start CreateRestorePoint: CloseProcesses: AlternateDataStreams: C:\Users\Ed\Downloads\launch (1).ica:icasource [245] AlternateDataStreams: C:\Users\Ed\Downloads\launch (10).ica:icasource [245] AlternateDataStreams: C:\Users\Ed\Downloads\launch (2).ica:icasource [245] AlternateDataStreams: C:\Users\Ed\Downloads\launch (3).ica:icasource [245] AlternateDataStreams: C:\Users\Ed\Downloads\launch (4).ica:icasource [245] AlternateDataStreams: C:\Users\Ed\Downloads\launch (5).ica:icasource [245] AlternateDataStreams: C:\Users\Ed\Downloads\launch (6).ica:icasource [245] AlternateDataStreams: C:\Users\Ed\Downloads\launch (7).ica:icasource [245] AlternateDataStreams: C:\Users\Ed\Downloads\launch (8).ica:icasource [245] AlternateDataStreams: C:\Users\Ed\Downloads\launch (9).ica:icasource [245] AlternateDataStreams: C:\Users\Ed\Downloads\launch.ica:icasource [245] HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2757616 2016-02-09] (Microsoft Corporation) <==== AANDACHT HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2757616 2016-02-09] (Microsoft Corporation) <==== AANDACHT HKU\S-1-5-21-2803483633-59787989-2409404269-1001\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2757616 2016-02-09] (Microsoft Corporation) <==== AANDACHT HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2757616 2016-02-09] (Microsoft Corporation) <==== AANDACHT SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-2149&v=n14976-568&t=4 CHR RestoreOnStartup: Default -> "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-2149&v=n14976-568&t=4" CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-2149&v=n14976-568&t=4" S3 Origin Client Service; "C:\Program Files (x86)\Origin\OriginClientService.exe" [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin C:\ProgramData\Electronic Arts C:\ProgramData\Origin C:\Program Files (x86)\Origin EmptyTemp: end