568C 69960 ----a-w- C:\WINDOWS\Sysnative\drivers\hmpnet.sys 2015-11-18 19:25:06 48CE2D2864B372AF170C0FDFADC27887 198216 ----a-w- C:\WINDOWS\Sysnative\drivers\hmpalert.sys 2015-11-18 11:55:21 FC974B03C8B87455F44F734C8F31A3C8 37376 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbuhci.sys 2015-11-18 11:55:21 D25F0093A71FFB355160358DD70B0373 443224 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbport.sys 2015-11-18 11:55:21 CD81683F4553677B9BF5163A922153EB 462168 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbhub.sys 2015-11-18 11:55:21 BBFD17B6B954FC9FA02E62D604052069 92504 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbehci.sys 2015-11-18 11:55:21 A0F0484C97D6441ED6A75D7426ECCC9E 30208 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbohci.sys 2015-11-18 11:55:21 9A2B3A98D7982372CA36A823F673EFB8 27992 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbd.sys 2015-11-18 11:55:21 5C90D5379B53590FBB24BBAD4FA682EE 468824 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS 2015-11-12 11:50:33 EE8EED1E2625FC3C96633D1141D4F70F 11130488 ----a-w- C:\WINDOWS\Sysnative\drivers\nvlddmkm.sys 2015-11-12 11:50:33 99B7DE2D7850AE4D1CAC3E10A094ECBF 31352 ----a-w- C:\WINDOWS\Sysnative\drivers\nvpciflt.sys 2015-11-10 18:30:30 E0BD2D83875464FEEEB242CBA8B7E073 108032 ----a-w- C:\WINDOWS\Sysnative\drivers\tdx.sys 2015-11-10 18:30:30 A460C3AF3755A2A79A3C8EFE72E147B5 559616 ----a-w- C:\WINDOWS\Sysnative\drivers\afd.sys 2015-11-10 18:30:28 EE16457030175F449BAB0ABD279F4B6A 202240 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys 2015-11-10 18:30:28 89DE71940A0E7F5BA617AE08321EF5C3 401408 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys 2015-11-10 18:30:28 35C19AF2116F67914712D7C4CBE47B8C 177496 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecpkg.sys 2015-11-10 18:30:28 0DE32A0BB1FE2A773666572F79584520 561952 ----a-w- C:\WINDOWS\Sysnative\drivers\cng.sys 2015-11-08 13:37:01 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_avchv_01009.Wdf 2015-11-08 13:36:52 F7F20DFE87C425221D8FCE77C5ED46AC 79192 ----a-w- C:\WINDOWS\Sysnative\drivers\bdvedisk.sys 2015-11-08 13:36:52 3AB8C5FA9589B637930783165DD94E54 98768 ----a-w- C:\WINDOWS\Sysnative\drivers\bdfndisf6.sys 2015-11-08 13:36:52 397307349A31F530718DAE781825A8EB 82824 ----a-w- C:\WINDOWS\Sysnative\drivers\bdsandbox.sys 2015-11-08 13:36:52 3701D3BF4AC12EAACB1F58847C1D32FC 23568 ----a-w- C:\WINDOWS\Sysnative\drivers\bdelam.sys 2015-11-08 13:36:47 D1A0A4A314FCE6478F2E8C05D8DABC5B 677104 ----a-w- C:\WINDOWS\Sysnative\drivers\avckf.sys 2015-11-08 13:36:47 1517FBA8213F75ECCD9311DE493DD8C9 1306464 ----a-w- C:\WINDOWS\Sysnative\drivers\avc3.sys 2015-11-08 13:36:47 075AE98458B00E98F3104D777C062032 262544 ----a-w- C:\WINDOWS\Sysnative\drivers\avchv.sys 2015-11-08 13:35:17 C8B54E81501386A91B0E0BD596965C9B 155912 ----a-w- C:\WINDOWS\Sysnative\drivers\gzflt.sys 2015-11-08 13:35:16 3E75A47D2DEFD2683DCA409572FBE8B2 452040 ----a-w- C:\WINDOWS\Sysnative\drivers\trufos.sys 2015-11-08 11:25:44 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys 2015-11-08 11:25:35 CFBC6C6D8A492697CABD1D353EE64933 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2015-11-08 11:25:35 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849 109272 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys 2015-11-08 11:25:35 08DECFCB9BA97786165A69AB1015BC30 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys 2015-11-07 21:44:40 F6ECFD6128A16A4851CFE98D4E01B011 551232 -c--a-w- C:\WINDOWS\Sysnative\drivers\vhdmp.sys 2015-11-07 21:44:40 7EC9376D245D734791AD46738712E7D8 473408 ----a-w- C:\WINDOWS\Sysnative\drivers\netio.sys 2015-11-07 21:44:40 1BD3022FD6E450B00DE560265638FD2A 112640 ----a-w- C:\WINDOWS\Sysnative\drivers\rasl2tp.sys 2015-11-07 21:44:38 B41F3E5780D97CFD44A717153AD9CF2C 80896 ----a-w- C:\WINDOWS\Sysnative\drivers\wanarp.sys 2015-11-07 21:44:38 389C998C64319CD97625B0550E52ECFA 58176 ----a-w- C:\WINDOWS\Sysnative\drivers\dam.sys 2015-11-07 21:44:37 ED54A75050211DC77F9B98C41E026858 86336 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys 2015-11-07 21:44:37 7AA01AB1C110916825E6E1389F1B9AF2 39744 -c--a-w- C:\WINDOWS\Sysnative\drivers\intelpep.sys 2015-11-07 21:44:36 DC1D9F692C2AD84C214584C28501C1F7 24576 ----a-w- C:\WINDOWS\Sysnative\drivers\ndistapi.sys 2015-11-07 21:44:36 3EE5097945A7F680E320953271EB2D4F 96768 ----a-w- C:\WINDOWS\Sysnative\drivers\agilevpn.sys 2015-11-07 21:44:36 0BBE2FA30BAD58C9ADC01E4F84A3D2A1 72192 ----a-w- C:\WINDOWS\Sysnative\drivers\ndproxy.sys 2015-11-07 21:20:59 715ABA3DD164D06457A2A3C92F6EA9D5 136512 ----a-w- C:\WINDOWS\Sysnative\drivers\wfplwfs.sys 2015-11-07 21:13:01 E85916632CD3B9E9B546968DB950BF42 154112 ----a-w- C:\WINDOWS\Sysnative\drivers\tunnel.sys 2015-11-07 21:13:01 80A2FC1A089A71F2DBE5D8394FFB009F 155480 -c--a-w- C:\WINDOWS\Sysnative\drivers\tpm.sys 2015-11-07 21:11:27 B810B2B39CCA90DC6BF42AF1658AE0D1 1201664 -c--a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys 2015-11-07 21:11:27 52A1B7ECAB4C9EF70FD41241691E09D3 81920 -c--a-w- C:\WINDOWS\Sysnative\drivers\BTHUSB.SYS 2015-11-07 21:11:27 12418846B057E4F92FC621F5C6CF737D 53248 -c--a-w- C:\WINDOWS\Sysnative\drivers\bthenum.sys 2015-11-07 18:26:29 65454187E0F8B6C0DCECB0287D06EC43 14144 -c--a-w- C:\WINDOWS\Sysnative\drivers\swenum.sys 2015-11-07 18:26:16 00C594D5A1DBD22AD8B2902B9F6EFF94 14528 -c--a-w- C:\WINDOWS\Sysnative\drivers\drmkaud.sys 2015-11-07 18:26:11 7F68063A5A0461E02BC860CE0E6BFDDC 2025792 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys 2015-11-07 18:25:55 E1BB0B6F00F470B451AB45EA13EBA0B3 1552704 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys 2015-11-07 18:25:44 6416E79A58A8FCC33A447A4DDDD3BF04 412160 ----a-w- C:\WINDOWS\Sysnative\drivers\srv.sys 2015-11-07 18:25:34 982B9495F70FEEA269C48F18E960EFDE 389952 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys 2015-11-07 18:25:32 E796AE43DDD1844281DB4D57294D17C0 533824 -c--a-w- C:\WINDOWS\Sysnative\drivers\acpi.sys 2015-11-07 18:25:32 00D8AC8E3053290BDE6EA2FB6810D2FC 678400 ----a-w- C:\WINDOWS\Sysnative\drivers\srv2.sys 2015-11-07 18:25:24 D24B1945ED1F9C96DA786DBBF1E983CE 415040 -c--a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys 2015-11-07 18:25:23 F152D55E497E12256290C43B31C7D0CE 589656 ----a-w- C:\WINDOWS\Sysnative\drivers\fvevol.sys 2015-11-07 18:25:17 2787A73C848128C950385CB3A63A6B91 337728 ----a-w- C:\WINDOWS\Sysnative\drivers\Classpnp.sys 2015-11-07 18:25:12 C1FB505A73FA2E9019D32444AB33B75A 354112 ----a-w- C:\WINDOWS\Sysnative\drivers\fltMgr.sys 2015-11-07 18:25:09 64CA2B4A49A8EAF495E435623ECCE7DB 310080 -c--a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys 2015-11-07 18:25:08 FF78D053A05E5A394F4E3C1816CC65A8 143680 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbccgp.sys 2015-11-07 18:25:08 1DD05F4857C2188744B9E864658949DD 295424 ----a-w- C:\WINDOWS\Sysnative\drivers\ks.sys 2015-11-07 18:25:06 13EFD41E351F31E087283CF66C29A25E 373568 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys 2015-11-07 18:25:02 D90AB68D0FAC9F357F663670FDBB511E 275800 -c--a-w- C:\WINDOWS\Sysnative\drivers\msiscsi.sys 2015-11-07 18:24:54 D7B4859227B02BCC1055B279A63C937F 226304 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFRd.sys 2015-11-07 18:24:52 C76097CA941FA7CAFEDB1E557969025C 272384 -c--a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys 2015-11-07 18:24:50 D4B7ED39C7900384D9E5C1283F1E7926 76800 -c--a-w- C:\WINDOWS\Sysnative\drivers\hdaudbus.sys 2015-11-07 18:24:45 D047CD668E6277FD80F0C613946F034C 246272 ----a-w- C:\WINDOWS\Sysnative\drivers\srvnet.sys 2015-11-07 18:24:45 66732C13628BDB1AB0D6FD46027327C2 148800 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS 2015-11-07 18:24:45 008F7CED69FD5B30CBDE1E03C6F36A27 445440 ----a-w- C:\WINDOWS\Sysnative\drivers\nwifi.sys 2015-11-07 18:24:44 BAFF6122CFC9F95CA175AD8C348179A4 88896 ----a-w- C:\WINDOWS\Sysnative\drivers\partmgr.sys 2015-11-07 18:24:42 481286719402E4BAEFEA0604AB1B5113 113664 ----a-w- C:\WINDOWS\Sysnative\drivers\WUDFPf.sys 2015-11-07 18:24:41 4E829B18D5BAEC29893792A3C671A847 100672 ----a-w- C:\WINDOWS\Sysnative\drivers\ksecdd.sys 2015-11-07 18:24:40 41F631007A158FEBB67F0E2AD1601BBA 93696 ----a-w- C:\WINDOWS\Sysnative\drivers\rassstp.sys 2015-11-07 18:24:39 FC0141B4A5AD6D637D883C1A89FC45C5 151040 ----a-w- C:\WINDOWS\Sysnative\drivers\pacer.sys 2015-11-07 18:24:36 F00B189ECA74DDF408AD934ADDC72477 89088 -c--a-w- C:\WINDOWS\Sysnative\drivers\drmk.sys 2015-11-07 18:24:36 91ED124E261EA8FAA1C0FFDF2A71B0C4 280384 -c--a-w- C:\WINDOWS\Sysnative\drivers\pci.sys 2015-11-07 18:24:35 A7C31B168F371E8E6796219F23E354DB 61248 ----a-w- C:\WINDOWS\Sysnative\drivers\fsdepends.sys 2015-11-07 18:24:33 A53E798C06D729CCF8459968B4372F6E 89368 ----a-w- C:\WINDOWS\Sysnative\drivers\vmbkmcl.sys 2015-11-07 18:24:31 615DFD97DEA56CE1C3A52185A3038FF8 921920 ----a-w- C:\WINDOWS\Sysnative\drivers\refs.sys 2015-11-07 18:24:30 F3C060444777A59FC63D920719E43CCD 115712 ----a-w- C:\WINDOWS\Sysnative\drivers\bridge.sys 2015-11-07 18:24:30 9C096BF5E10CA8BFA56F32522A89FAF1 79872 ----a-w- C:\WINDOWS\Sysnative\drivers\IPMIDrv.sys 2015-11-07 18:24:29 A2468CC3509394A33C4C32F99563D845 54784 ----a-w- C:\WINDOWS\Sysnative\drivers\wpcfltr.sys 2015-11-07 18:24:28 511AD3FF957A0127E6BD336FF6F89C38 97048 ----a-w- C:\WINDOWS\Sysnative\drivers\vmbus.sys 2015-11-07 18:24:28 269882812E9A68FFF1AFE1283D428322 126464 ----a-w- C:\WINDOWS\Sysnative\drivers\NdisImPlatform.sys 2015-11-07 18:24:27 EF31713EE4C7CCFE4049F7E7F15645A2 69952 ----a-w- C:\WINDOWS\Sysnative\drivers\vpci.sys 2015-11-07 18:24:27 8B9486B64E5FC17FB9CC04CA10B77A34 49944 ----a-w- C:\WINDOWS\Sysnative\drivers\vmstorfl.sys 2015-11-07 18:24:27 10A78656BF6126245631705E45F9B9CF 61208 ----a-w- C:\WINDOWS\Sysnative\drivers\winhv.sys 2015-11-07 18:24:24 6FC047578785B0435F4E2660946D1ADC 74240 ----a-w- C:\WINDOWS\Sysnative\drivers\mpsdrv.sys 2015-11-07 18:24:22 0E046FF5823B95326D10CF1B4AF23541 39424 ----a-w- C:\WINDOWS\Sysnative\drivers\nsiproxy.sys 2015-11-07 18:24:21 5F66B7BB330AA80067FC66149A692620 33600 ----a-w- C:\WINDOWS\Sysnative\drivers\wimmount.sys 2015-11-07 18:24:19 A57A897E3F87B8E9F30A627C42779A76 21824 ----a-w- C:\WINDOWS\Sysnative\drivers\tbs.sys 2015-11-07 18:24:19 8DF1254093B5C354CE725EB6B9B0DE19 146752 ----a-w- C:\WINDOWS\Sysnative\drivers\msgpioclx.sys 2015-11-07 18:24:10 D4DCE03870314D3354F3501F9DDD4123 87040 ----a-w- C:\WINDOWS\Sysnative\drivers\netvsc63.sys 2015-11-07 18:24:08 42FF4975D032CAE558AE4BB8448F6E5A 48128 ----a-w- C:\WINDOWS\Sysnative\drivers\netbios.sys 2015-11-07 18:24:05 D7A41959BB3A8510F1BAC36F5CEC1874 144384 ----a-w- C:\WINDOWS\Sysnative\drivers\rmcast.sys 2015-11-07 18:24:05 8CECC8DA55F3274181FD1EA28AD76664 43008 ----a-w- C:\WINDOWS\Sysnative\drivers\ndiscap.sys 2015-11-07 18:24:05 83868EB2924E6BC21A54337C65D614D1 47104 ----a-w- C:\WINDOWS\Sysnative\drivers\qwavedrv.sys 2015-11-07 18:24:05 51B3AC0560848CD6D65AC2033E293113 66560 ----a-w- C:\WINDOWS\Sysnative\drivers\mslldp.sys 2015-11-07 18:24:05 13BEA6C882D4D877A5A85CA149C86BC1 40960 ----a-w- C:\WINDOWS\Sysnative\drivers\scfilter.sys 2015-11-07 18:24:04 B337B1F1E82A83E20A1743E008E25C0F 17408 ----a-w- C:\WINDOWS\Sysnative\drivers\rasacd.sys 2015-11-07 18:24:04 9746BA79DE0CA5EB5104406A9ED62D01 11776 ----a-w- C:\WINDOWS\Sysnative\drivers\rootmdm.sys 2015-11-07 18:24:04 3083926D1CC5B56EA0786527B557DD1B 103424 ----a-w- C:\WINDOWS\Sysnative\drivers\Ndu.sys 2015-11-07 18:24:04 20185BEB7512EDE4EFECDFA148AC9F99 29696 -c--a-w- C:\WINDOWS\Sysnative\drivers\TsUsbGD.sys 2015-11-07 18:24:04 0139248F6B95CF0D837B5B46A2722D40 98304 -c--a-w- C:\WINDOWS\Sysnative\drivers\usbcir.sys 2015-11-07 18:17:37 BCBD64220AD85C26823453FF1DC3EFBD 284672 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys 2015-11-07 18:17:17 272A62B660A48AEF366F8A1836CED19F 57856 -c--a-w- C:\WINDOWS\Sysnative\drivers\bthhfenum.sys 2015-11-07 18:15:42 9A788037D768809DFD677F4BA08A224A 101720 ----a-w- C:\WINDOWS\Sysnative\drivers\mountmgr.sys 2015-11-07 18:15:21 DC66AE45816614D2999DCD3834DCCC4E 167424 -c--a-w- C:\WINDOWS\Sysnative\drivers\rfcomm.sys 2015-11-07 18:15:21 42F88B57CAE42FC10059C887B3FCFCEA 97792 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidbth.sys 2015-11-07 18:13:22 97DC5967F65503213FD1F1B3E4A6F983 1113944 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys 2015-11-07 18:13:21 FE14D249D39368CA62D8DA6BC94AC694 80384 ----a-w- C:\WINDOWS\Sysnative\drivers\ahcache.sys 2015-11-07 18:13:20 8CD840A062F6BDF41DDE3ACB96164B72 32256 -c--a-w- C:\WINDOWS\Sysnative\drivers\kbdhid.sys 2015-11-07 18:13:20 5FCBAB60598AE119E02B4C27DE6B99EA 30208 -c--a-w- C:\WINDOWS\Sysnative\drivers\mouhid.sys 2015-11-07 18:13:20 5917AFE4A3F695A54B99C1849C8207FE 59712 -c--a-w- C:\WINDOWS\Sysnative\drivers\kbdclass.sys 2015-11-07 18:13:20 49EE0AE9E5B64FFBBD06D55C4984B598 108544 -c--a-w- C:\WINDOWS\Sysnative\drivers\i8042prt.sys 2015-11-07 18:13:20 08374E4E5B8914DE6067CBA99F61E930 51008 -c--a-w- C:\WINDOWS\Sysnative\drivers\mouclass.sys 2015-11-07 18:13:19 148195AE95D9BC7375A08846439FDAC1 26112 -c--a-w- C:\WINDOWS\Sysnative\drivers\sermouse.sys 2015-11-07 18:13:18 BC8A79C625568DDB7DCA49D0C2741A64 27456 ----a-w- C:\WINDOWS\Sysnative\drivers\rdpvideominiport.sys 2015-11-07 18:13:18 807F8CF3E973305FC435C61CBBEE2A49 189248 -c--a-w- C:\WINDOWS\Sysnative\drivers\UCX01000.SYS 2015-11-07 18:13:18 44603DA5A87FB491EF59C889EBBB4DDB 325464 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS 2015-11-07 18:13:18 312BB35275EB15145F4B6D1FFCE56C50 20992 ----a-w- C:\WINDOWS\Sysnative\drivers\usb8023.sys 2015-11-07 18:13:08 C61EAF8E1E4B2F62BA4FDF457440B2C6 316416 ----a-w- C:\WINDOWS\Sysnative\drivers\udfs.sys 2015-11-07 18:13:00 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys 2015-11-07 18:12:45 E87A6D3B8FECD5B93BC0CFBB48C27970 991552 ----a-w- C:\WINDOWS\Sysnative\drivers\http.sys 2015-11-07 18:12:40 746DDF7D59AB8D721C88D48434597E8D 2476376 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys 2015-11-07 18:12:40 25991A1635AF725E9DC840A6A36824EC 428888 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS 2015-11-07 18:12:39 C54B6B2170BF628FD42F799A66956D75 239424 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys 2015-11-07 18:12:39 95E295FD19F80B3AD33629B5AEFEC9C7 154432 -c--a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys 2015-11-07 18:10:14 8EB7E70C2D348FE2476A2E3F2D585E3D 377152 ----a-w- C:\WINDOWS\Sysnative\drivers\clfs.sys 2015-11-07 18:09:09 FEA8FC81431AD93F44D5FBFBBF096AA7 118272 -c--a-w- C:\WINDOWS\Sysnative\drivers\bthpan.sys 2015-11-07 18:07:05 415DD71628795197F7AFC176CBADC74E 82944 ----a-w- C:\WINDOWS\Sysnative\drivers\appid.sys 2015-11-07 16:31:00 7FC5667DF73D4B04AA457CC3A4180E09 157016 ----a-w- C:\WINDOWS\Sysnative\drivers\wof.sys 2015-11-07 16:30:48 A03F362C5557E238CBFA914689C77248 134144 ----a-w- C:\WINDOWS\Sysnative\drivers\dfsc.sys 2015-11-07 16:30:48 8DB8EAB9D0C6A5DF0BDCADEA239220B4 33280 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidusb.sys 2015-11-07 16:30:48 41CF802064F72E55F50CA0A221FD36D4 49152 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpipreg.sys 2015-11-07 16:30:47 ABB7341766902F5AAB45E15F34D19E15 111616 -c--a-w- C:\WINDOWS\Sysnative\drivers\hidclass.sys 2015-11-07 16:28:39 A26AEC49F318FEE141DDDB2C5F99B3E6 249688 ----a-w- C:\WINDOWS\Sysnative\drivers\rdyboost.sys 2015-11-07 16:27:54 DDEE191AB32DFC22C6465002ECDF5EE4 124416 ----a-w- C:\WINDOWS\Sysnative\drivers\luafv.sys 2015-11-07 16:27:54 0ECEE590F2E2EF969FB74A6FC583A1E6 663040 ----a-w- C:\WINDOWS\Sysnative\drivers\PEAuth.sys 2015-11-07 16:27:42 BCFD8B149B3ADF92D0DB1E909CAF0265 79192 ----a-w- C:\WINDOWS\Sysnative\drivers\fileinfo.sys 2015-11-07 16:27:39 38A82F4EE8C416A6744B6D30381ED768 33280 -c--a-w- C:\WINDOWS\Sysnative\drivers\BasicRender.sys 2015-11-07 16:27:37 D30C67473A2E229662D21F27EAA9AAA5 226304 -c--a-w- C:\WINDOWS\Sysnative\drivers\BthLEEnum.sys 2015-11-07 16:27:37 0B1E929D11A8E358106955603FAC65E8 79192 -c--a-w- C:\WINDOWS\Sysnative\drivers\sdstor.sys 2015-11-07 16:27:29 61A1C2641321A6B89A2B41C5D481EF48 71888 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpfve.sys 2015-11-07 16:27:03 9CC0003FB8ED3763B977B43F1012FF63 54272 ----a-w- C:\WINDOWS\Sysnative\drivers\watchdog.sys 2015-11-07 16:02:10 D812362E8AF615B521AD4DF19A93BD5A 205456 ----a-w- C:\WINDOWS\Sysnative\drivers\nvhda64v.sys 2015-11-07 16:02:10 35DFC12FD7E44B7CB8CCD7E5A2B3975A 50472 ----a-w- C:\WINDOWS\Sysnative\drivers\nvvad64v.sys 2015-11-07 15:08:26 B7342B3C58E91107F6E946A93D9D4EFD 142848 ----a-w- C:\WINDOWS\Sysnative\drivers\ipnat.sys 2015-11-07 15:08:26 1C89EF529DB7DCA98E801EFDCC8437DE 19456 -c--a-w- C:\WINDOWS\Sysnative\drivers\BtaMPM.sys 2015-11-07 15:06:31 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\WINDOWS\Sysnative\drivers\rdbss.sys 2015-11-07 15:05:24 6B06E2D11E604BE2B1A406C4CB3B90DE 57176 -c--a-w- C:\WINDOWS\Sysnative\drivers\stornvme.sys 2015-11-07 15:02:48 0044B31F93946D5D41982314381FE431 146776 ----a-w- C:\WINDOWS\Sysnative\drivers\SerCx2.sys 2015-11-07 14:59:08 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_LocationProvider_01_11_00.Wdf ====== C:\WINDOWS\Tasks ====== 2015-11-15 12:02:40 4BC3C323E9D8685C3E2E443D235AF80A 4060 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2015-11-15 12:02:40 2F09008E3A23073FBF84CD9A07A710EC 3824 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2015-11-15 12:02:40 202E2AA9B37A3E4DE8B6C10727FDFC4F 1086 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-15 12:02:39 AC734AFED6E58BB60C78A53A8EFBF8E8 1082 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-14 19:33:52 A047CD691B8F076EE6B610DA033DBCC4 3484 ----a-w- C:\WINDOWS\Sysnative\Tasks\PCDEventLauncherTask 2015-11-14 19:33:51 D2D247E55993B417548DA0F5EB6FA102 3232 ----a-w- C:\WINDOWS\Sysnative\Tasks\SystemToolsDailyTest 2015-11-14 19:33:51 382DA21A1DC6E6C315214088D43DB86C 4044 ----a-w- C:\WINDOWS\Sysnative\Tasks\PCDoctorBackgroundMonitorTask 2015-11-13 19:06:58 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Acrobat Update Task 2015-11-10 11:02:18 59EE7B8E0C4C264BF6B6D703937D8959 3112 ----a-w- C:\WINDOWS\Sysnative\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3353583409-2322390238-1352878597-1002 2015-11-09 10:01:37 A306FEEC695667D85D4AC5E9EE2EBA9D 940 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-11-09 10:01:37 3181981E73B6AD07F7DF65BA19DBBA20 3828 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player Updater 2015-11-08 16:21:52 A306C57510DFB0B817625761779E2D0E 3834 ----a-w- C:\WINDOWS\Sysnative\Tasks\Opera scheduled Autoupdate 1446999707 2015-11-08 15:03:57 C96425705CA9873C1BFE3C72B709B4CC 3518 ----a-w- C:\WINDOWS\Sysnative\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 2015-11-07 19:36:26 83C4ADA64F3A530E0E9E8F9AC8F907B2 3822 ----a-w- C:\WINDOWS\Sysnative\Tasks\Dell SupportAssistAgent AutoUpdate 2015-11-07 14:57:20 4F8216C2203CC1CAFCCF78ABBFFE323D 3986 ----a-w- C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{0FCE55B7-9C1A-4780-ADD5-9A8844D98AB5} 2015-11-07 13:48:29 D1B0C1309BA8BC2C0A0BA960FDE53616 3600 ----a-w- C:\WINDOWS\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3353583409-2322390238-1352878597-1002 2015-11-07 13:43:45 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\WPD ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-11-21 19:23:13 -------- d-----w- C:\Program Files\trend micro 2015-11-14 19:33:45 -------- d-----w- C:\Program Files\Dell Support Center 2015-11-10 10:55:06 -------- d-----w- C:\Program Files\Microsoft Office 15 2015-11-08 15:54:00 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2015-11-08 15:03:57 -------- d-----w- C:\Program Files\Common Files\AV 2015-11-08 13:35:16 -------- d-----w- C:\Program Files\Bitdefender 2015-11-08 13:34:57 -------- d-----w- C:\Program Files\Common Files\Bitdefender 2015-11-07 21:36:55 -------- d-----w- C:\Program Files\Microsoft Silverlight 2015-11-07 19:34:19 -------- d-----w- C:\Program Files\Dell 2015-11-07 16:28:30 -------- d-----w- C:\Program Files\File Shredder 2015-11-07 16:26:55 -------- d-----w- C:\Program Files\Unlocker 2015-11-07 16:23:25 -------- d-----w- C:\Program Files\Registrar Registry Manager 2015-11-07 15:44:34 -------- d-----w- C:\Program Files\Common Files\Atheros ======= C:\PROGRA~2 ===== 2015-11-21 12:55:15 -------- d-----w- C:\PROGRA~2\HostsMan 2015-11-18 19:25:06 -------- d-----w- C:\PROGRA~2\HitmanPro.Alert 2015-11-16 19:42:58 -------- d-----w- C:\PROGRA~2\foobar2000 2015-11-16 19:07:58 -------- d-----w- C:\PROGRA~2\Last.fm 2015-11-15 12:28:41 -------- d-----w- C:\PROGRA~2\VideoLAN 2015-11-15 12:02:39 -------- d-----w- C:\PROGRA~2\Google 2015-11-13 19:06:46 -------- d-----w- C:\PROGRA~2\COMMON~1\Adobe 2015-11-13 19:06:46 -------- d-----w- C:\PROGRA~2\Adobe 2015-11-10 12:57:19 -------- d-----w- C:\PROGRA~2\Dell Customer Connect 2015-11-10 12:56:42 -------- d-----w- C:\PROGRA~2\Dell Update 2015-11-10 11:01:50 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER 2015-11-10 10:57:10 -------- d-----w- C:\PROGRA~2\Microsoft Office 2015-11-09 20:27:43 -------- d-----w- C:\PROGRA~2\FastStone Photo Resizer 2015-11-09 20:25:25 -------- d-----w- C:\PROGRA~2\FastStone Image Viewer 2015-11-09 13:22:45 -------- d-----w- C:\PROGRA~2\Awesome Duplicate Photo Finder 2015-11-08 19:19:00 -------- d-----w- C:\PROGRA~2\MozBackup 2015-11-08 16:21:40 -------- d-----w- C:\PROGRA~2\Opera 2015-11-08 16:19:03 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2015-11-08 13:46:29 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2015-11-08 13:46:27 -------- d-----r- C:\PROGRA~2\Skype 2015-11-08 13:34:36 -------- d-----w- C:\PROGRA~2\COMMON~1\Bitdefender 2015-11-07 21:36:55 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight 2015-11-07 21:02:06 -------- d-----w- C:\PROGRA~2\Microsoft ASP.NET 2015-11-07 19:35:59 -------- d-----w- C:\PROGRA~2\Dell 2015-11-07 16:25:04 -------- d-----w- C:\PROGRA~2\FileASSASSIN 2015-11-07 14:57:01 -------- d-----w- C:\PROGRA~2\VS Revo Group ======= C: ===== 2015-11-17 19:28:34 A539E4534EFAF4730F9CF6A88B020924 243 ----a-w- C:\DelFix.txt 2015-11-07 13:35:02 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Recovery.txt ====== C:\Users\Olaf De Wit\AppData\Roaming ====== 2015-11-23 20:24:21 -------- d-----r- C:\Users\Olaf De Wit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-11-21 12:55:19 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\abelhadigital.com 2015-11-20 18:40:38 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Microsoft Help 2015-11-17 10:04:31 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\CEF 2015-11-17 10:04:25 -------- d-----w- C:\Users\Olaf De Wit\AppData\Locallow\Adobe 2015-11-16 19:09:46 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\vlc 2015-11-16 19:07:58 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Last.fm 2015-11-15 18:41:31 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\VASCO 2015-11-15 18:41:25 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Package Cache 2015-11-15 12:02:36 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Google 2015-11-10 12:56:34 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Dell_Inc 2015-11-10 10:49:45 9F7460D6D283912B550AD29A68409255 993440 ----a-w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2015-11-09 22:07:34 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\GWX 2015-11-09 20:27:53 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\FastStone 2015-11-09 20:25:58 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\FastStone 2015-11-09 13:22:49 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Awesome Duplicate Photo Finder 2015-11-09 10:01:11 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Adobe 2015-11-08 20:27:44 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Mozilla 2015-11-08 20:05:10 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Diagnostics 2015-11-08 16:22:10 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Opera Software 2015-11-08 16:22:09 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Opera Software 2015-11-08 16:19:08 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Mozilla 2015-11-08 15:54:26 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\SUPERAntiSpyware.com 2015-11-08 15:40:07 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming\Bitdefender 2015-11-08 13:37:55 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming\QuickScan 2015-11-08 13:36:34 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Bitdefender 2015-11-08 12:14:00 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft 2015-11-08 10:44:13 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell 2015-11-08 10:44:07 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Deployment 2015-11-08 10:44:07 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Apps 2015-11-07 22:47:12 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Dell_Products,_LP 2015-11-07 22:43:49 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\CrashDumps 2015-11-07 21:45:20 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Skype 2015-11-07 21:45:14 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Skype 2015-11-07 20:59:31 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\RegistryBackups 2015-11-07 20:18:47 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Identities 2015-11-07 19:28:10 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\PCDr 2015-11-07 19:03:38 -------- d-sh--w- C:\Users\Olaf De Wit\AppData\Locallow\EmieUserList 2015-11-07 19:03:31 -------- d-sh--w- C:\Users\Olaf De Wit\AppData\Locallow\EmieSiteList 2015-11-07 16:26:55 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2015-11-07 16:23:16 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Programs 2015-11-07 16:03:26 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\NVIDIA Corporation 2015-11-07 16:03:26 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\NVIDIA 2015-11-07 15:33:30 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\ElevatedDiagnostics 2015-11-07 14:59:10 -------- d-s---w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Locallow\Microsoft 2015-11-07 14:57:01 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2015-11-07 13:48:50 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\PnrpSqm 2015-11-07 13:45:49 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking 2015-11-07 13:44:58 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Intel Corporation 2015-11-07 13:44:29 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Leadertech 2015-11-07 13:44:20 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Power2Go8 2015-11-07 13:44:15 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\BMExplorer 2015-11-07 13:44:13 -------- d-s---w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Locallow\Microsoft 2015-11-07 13:44:00 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Atheros 2015-11-07 13:43:51 -------- d-s---w- C:\Users\Olaf De Wit\AppData\Locallow\Microsoft 2015-11-07 13:43:17 -------- d-----r- C:\Users\Olaf De Wit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2015-11-07 13:43:17 -------- d-----r- C:\Users\Olaf De Wit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2015-11-07 13:43:14 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Adobe 2015-11-07 13:43:13 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\VirtualStore 2015-11-07 13:42:58 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Packages 2015-11-07 13:42:48 -------- d-s---w- C:\Users\Olaf De Wit\AppData\Roaming\Microsoft 2015-11-07 13:42:48 -------- d-----w- C:\Users\Olaf De Wit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-11-07 13:42:48 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Temp 2015-11-07 13:42:48 -------- d-----w- C:\Users\Olaf De Wit\AppData\Local\Microsoft 2015-11-07 13:42:48 -------- d-----r- C:\Users\Olaf De Wit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-11-07 13:42:48 -------- d-----r- C:\Users\Olaf De Wit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-11-07 13:42:48 -------- d-----r- C:\Users\Olaf De Wit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-11-07 13:38:37 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Packages ====== C:\Users\Olaf De Wit ====== 2015-11-21 19:22:02 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Olaf De Wit\Downloads\RSITx64.exe 2015-11-21 12:55:19 -------- d-----w- C:\ProgramData\abelhadigital.com 2015-11-21 12:55:16 -------- d-----w- C:\Users\Public\Documents\HostsMan Backups 2015-11-21 12:55:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HostsMan 2015-11-20 09:59:56 38F189B2B6DA1A16E6E86D4B65A44466 1504384 ----a-w- C:\Users\Olaf De Wit\Downloads\SkypeSetup.exe 2015-11-18 19:33:39 E7A5CEB98F3FD6DE9BFB72972F8EFC37 5490752 ----a-w- C:\Users\Olaf De Wit\Downloads\PSISetup.exe 2015-11-18 19:25:27 -------- d-----w- C:\ProgramData\HitmanPro 2015-11-18 19:25:07 -------- d-----w- C:\ProgramData\HitmanPro.Alert 2015-11-18 19:25:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2015-11-18 19:24:38 993FF339360D36B66963C3F8F1CA03F3 4093696 ----a-w- C:\Users\Olaf De Wit\Downloads\hmpalert.exe 2015-11-17 12:48:16 5A432C2DBAEC0EFBE33D8A8E24BCFB95 42710448 ----a-w- C:\Users\Olaf De Wit\Downloads\Firefox Setup 41.0.2.exe 2015-11-17 12:07:56 2E40C8E5F83FA8A0739F687DFABDD157 3105184 ----a-w- C:\Users\Olaf De Wit\Downloads\BitDefender_Uninstall_Tool.exe 2015-11-16 19:08:42 -------- d-----w- C:\ProgramData\Last.fm 2015-11-16 19:08:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm 2015-11-16 19:06:48 2DC2AB1B346EA341FFF7F4259BF25703 15963960 ----a-w- C:\Users\Olaf De Wit\Documents\Last.fm-2.1.37.exe 2015-11-15 18:40:57 EF8554FD1FAAB93BACD3210614340D63 2349664 ----a-w- C:\Users\Olaf De Wit\Documents\VASCOSmartCardReaderPlugin.exe 2015-11-15 12:28:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-11-15 12:27:32 B8C997E772BE343E1664FEE14C1FB9B7 28849904 ----a-w- C:\Users\Olaf De Wit\Downloads\vlc-2.2.1-win32.exe 2015-11-15 12:02:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-11-15 12:02:22 5E5B7B2092E26853AC90E49BDDBDF90E 929872 ----a-w- C:\Users\Olaf De Wit\Downloads\ChromeSetup.exe 2015-11-14 20:30:23 -------- d-----w- C:\Users\Olaf De Wit\dwhelper 2015-11-14 19:33:46 -------- d-----w- C:\ProgramData\PC-Doctor for Windows 2015-11-14 16:29:04 E6FA7781D11C3FFDFB91D3B3C78383A3 781312 ----a-w- C:\Users\Olaf De Wit\Downloads\delfix_1.011.exe 2015-11-13 19:06:36 -------- d-----w- C:\ProgramData\Adobe 2015-11-12 20:58:49 0E2D4634C4373F6425A142E99ABA7E63 50100 ----a-w- C:\ProgramData\1447361904.bdinstall.bin 2015-11-12 20:58:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner 2015-11-12 20:56:05 6C32BFF81BE101DB682CA0CF51823817 34010104 ----a-w- C:\Users\Olaf De Wit\Downloads\60Second_x64.exe 2015-11-12 20:55:29 EC49EC4785EB3E962B2CC9857655F99A 160160 ----a-w- C:\Users\Olaf De Wit\Downloads\60Second_en_us.exe 2015-11-10 18:15:13 7A7B33FB668B7675E2CC9617369B0E44 48128128 ----a-w- C:\Users\Olaf De Wit\Downloads\SkypeSetupFull.exe 2015-11-10 11:02:18 -------- d-----r- C:\Users\Olaf De Wit\OneDrive 2015-11-10 11:02:14 -------- d-----w- C:\ProgramData\Microsoft OneDrive 2015-11-10 10:55:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-11-10 10:54:38 F2920BB3159364A16B66F0C220BC6C71 1105088 ----a-w- C:\Users\Olaf De Wit\Downloads\Setup.X86.nl-NL_HomeBusinessRetail_8b59ff9c-c7a9-4ac2-8f0f-c867150ec0b2_TX_DB_.exe 2015-11-09 21:05:22 64D75DA1AD9217A0F6775B80D5EDE160 1529433 ----a-w- C:\Users\Olaf De Wit\Downloads\DupFinderSetup-0.8.0.exe 2015-11-09 21:03:57 C73349A573125AB579EB20663A329C45 8632888 ----a-w- C:\Users\Olaf De Wit\Downloads\DuplicateCleaner3_setup.exe 2015-11-09 20:27:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer 2015-11-09 20:25:47 A4F825165E45CAEE048AEA0D8F42B030 1732941 ----a-w- C:\Users\Olaf De Wit\Downloads\FSResizerSetup35.exe 2015-11-09 20:25:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer 2015-11-09 13:22:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awesome Duplicate Photo Finder 2015-11-08 20:09:04 -------- d-----w- C:\ProgramData\Mozilla 2015-11-08 19:19:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup 2015-11-08 15:54:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-11-08 15:54:00 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2015-11-08 13:46:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-11-08 13:38:09 124CCA2A2B2D7CC7780D7FF17723C32B 551960 ----a-w- C:\ProgramData\1446989701.bdinstall.bin 2015-11-08 13:37:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015 2015-11-08 13:36:55 -------- d-----w- C:\ProgramData\BDLogging 2015-11-08 13:35:17 -------- d-----w- C:\ProgramData\Bitdefender 2015-11-07 21:45:08 -------- d-----w- C:\ProgramData\Skype 2015-11-07 21:37:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-11-07 19:35:59 -------- d-----w- C:\ProgramData\SupportAssistAgent 2015-11-07 16:28:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder 2015-11-07 16:25:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN 2015-11-07 16:23:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager 2015-11-07 16:03:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-11-07 16:02:55 -------- d-----w- C:\ProgramData\NVIDIA 2015-11-07 16:02:44 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2015-11-07 13:44:02 -------- d-----w- C:\ProgramData\Atheros 2015-11-07 13:43:17 -------- d-----r- C:\Users\Olaf De Wit\Searches 2015-11-07 13:43:17 -------- d-----r- C:\Users\Olaf De Wit\Contacts 2015-11-07 13:42:49 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Olaf De Wit\ntuser.ini 2015-11-07 13:42:48 -------- d-----w- C:\Users\Olaf De Wit\AppData 2015-11-07 13:42:48 -------- d-----r- C:\Users\Olaf De Wit\Videos 2015-11-07 13:42:48 -------- d-----r- C:\Users\Olaf De Wit\Saved Games 2015-11-07 13:42:48 -------- d-----r- C:\Users\Olaf De Wit\Pictures 2015-11-07 13:42:48 -------- d-----r- C:\Users\Olaf De Wit\Music 2015-11-07 13:42:48 -------- d-----r- C:\Users\Olaf De Wit\Links 2015-11-07 13:42:48 -------- d-----r- C:\Users\Olaf De Wit\Favorites 2015-11-07 13:42:48 -------- d-----r- C:\Users\Olaf De Wit\Downloads 2015-11-07 13:42:48 -------- d-----r- C:\Users\Olaf De Wit\Documents 2015-11-07 13:42:48 -------- d-----r- C:\Users\Olaf De Wit\Desktop 2015-11-07 13:38:33 -------- d--h--r- C:\Users\Public\AccountPictures ====== C: exe-files == 2015-11-23 19:32:25 7D231CC905343F4019BFAEF03C9F09C2 595080 ----a-w- C:\Users\Olaf De Wit\AppData\Local\NVIDIA\NvBackend\Packages\00008309\CoProc update.20193427.exe 2015-11-23 19:32:25 05AB70BC7278194B9039AB56A305087F 6909736 ----a-w- C:\Users\Olaf De Wit\AppData\Local\NVIDIA\NvBackend\Packages\0000830b\DAO.20194227.exe 2015-11-23 13:34:10 E5330692BA76355A64ACBD83084D5917 630200 ----a-w- C:\Users\Olaf De Wit\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2015-11-23 13:34:06 418A652D7D7193D360AB0CBAC1897CAF 172984 ----a-w- C:\Users\Olaf De Wit\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2015-11-21 19:23:17 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Olaf De Wit.exe 2015-11-21 19:22:02 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Olaf De Wit\Downloads\RSITx64.exe 2015-11-21 12:55:15 EFEF956A6DD50914F152DCD8054F2210 1197769 ----a-w- C:\Program Files (x86)\HostsMan\unins000.exe 2015-11-21 12:55:15 9A29A8B8D6DC94CF326D2527A0F52D25 8161280 ----a-w- C:\Program Files (x86)\HostsMan\hm.exe 2015-11-21 12:15:14 B4A71E191A665A710DFCF3CA21C493D2 196400 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\Update.Core\WLMerger.exe 2015-11-21 12:15:14 6665DBA0F6C2E327B891A0208C4C9436 20344112 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\NvStreamUserAgent.exe 2015-11-21 12:15:14 5A9CFD13EBC458F75D1D71462A9BEA90 413816 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe 2015-11-21 12:15:14 345ACD33DAD5C0335DFDED49A684FE1B 22395184 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\NvStreamUserAgent.exe 2015-11-21 12:15:13 F8C06CC5A2800573F5E05AA729CABC7F 282064 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\nvsphelper.exe 2015-11-21 12:15:13 F134509125549725E67EE9E07C0284E0 7551280 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\nvspcaps64.exe 2015-11-21 12:15:13 DD37DC13DF1224A8719208AE5CDE2B63 2757424 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\Update.Core\NvBackend.exe 2015-11-21 12:15:13 C196DA57E838EA68BD65BDAADCCBD4F2 4611888 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\NvStreamService.exe 2015-11-21 12:15:13 BFEA1BE477837DBF9611A7A01A5CA9B5 595760 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience\7z.exe 2015-11-21 12:15:13 BCD7293A005127E7FF8DE8675C172F3E 637560 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe 2015-11-21 12:15:13 BB25EE283D49FD15D37137E647EEB941 6557488 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\nvspcaps.exe 2015-11-21 12:15:13 94A0019FE128EF66A232CE92074CEDD8 6851376 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\nvstreamer.exe 2015-11-21 12:15:13 8FC45ACC0664F88443203510EA066C0E 87160 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\LEDVisualizer\NvLedServiceHost.exe 2015-11-21 12:15:13 7F49FFABBF0F47F195484703A04FB729 1058608 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience\LaunchGFExperience.exe 2015-11-21 12:15:13 79DE078B7F4832C1B45F992100EF3B48 1872688 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NVI2\NVNetworkService.exe 2015-11-21 12:15:13 74D8E6B782A088C1494BCE27B42B11D7 126584 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\LEDVisualizer\NvLedVisualizer.exe 2015-11-21 12:15:13 73FA6B2DF3348AF05E1F98310854BD4F 5915440 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\NvStreamService.exe 2015-11-21 12:15:13 7197794CD69F538470466AE8A95FA93F 5457200 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe 2015-11-21 12:15:13 6F5AC1C495DA6D19AF99A59DC44BC13F 8133424 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\NvStreamNetworkService.exe 2015-11-21 12:15:13 6E035CE4623634F9ACC015F0CC895547 6288688 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\NvStreamNetworkService.exe 2015-11-21 12:15:13 5E42BDFF22707E577AD82BE4C43C3BCE 1156400 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GfExperienceService\GfExperienceService64.exe 2015-11-21 12:15:13 5789DDB6852FAA8776B93B2424C8B8BE 317176 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\nvsphelper64.exe 2015-11-21 12:15:13 56A8BCA7D7F2B622DE309A2C3741A9C9 922928 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GfExperienceService\GfExperienceService32.exe 2015-11-21 12:15:13 5166A0D4C7604BC0D22137842CC89BAE 4744496 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience\GFExperience.exe 2015-11-21 12:15:13 2CCD9A74A0F9C7605EAFA3F3AC8DC476 1872688 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\Network.Service\NVNetworkService.exe 2015-11-21 12:15:13 0AAF5F65817A07E57DEE00FEF50C63C1 519984 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\DXSETUP.exe 2015-11-21 12:15:06 64054B001135D554F964D13BC6E9A2FE 38976016 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\1bc90cc7-32b2-4d50-a079-8bec10f4b776\GeForce_Experience_Update_v2.7.4.10.exe 2015-11-20 10:11:35 F484E33AF3D33D6EE8E427C1397A6A89 1118360 ----a-w- C:\Users\Olaf De Wit\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exe 2015-11-20 10:11:35 6950F2C84A7568B448D22B3D4BBE1E02 170128 ----a-w- C:\Users\Olaf De Wit\AppData\Local\Microsoft\BingSvc\BSvcUpdater.exe 2015-11-20 10:01:31 CC436BB2A26391F3DEBE316F6FB0474F 144008 ----a-w- C:\Users\Olaf De Wit\AppData\Local\Microsoft\BingSvc\BingSvc.exe 2015-11-20 09:59:56 38F189B2B6DA1A16E6E86D4B65A44466 1504384 ----a-w- C:\Users\Olaf De Wit\Downloads\SkypeSetup.exe 2015-11-19 12:28:59 C6C51503C186FC5CBF655AEEA1C9D7A8 73336 ----a-w- C:\Program Files (x86)\Opera\33.0.1990.115\wow_helper.exe 2015-11-19 12:28:59 89F91CD6437C96638B420876AB32E777 3613304 ----a-w- C:\Program Files (x86)\Opera\33.0.1990.115\opera_autoupdate.exe 2015-11-19 12:28:59 69320EC4FCE0A5BB3467FC66A93723A9 883832 ----a-w- C:\Program Files (x86)\Opera\33.0.1990.115\opera.exe 2015-11-19 12:28:59 25F9D1B948781A063E5FC73B9335306D 504440 ----a-w- C:\Program Files (x86)\Opera\33.0.1990.115\opera_crashreporter.exe 2015-11-19 12:28:59 0EC45A85FB503D88141173D617F99A53 1316984 ----a-w- C:\Program Files (x86)\Opera\33.0.1990.115\installer.exe 2015-11-18 19:33:39 E7A5CEB98F3FD6DE9BFB72972F8EFC37 5490752 ----a-w- C:\Users\Olaf De Wit\Downloads\PSISetup.exe 2015-11-18 19:25:06 7F6CB19F83D7F4EB10394A17EB266622 4108104 ----a-w- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe 2015-11-18 19:24:38 993FF339360D36B66963C3F8F1CA03F3 4093696 ----a-w- C:\Users\Olaf De Wit\Downloads\hmpalert.exe 2015-11-18 11:52:24 EC302D06155F8E3C383750993FCB6B27 146432 ----a-w- C:\Windows\System32\wininit.exe 2015-11-18 11:52:24 3F8645885823692D93765817759BE21C 572928 ----a-w- C:\Windows\System32\winlogon.exe 2015-11-17 16:15:12 CB02D52023950BBD1BDB78CAE0164D20 50509440 ----a-r- C:\Program Files (x86)\Skype\Phone\Skype.exe 2015-11-17 12:48:16 5A432C2DBAEC0EFBE33D8A8E24BCFB95 42710448 ----a-w- C:\Users\Olaf De Wit\Downloads\Firefox Setup 41.0.2.exe 2015-11-17 12:07:56 2E40C8E5F83FA8A0739F687DFABDD157 3105184 ----a-w- C:\Users\Olaf De Wit\Downloads\BitDefender_Uninstall_Tool.exe === C: other files == 2015-11-23 20:03:48 D1FBD16E7BF09FEBC21758A7B261EBEB 962762 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\AdblockPlus{2.6.11}.xpi 2015-11-23 20:03:48 C3F52D591990E9B0D2BFF71D42DDD973 518450 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\UnMHT{8.0.0}.xpi 2015-11-23 20:03:48 960D8B3AA41BBAF3344834B1857B759C 67128 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\YouTubeFlashVideoPlayer{42.0}.xpi 2015-11-23 20:03:47 CC1EDC2FC4F4717654ABB51CBBEA061A 636306 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\VideoDownloadHelper{5.4.2}.xpi 2015-11-23 20:03:47 54B290893F2C3ADEAD17D8F4D2A98D36 562123 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\NoScript{2.6.9.39}.xpi 2015-11-23 20:03:47 12637F01584BEFE2468A39D6FA335869 292441 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\SpeedDial{0.9.6.18}.xpi 2015-11-23 20:03:44 E220C7038ABCAADB0B65E812BE5CE380 80423 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\FlashControl{2.0.6}.xpi 2015-11-23 20:03:44 C0A49604CAC8E148A18B439B57BA398E 1552303 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\Ghostery{5.4.9}.xpi 2015-11-23 20:03:44 9E0C9F71AC4823F3A28DDACA212423A8 120696 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\ElementHidingHelpervoorAdblockPlus{1.3.4}.xpi 2015-11-23 20:03:44 9ADDE0CD9F1126EDBCFDBCF3DEA7B4C8 1339978 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\FEBE{8.8}.xpi 2015-11-23 20:03:44 920C70BE04FCFE6AA9DF6997B9D55B2E 255799 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\OPIE{5.0.2.1-signed}.xpi 2015-11-23 20:03:44 825AE7AE62A44AB6C0350A0FB57E8E55 90120 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\Self-DestructingCookies{0.4.9}.xpi 2015-11-23 20:03:44 80FCCF278B6ED615267C0CB11BC4B8F5 29160 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\TheAddonBarrestored{3.2.1-signed}.xpi 2015-11-23 20:03:44 7E5797DFCC98F52961CF2DED245A78D4 38608 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\FlashStopper{1.2.9}.xpi 2015-11-23 20:03:44 72003FF0595C7CE1CBBB452A9FC848DE 1478281 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\uBlockOrigin{1.3.6}.xpi 2015-11-23 20:03:44 657F32D91E6D0006ABD32124BD0CBCD2 240579 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\CookieKeeper{1.8.5.1-signed}.xpi 2015-11-23 20:03:44 3128A8FA70BA4AF7AD4B86D16D1C64ED 54245 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\YouTubeFlashPlayer{1.4.0}.xpi 2015-11-23 20:03:44 227F30220DE3070014C99759E9074969 557897 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\SessionManager{0.8.1.8}.xpi 2015-11-23 20:03:44 031338DF85EEC8B021C5D6F171E9D8EA 403013 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\VideoDownloaderprofessional{1.97.37.1-signed}.xpi 2015-11-23 20:03:36 3A5AB4284AD57CB6B2A0603D1A5B19A2 10524033 ----a-w- C:\Users\Olaf De Wit\Documents\FEBE 2015 23.11 21.03.35\FlashVideoDownloader-YouTubeHDDownload4K{8.3.2}.xpi 2015-11-21 12:54:46 158B6E79BB6DCA61F6DF8D238E002276 3048335 ----a-w- C:\Users\Olaf De Wit\Downloads\HostsMan_4.6.103_installer.zip 2015-11-21 12:15:17 C2A9985C97DF5946AEAE7C001625410C 44840 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NvVAD\nvvad32v.sys 2015-11-21 12:15:17 9D9CAD70EA640AB8D3EB77BFAE6CABE2 28344 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShieldWirelessController\NVSWCFilter64.sys 2015-11-21 12:15:17 7ABD081BB7A1A8CF7E3B1E64183AB812 24760 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShieldWirelessController\NVSWCFilter32.sys 2015-11-21 12:15:17 6BA67F058130DC3B49EA2A9AD2675AE6 15664 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NVI2\NVI2SystemService64.sys 2015-11-21 12:15:17 639ACDF6BB612E3EC5D6D25C69C77BCB 18736 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\NvStreamKms.sys 2015-11-21 12:15:17 35DFC12FD7E44B7CB8CCD7E5A2B3975A 50472 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NvVAD\nvvad64v.sys 2015-11-21 12:15:17 2F61DB46C84CCBB5D9F75065A85D2173 19760 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\NvStreamKms.sys 2015-11-21 12:15:17 1C201F9AD3DFFEE3E42E19FEE85238A8 14640 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NVI2\NVI2SystemService32.sys 2015-11-19 12:28:59 F6B685306C89EE40A4B687A1F0758DCA 218650 ----a-w- C:\Program Files (x86)\Opera\33.0.1990.115\resources\standard_themes\default_theme.zip 2015-11-19 12:28:59 B9E7A356DBFD03D6EC62607A3F7A267B 53056 ----a-w- C:\Program Files (x86)\Opera\33.0.1990.115\resources\standard_themes\reine.zip 2015-11-19 12:28:59 9BB699BFD48DC443711F1BE8077B5677 289 ----a-w- C:\Program Files (x86)\Opera\33.0.1990.115\resources\standard_themes\grey.zip 2015-11-19 12:28:59 57BD727A9E6668CEA21EA9A52CA65767 243193 ----a-w- C:\Program Files (x86)\Opera\33.0.1990.115\resources\standard_themes\darkbreeze.zip 2015-11-18 19:25:06 758AFAD0F987B4AD78829A342C71568C 69960 ----a-w- C:\Windows\System32\drivers\hmpnet.sys 2015-11-18 19:25:06 48CE2D2864B372AF170C0FDFADC27887 198216 ----a-w- C:\Windows\System32\drivers\hmpalert.sys 2015-11-18 11:55:21 FC974B03C8B87455F44F734C8F31A3C8 37376 -c--a-w- C:\Windows\System32\drivers\usbuhci.sys 2015-11-18 11:55:21 D25F0093A71FFB355160358DD70B0373 443224 -c--a-w- C:\Windows\System32\drivers\usbport.sys 2015-11-18 11:55:21 CD81683F4553677B9BF5163A922153EB 462168 -c--a-w- C:\Windows\System32\drivers\usbhub.sys 2015-11-18 11:55:21 BBFD17B6B954FC9FA02E62D604052069 92504 -c--a-w- C:\Windows\System32\drivers\usbehci.sys 2015-11-18 11:55:21 A0F0484C97D6441ED6A75D7426ECCC9E 30208 -c--a-w- C:\Windows\System32\drivers\usbohci.sys 2015-11-18 11:55:21 9A2B3A98D7982372CA36A823F673EFB8 27992 -c--a-w- C:\Windows\System32\drivers\usbd.sys 2015-11-18 11:55:21 5C90D5379B53590FBB24BBAD4FA682EE 468824 -c--a-w- C:\Windows\System32\drivers\USBHUB3.SYS 2015-11-18 10:51:16 4559ABB17A8247CF88D37D8E40D9FFF6 45722913 ----a-w- C:\Users\Olaf De Wit\AppData\Local\ElevatedDiagnostics\2560293460\2015111810.000\DataStoreAndWULogFiles.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3353583409-2322390238-1352878597-1002\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "pdiface"="C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "pdiface"="C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5REC" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "Bdagent"="C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/11/2015 11:45] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15/11/2015 13:02] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15/11/2015 13:02] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8" [C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\WINDOWS\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe] "C:\WINDOWS\SysNative\tasks\Dell SupportAssistAgent AutoUpdate" [C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" ["c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"] "C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" ["c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"] "C:\WINDOWS\SysNative\tasks\Opera scheduled Autoupdate 1446999707" [C:\Program Files (x86)\Opera\launcher.exe] "C:\WINDOWS\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\Dell\SupportAssist\sessionchecker.exe"] "C:\WINDOWS\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\Dell\SupportAssist\uaclauncher.exe"] "C:\WINDOWS\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{0FCE55B7-9C1A-4780-ADD5-9A8844D98AB5}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Dell\Dell System Registration" [C:\Program Files (x86)\System Registration\prodreg.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "bdwteff@bitdefender.com"="C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff" [24/03/2015 11:54] ==== Firefox Extensions ====================== ProfilePath: C:\Users\OLAFDE~1\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.schijtprofiel - Undetermined - C:\Users\Olaf De Wit\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.schijtprofiel\extensions\artur.dubovoy@gmail.com - FEBE - C:\Users\Olaf De Wit\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.schijtprofiel\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} - FEBE - %ProfilePath%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} - CookieKeeper - %ProfilePath%\extensions\cookiekeeper@cookiekeeper.mozdev.org.xpi - Element Hiding Helper for Adblock Plus - %ProfilePath%\extensions\elemhidehelper@adblockplus.org.xpi - Video Downloader Professional - %ProfilePath%\extensions\ffext_basicvideoext@startpage24.xpi - FlashStopper - %ProfilePath%\extensions\flashstopper@byo.co.il.xpi - Self-Destructing Cookies - %ProfilePath%\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi - Undetermined - %ProfilePath%\extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi - Flash Control - %ProfilePath%\extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi - OPIE - %ProfilePath%\extensions\OPIE@guid.customsoftwareconsult.com.xpi - The Addon Bar restored - %ProfilePath%\extensions\the-addon-bar@GeekInTraining-GiT.xpi - Undetermined - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi - Trnh Qun L Phin - %ProfilePath%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi - Speed Dial - %ProfilePath%\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - YouTube Flash Video Player - %ProfilePath%\extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi - UnMHT - %ProfilePath%\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi ProfilePath: C:\Users\OLAFDE~1\AppData\Roaming\Mozilla\Firefox\Profiles\iwfxxajf.default - FEBE - C:\Users\Olaf De Wit\AppData\Roaming\Mozilla\Firefox\Profiles\iwfxxajf.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} - FEBE - %ProfilePath%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Olaf De Wit\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.schijtprofiel 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013 F114FBA6246530B89DD1E04351E0EAC5 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll - Shockwave Flash CAF78E18A9E1380A0A38065B3B1210E0 - C:\Users\Olaf De Wit\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll - VASCO Card Reader Plugin 1CDD28B47D8198F868349BDFBCD1281B - C:\Users\Olaf De Wit\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll - VASCO Card Reader Plugin ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fabcmochhfpldjekobfaaggijgohadih - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions fcfenmboojpjinhpgggodefccipikbpd - No path found[] Google Slides - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Video Downloader - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc Google Docs - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb uBlock₀ - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm Google Search - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Video Downloader professional - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil Bitdefender Wallet - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih Google Sheets - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap EditThisCookie - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg Google Docs Offline - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chromarks - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdheengilgkagjehknnnofigbmlnnfj Ghostery - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij GetThemAll Video Downloader - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm Chrome Web Store Payments - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Ghostery - Olaf De Wit\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg uBlock₀ - Olaf De Wit\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida Edit This Cookie - Olaf De Wit\AppData\Roaming\Opera Software\Opera Stable\Extensions\ppmhhincfabcahokokgpdcckmjghpian ==== Chromium Fix ====================== C:\Users\Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc deleted successfully C:\Users\Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aiimdkdngfcipjohbjenkahhlhccpdbc_0.localstorage deleted successfully C:\Users\Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil deleted successfully C:\Users\Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil deleted successfully C:\Users\Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm deleted successfully C:\Users\Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbkekaeindpfpcoldfckljplboolgkfm_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{DC6B075B-449F-48E1-82D3-2FDE2319178E}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{DC6B075B-449F-48E1-82D3-2FDE2319178E}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\SearchScopes\{DC6B075B-449F-48E1-82D3-2FDE2319178E} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB HKLM\Wow6432Node\SearchScopes "DefaultScope"="{DC6B075B-449F-48E1-82D3-2FDE2319178E}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\Wow6432Node\SearchScopes\{DC6B075B-449F-48E1-82D3-2FDE2319178E} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms} HKCU\SearchScopes\{DC6B075B-449F-48E1-82D3-2FDE2319178E} - No_Url_Value ==== HijackThis Entries ====================== C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.dell.com O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - https://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1446911161994 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe O23 - Service: Bitdefender Desktop Parental Control (BdDesktopParental) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\DCCService.exe O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro.Alert service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Ltd] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [QualcommİAtherosİ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} RTHDVCPL = "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [Realtek Semiconductor] RtHDVBg = "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX5REC [Realtek Semiconductor] IAStorIcon = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [Intel Corporation] NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [NVIDIA Corporation] ShadowPlay = C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart [MS] Bdagent = "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe" [Bitdefender] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}\(Default) = IESpeakDoc -> {HKLM...CLSID} = CIESpeechBHO Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [QualcommİAtherosİ] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] DBARFileBackuped\(Default) = {831cebdd-6baf-4432-be76-9e0989c14aef} -> {HKLM...CLSID} = DBROverlayIcon.DBRBackupOverlayIcon \InProcServer32\(Default) = mscoree.dll [MS] DBARFileNotBackuped\(Default) = {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} -> {HKLM...CLSID} = DBROverlayIcon.DBROverlayNotBackuped \InProcServer32\(Default) = mscoree.dll [MS] __SafeBox1\(Default) = {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} -> {HKLM...CLSID} = ExtGreen Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] __SafeBox2\(Default) = {342DAA0B-D796-460D-8566-901E08A1CCAD} -> {HKLM...CLSID} = ExtRed Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] __SafeBox3\(Default) = {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} -> {HKLM...CLSID} = ExtYellow \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] __SafeBox4\(Default) = {33816773-98AE-4723-ADE0-EBE54C8B5A67} -> {HKLM...CLSID} = ExtRootFolder Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension -> {HKLM...CLSID} = AppShellPage Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [QualcommİAtherosİ] {C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu -> {HKLM...CLSID} = ContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtContextMenu.dll [QualcommİAtherosİ] {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\WINDOWS\system32\nvshext.dll [NVIDIA Corporation] {A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} = NvAppShExt extension -> {HKLM...CLSID} = NvAppShExt Class \InProcServer32\(Default) = C:\WINDOWS\system32\nv3dappshext.dll [NVIDIA Corporation] {E97DEC16-A50D-49bb-AE24-CF682282E08D} = OpenGLShExt extension -> {HKLM...CLSID} = OpenGLShExt Class \InProcServer32\(Default) = C:\WINDOWS\system32\nv3dappshext.dll [NVIDIA Corporation] {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = UnlockerShellExtension -> {HKLM...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data] {736AF091-C361-49B4-A928-87C586130D33} = DeleteFiles -> {HKLM...CLSID} = Delete Files \InProcServer32\(Default) = C:\PROGRA~1\FILESH~1\fsshell.dll [null data] {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} = Bitdefender SafeBox -> {HKLM...CLSID} = ExtContext Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} = (no title provided) -> {HKLM...CLSID} = ExtYellow \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] {342DAA0B-D796-460D-8566-901E08A1CCAD} = (no title provided) -> {HKLM...CLSID} = ExtRed Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] {2F46275A-B9C5-4C8F-94C0-71BD2B28220C} = (no title provided) -> {HKLM...CLSID} = ExtPropertySheet Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] {33816773-98AE-4723-ADE0-EBE54C8B5A67} = (no title provided) -> {HKLM...CLSID} = ExtRootFolder Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} = (no title provided) -> {HKLM...CLSID} = ExtGreen Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] {9E96C1F5-0EFA-4348-9460-15D6802C70AA} = BDFVCtxMenuExt -> {HKLM...CLSID} = BDFVCtxMenuExt \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\bdfvsctx.dll [Bitdefender] {8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] {CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) -> {HKLM...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper -> {HKLM...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONFILTER.DLL [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office15\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office15\msoshext.dll [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\VISSHE.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office15\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office15\msoshext.dll [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...Wow...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\VISSHE.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONFILTER.DLL [MS] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <> ("" [file not found]) Security Packages = "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\ {ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider -> {HKLM...CLSID} = AthCredentialProvider \InProcServer32\(Default) = AthCredentialProvider.dll [QualcommİAtherosİ] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {1ee7337f-85ac-45e2-a23c-37c753209769}\(Default) = Smartcard WinRT Provider -> {HKLM...CLSID} = Smartcard WinRT Provider \InProcServer32\(Default) = C:\WINDOWS\system32\SmartcardCredentialProvider.dll [MS] {ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider -> {HKLM...CLSID} = AthCredentialProvider \InProcServer32\(Default) = AthCredentialProvider.dll [QualcommİAtherosİ] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> skypec2c\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM...CLSID} = Skype Click to Call for IE Pluggable Protocol \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F} -> {HKLM...CLSID} = AppShellPage Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [QualcommİAtherosİ] BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA} -> {HKLM...CLSID} = BDFVCtxMenuExt \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\bdfvsctx.dll [Bitdefender] CLVDShellExt\(Default) = {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [Cyberlink] SafeBoxContext\(Default) = {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} -> {HKLM...CLSID} = ExtContext Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] {4CE485DD-C395-46C4-A929-7B771D8A5655}\(Default) = (no title provided) -> {HKLM...CLSID} = FileShredderCtxMenu Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\fshredctx.dll [Bitdefender] {9ef1900c-cf6c-476a-99be-384b8847985c}\(Default) = DBAR -> {HKLM...CLSID} = DBRShellExtension.DBRFileContextMenuExt \InProcServer32\(Default) = mscoree.dll [MS] {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM...CLSID} = SASContextMenu Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com] {D653647D-D607-4df6-A5B8-48D2BA195F7B}\(Default) = (no title provided) -> {HKLM...CLSID} = BDMenu Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\bdshellext.dll [Bitdefender] HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\ SafeBoxSheet\(Default) = {2F46275A-B9C5-4C8F-94C0-71BD2B28220C} -> {HKLM...CLSID} = ExtPropertySheet Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ DeleteFiles\(Default) = {736AF091-C361-49B4-A928-87C586130D33} -> {HKLM...CLSID} = Delete Files \InProcServer32\(Default) = C:\PROGRA~1\FILESH~1\fsshell.dll [null data] FAExt\(Default) = {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} -> {HKLM...Wow...CLSID} = FAExt Class \InProcServer32\(Default) = C:\PROGRA~2\FILEAS~1\FILEAS~1.DLL [Malwarebytes] FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} -> {HKLM...CLSID} = FTShellContext Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [QualcommİAtherosİ] UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} -> {HKLM...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA} -> {HKLM...CLSID} = BDFVCtxMenuExt \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\bdfvsctx.dll [Bitdefender] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] {4CE485DD-C395-46C4-A929-7B771D8A5655}\(Default) = (no title provided) -> {HKLM...CLSID} = FileShredderCtxMenu Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\fshredctx.dll [Bitdefender] {9ef1900c-cf6c-476a-99be-384b8847985c}\(Default) = DBAR -> {HKLM...CLSID} = DBRShellExtension.DBRFileContextMenuExt \InProcServer32\(Default) = mscoree.dll [MS] {CA8ACAFA-5FBB-467B-B348-90DD488DE003}\(Default) = SUPERAntiSpyware Context Menu -> {HKLM...CLSID} = SASContextMenu Class \InProcServer32\(Default) = C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL [SUPERAntiSpyware.com] {D653647D-D607-4df6-A5B8-48D2BA195F7B}\(Default) = (no title provided) -> {HKLM...CLSID} = BDMenu Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\bdshellext.dll [Bitdefender] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} -> {HKLM...CLSID} = Ath_CopyHook \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\FolderViewImpl.dll [QualcommİAtherosİ] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA} -> {HKLM...CLSID} = BDFVCtxMenuExt \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\bdfvsctx.dll [Bitdefender] NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\WINDOWS\system32\nvshext.dll [NVIDIA Corporation] SafeBoxContext\(Default) = {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} -> {HKLM...CLSID} = ExtContext Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA} -> {HKLM...CLSID} = BDFVCtxMenuExt \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\bdfvsctx.dll [Bitdefender] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ BDFVCtxMenuExt\(Default) = {9E96C1F5-0EFA-4348-9460-15D6802C70AA} -> {HKLM...CLSID} = BDFVCtxMenuExt \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\bdfvsctx.dll [Bitdefender] SafeBoxContext\(Default) = {0244E652-07EF-43C2-8AAD-ABA3CF40DF16} -> {HKLM...CLSID} = ExtContext Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [Bitdefender] UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} -> {HKLM...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data] {4CE485DD-C395-46C4-A929-7B771D8A5655}\(Default) = (no title provided) -> {HKLM...CLSID} = FileShredderCtxMenu Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\fshredctx.dll [Bitdefender] {D653647D-D607-4df6-A5B8-48D2BA195F7B}\(Default) = (no title provided) -> {HKLM...CLSID} = BDMenu Class \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\bdshellext.dll [Bitdefender] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} DisableTaskMgr = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} EnableCursorSuppression = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\WINDOWS\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ CyberLink Media Suite10.1HandleCDBurningOnArrival\ Provider = Media Suite Essentials InvokeProgID = BlankCD InvokeVerb = PlayWithCyberLink Media Suite10.1 HKLM\SOFTWARE\Classes\BlankCD\shell\PlayWithCyberLink Media Suite10.1\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10.1HandleDVDBurningOnArrival\ Provider = Media Suite Essentials InvokeProgID = BlankDVD InvokeVerb = PlayWithCyberLink Media Suite10.1 HKLM\SOFTWARE\Classes\BlankDVD\shell\PlayWithCyberLink Media Suite10.1\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10.1MixedContentOnArrival\ Provider = Media Suite Essentials InvokeProgID = MixedContent InvokeVerb = PlayWithCyberLink Media Suite10.1 HKLM\SOFTWARE\Classes\MixedContent\shell\PlayWithCyberLink Media Suite10.1\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10.1PlayMusicFilesOnArrival\ Provider = Media Suite Essentials InvokeProgID = MusicFiles InvokeVerb = PlayWithCyberLink Media Suite10.1 HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithCyberLink Media Suite10.1\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10.1PlayVideoFilesOnArrival\ Provider = Media Suite Essentials InvokeProgID = VideoFiles InvokeVerb = PlayWithCyberLink Media Suite10.1 HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithCyberLink Media Suite10.1\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10.1ShowPicturesOnArrival\ Provider = Media Suite Essentials InvokeProgID = Picture InvokeVerb = PlayWithCyberLink Media Suite10.1 HKLM\SOFTWARE\Classes\Picture\shell\PlayWithCyberLink Media Suite10.1\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe" "%L" [CyberLink Corp.] MSFhConfigBackup\ Provider = @C:\WINDOWS\system32\fhautoplay.dll,-100 InvokeProgID = FHConfig.AutoPlayHandler InvokeVerb = config HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPromptEachTime\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTime HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSPromptEachTimeNoContent\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTimeNoContent HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] PDirDVArrival\ Provider = PowerDirector ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = "C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.exe" /DV HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] Power2Go8.0HandleBDBurningOnArrival\ Provider = Power2Go 8 InvokeProgID = BlankBD InvokeVerb = PlayWithPower2Go8.0 HKLM\SOFTWARE\Classes\BlankBD\shell\PlayWithPower2Go8.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe" "%L" [CyberLink Corp.] Power2Go8.0HandleCDBurningOnArrival\ Provider = Power2Go 8 InvokeProgID = BlankDVD InvokeVerb = PlayWithPower2Go8.0 HKLM\SOFTWARE\Classes\BlankDVD\shell\PlayWithPower2Go8.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe" "%L" [CyberLink Corp.] Power2Go8.0PlayCDAudioOnArrival\ Provider = Power2Go 8 InvokeProgID = AudioCD InvokeVerb = PlayWithPower2Go8.0 HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go8.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe" /AudioRipper "%L" [CyberLink Corp.] PowerDVD12.0MixedContentOnArrival\ Provider = PowerDVD 12 InvokeProgID = MixedContent InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\MixedContent\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" LOCALAUTOPLAY MIXCONTENT "%L" [CyberLink Corp.] PowerDVD12.0PlayCDAudioOnArrival\ Provider = PowerDVD 12 InvokeProgID = AudioCD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY CD "%L" [CyberLink Corp.] PowerDVD12.0PlayDVDMovieOnArrival\ Provider = PowerDVD 12 InvokeProgID = EnDVD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\EnDVD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY DVD "%L" [CyberLink Corp.] PowerDVD12.0PlayMusicFilesOnArrival\ Provider = PowerDVD 12 InvokeProgID = MusicFiles InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" LOCALAUTOPLAY AUDIO "%L" [CyberLink Corp.] PowerDVD12.0PlaySuperVideoCDMovieOnArrival\ Provider = PowerDVD 12 InvokeProgID = SVCD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY VCD "%L" [CyberLink Corp.] PowerDVD12.0PlayVideoCDMovieOnArrival\ Provider = PowerDVD 12 InvokeProgID = VCD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY VCD "%L" [CyberLink Corp.] PowerDVD12.0PlayVideoFilesOnArrival\ Provider = PowerDVD 12 InvokeProgID = VideoFiles InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" LOCALAUTOPLAY VIDEO "%L" [CyberLink Corp.] PowerDVD12.0ShowPicturesOnArrival\ Provider = PowerDVD 12 InvokeProgID = Picture InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\Picture\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" LOCALAUTOPLAY PHOTO "%L" [CyberLink Corp.] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Acrobat Update Task -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] Adobe Flash Player Updater -> launches: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 -> launches: C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe [Bitdefender] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] CLMLSvc_P2G8 -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [CyberLink] CLVDLauncher -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [CyberLink Corp.] Dell SupportAssistAgent AutoUpdate -> launches: C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe AutoUpdate [null data] ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> launches: "c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe" --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller scheduler-impersonate [Intel Corporation] ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> launches: "c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe" --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon-impersonate [Intel Corporation] Opera scheduled Autoupdate 1446999707 -> launches: C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate [Opera Software] PCDEventLauncherTask -> launches: "C:\Program Files\Dell\SupportAssist\sessionchecker.exe" [PC-Doctor, Inc.] PCDoctorBackgroundMonitorTask -> launches: "C:\Program Files\Dell\SupportAssist\uaclauncher.exe" -backgroundmon scripts\backgroundmon.xml -st PCDoctorBackgroundMonitorTask --ignoresecondarysplash --runsilently [PC-Doctor, Inc.] SystemToolsDailyTest -> launches: "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently [file not found] User_Feed_Synchronization-{0FCE55B7-9C1A-4780-ADD5-9A8844D98AB5} -> (HIDDEN!) launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS] C:\Windows\System32\Tasks\Dell Dell System Registration -> launches: C:\Program Files (x86)\System Registration\prodreg.exe /boot /LSRC=autolaunch [Dell, Inc.] C:\Windows\System32\Tasks\Microsoft\Office Office Automatic Updates -> launches: C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /update SCHEDULEDTASK displaylevel=False [MS] Office ClickToRun Service Monitor -> launches: C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe /WatchService [MS] C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework .NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] .NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\AppID SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666} -> {HKLM...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS] -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent /increment [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly [MS] ProgramDataUpdater -> launches: %windir%\system32\CompatTelRunner.exe -maintenance [MS] StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1} -> {HKLM...CLSID} = Proactive Scan \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66} -> {HKLM...CLSID} = BthSQM \InProcServer32\(Default) = C:\WINDOWS\System32\BthSQM.dll [MS] Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\kernelceip.dll [MS] Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F} -> {HKLM...CLSID} = Data Integrity Scan \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888} -> {HKLM...CLSID} = DsmRefreshTask Class \InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup SilentCleanup -> launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint Diagnostics -> launches: {5b6b6834-34f0-49b9-ad4e-81d4994c7a74} -> {HKLM...CLSID} = Disk Footprint Diagnostics Task \InProcServer32\(Default) = C:\WINDOWS\system32\DfpCommon.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A} -> {HKLM...CLSID} = FhTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3} -> {HKLM...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS] -> {HKLM...Wow...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371} -> {HKLM...CLSID} = PerfTrack TaskHandler class \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PI Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209} -> {HKLM...CLSID} = Device Installation Group Policy Task Handler \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS] Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b} -> {HKLM...CLSID} = Device Installation Reboot Dialog Task \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS] Plug and Play Cleanup -> launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF} -> {HKLM...CLSID} = Plug and Play Maintenance Task \InProcServer32\(Default) = C:\Windows\System32\pnpclean.dll [MS] Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools MRT_HB -> launches: C:\WINDOWS\system32\MRT.exe /EHB /Q [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Servicing StartComponentCleanup -> launches: 752073A1-23F2-4396-85F0-8FDB879ED0ED [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} -> {HKLM...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] BackupTask -> (HIDDEN!) launches: {60A4C78C-E2B8-4E6E-876F-DA203B02C05E} -> {HKLM...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20} -> {HKLM...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS] refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS] refreshgwxconfigandcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS] refreshgwxcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers Logon-5d -> launches: %windir%\system32\GWX\GWX.exe /event:7 [MS] MachineUnlock-5d -> launches: %windir%\system32\GWX\GWX.exe /event:8 [MS] OutOfIdle-5d -> launches: %windir%\system32\GWX\GWX.exe /event:6 [MS] OutOfSleep-5d -> launches: %windir%\system32\GWX\GWX.exe /event:9 [MS] refreshgwxconfig-B -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS] Telemetry-4xd -> launches: %windir%\system32\GWX\GWX.exe /event:11 [MS] Time-5d -> launches: %windir%\system32\GWX\GWX.exe /event:10 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43} -> {HKLM...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS] FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA} -> {HKLM...CLSID} = FamilySafety.WebSync \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS] IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SkyDrive Idle Sync Maintenance Task -> launches: {bf6c1e47-86ec-4194-9ce5-13c15dcb2001} [InProcServer32 entry not found] Routine Maintenance Task -> launches: {1b1f472e-3221-4826-97db-2c2324d389ae} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC} -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler Idle Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8} -> {HKLM...CLSID} = Maintenance Configurator \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9} -> {HKLM...CLSID} = Time Synchronization Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS] SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone SynchronizeTimeZone -> launches: %windir%\system32\tzsync.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TPM Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate AUScheduledInstall -> launches: {F3B4E234-7A68-4E43-B813-E4BA55A065F6} [InProcServer32 entry not found] AUSessionConnect -> launches: {784E29F4-5EBE-4279-9948-1E8FE941646D} [InProcServer32 entry not found] Scheduled Start -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS] Scheduled Start With Network -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WOF WIM-Hash-Management -> launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1} -> {HKLM...CLSID} = WOF Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\WofTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders Work Folders Logon Synchronization -> launches: {97d47d56-3777-49fb-8e8f-90d7e30e1a1e} -> {HKLM...CLSID} = Work Folder Logon Trigger Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] Work Folders Maintenance Work -> launches: {63260bce-a3fb-4a34-aa51-d4d8e877b62b} -> {HKLM...CLSID} = Work Folder Maintenance Task Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WS Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC} -> {HKLM...CLSID} = WinStore Tile Badge Updater \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS] License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS] Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E} -> {HKLM...CLSID} = WinStore License Sync task \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS] WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS] WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\WSService.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-3353583409-2322390238-1352878597-1002 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} = (no title provided) -> {HKLM...CLSID} = Bitdefender Wallet \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [Bitdefender] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} = (no title provided) -> {HKLM...Wow...CLSID} = Bitdefender Wallet \InProcServer32\(Default) = C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [Bitdefender] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = Se&nd to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll [MS] {7815BE26-237D-41A8-A98F-F7BD75F71086}\ MenuText = Send by Bluetooth to CLSIDExtension = {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> {HKLM...CLSID} = CIESpeechBHO Class \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [QualcommİAtherosİ] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = OneNote Lin&ked Notes MenuText = OneNote Lin&ked Notes CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = Se&nd to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = OneNote Lin&ked Notes MenuText = OneNote Lin&ked Notes CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...Wow...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Andrea RT Filters Service, AERTFilters, C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [Andrea Electronics Corporation] AtherosSvc, AtherosSvc, "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe" [Windows (R) Win 7 DDK provider] Bitdefender Desktop Update Service, UPDATESRV, "C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe" /service [Bitdefender] Bitdefender Virus Shield, VSSERV, "C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe" /service [Bitdefender] Cyberlink RichVideo Service(CRVS), RichVideo, "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [CyberLink] Dell Customer Connect, Dell Customer Connect, "C:\Program Files (x86)\Dell Customer Connect\DCCService.exe" [null data] Dell Data Vault, DellDataVault, "C:\Program Files\Dell\DellDataVault\DellDataVault.exe" [Dell Inc.] Dell Data Vault Wizard, DellDataVaultWiz, "C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe" [Dell Inc.] Dell Digital Delivery Service, DellDigitalDelivery, "c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [null data] Dell SupportAssist Agent, SupportAssistAgent, "C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" [null data] Dell Update Service, DellUpdate, "C:\Program Files (x86)\Dell Update\DellUpService.exe" [null data] Diagnostics Tracking Service, DiagTrack, C:\WINDOWS\System32\svchost.exe -k utcsvc {C:\WINDOWS\system32\diagtrack.dll [MS]} HitmanPro.Alert service, hmpalertsvc, "C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe" /service [SurfRight B.V.] Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "c:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation] Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [Intel Corporation] Intel(R) Management and Security Application Local Management Service, LMS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [Intel Corporation] Intel(R) ME Service, Intel(R) ME Service, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe" [Intel Corporation] Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data] Microsoft Office ClickToRun Service, ClickToRunSvc, "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service [MS] Network Connection Broker, NcbService, C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\WINDOWS\System32\ncbservice.dll [MS]} NVIDIA Display Driver Service, nvsvc, "C:\WINDOWS\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA GeForce Experience Service, GfExperienceService, "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe" [NVIDIA Corporation] NVIDIA Network Service, NvNetworkService, "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [NVIDIA Corporation] NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation] NVIDIA Streamer Service, NvStreamSvc, "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [NVIDIA Corporation] Realtek Audio Service, RtkAudioService, C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [Realtek Semiconductor] SAS Core Service, !SASCORE, "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [SUPERAntiSpyware.com] SBSD Security Center Service, SBSDWSCService, C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [Safer Networking Ltd.] SoftThinks Agent Service, SftService, "C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe" [SoftThinks SAS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> !SASCORE, <> 96855274.sys, Driver <> hitmanpro37, <> hitmanpro37.sys, <> HitmanPro37Crusader, <> HitmanPro37CrusaderBoot, <> MCODS, <> SystemEventsBroker, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> !SASCORE, <> 96855274.sys, Driver <> hitmanpro37, <> hitmanpro37.sys, <> HitmanPro37Crusader, <> HitmanPro37CrusaderBoot, <> SystemEventsBroker, Service <> PEVSystemStart, Service ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Olaf De Wit\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Olaf De Wit\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Olaf De Wit\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Olaf De Wit\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Olaf De Wit\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Olaf De Wit\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=659 folders=97 47558022 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Olaf De Wit\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\OLAFDE~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on ma 23/11/2015 at 21:54:02,46 ======================