romijo

F8 toets gebruikt ik kon de gebruikshandleiding op de pc zelf nog lezen in nl heb F8 toets gebruikt en de ingebouwde herstel pc gebruikt is ongeveer 15 min bezig geweest maar geen resultaten te zien of te merken

ik kan wel in de bios komen en selecteren b.v. Boot maar welke ik ook selecteer de enter knop doet het op dat moment helemaal niet ook niet de F.. toetsen, het komt er op neer dat ik in de bios wel kan kiezen maar niet kan selecteren.

Hoi, ik heb gekeken maar Acer erecovery management staat niet in het rijtje, en het probleem is ik krijg op de laptop geen internet meer krijg het ook niet ingesteld, handleiding nooit gehad Hmm.... mijn engels is niet zo goed - - - Updated - - - krijg hem ook niet geopend is een zippexpress en heb wel zip maar opent zich niet daarin. - - - Updated - - - inmiddels geopend als pdf maar er staat niets in over recovering

YES!!!!! opgelost, vraag me niet hoe maar heb met revo-uninstaller geforceerd MEGA gezocht en verwijderd toch kwam er alleen maar email post staan maar ik heb alles verwijderd en nu gaat 't weer normaal, Kweezie Wabbit Bedankt voor al je hulp!!!!!!!!! Maar nu nog als je zin en tijd hebt mijn laptop Vista probleem ik hoor 't wel wat ik evt. al vast kan doen.

alle java er af en nog steeds het probleem als ik iets wil downloaden komt er niet te staan wat ik wil downloaden maar de naam is van Mega...... wat kan ik verder doen, overigens mijn partner geen probleem met zijn spelcomputer. ik had scancircle gedaan en daar zag ik dat er American megatrends in de bios staat maar wat dit is weet ik ook niet maar was al eerder geinstaleerd dus ik weet echt niet meer de datum van die aanmelding bij die mega wat een hardnekkige troep is 't toch, Help me a.u.b. verder ik word er wanhopig van vr gr. en veel dank voor het meedenken en de hulp vr.gr. - - - Updated - - - http://www.accountkiller.com/nl/mega-co-nz-account-verwijderen OOk gekeken maar niet gedaan kan er toch niet inkomen want ze zeggen dat mijn account als het al bestond is verwijderd - - - Updated - - - er is niets geinstaleerd het zit volgens mij gewoon in de browser, maar als die er op nieuw op komt te staan zal deze nog die mega wel weer herkennen o, o, waar zit 't toch

Hoi, dat durf ik niet zo goed in de router te beginnen, mijn partner heeft n.l. daar ook zijn spelcomputer waar hij mee online kan en O wee als er dan iets verkeerd gaat (ha,ha) Hieronder ook nog iets van die Mega gevonden, Hollywood wil frontpage Mega uit Google laten verwijderen - IT Pro - Nieuws - Tweakers gr. - - - Updated - - - Alles bij de favorieten (i.v.m. het terug vinden) ook allemaal verwijderd - - - Updated - - - zou het kunnen dat Java er iets mee te maken heeft?

Tja wat nu ?? als jij het niet meer weet, weet ik het helemaal niet meer. en ook nog eens op al mijn pc's

Ik heb het bekeken maar voor mij geen waarde het opent zich in de app van W8 en is een soort bestanden overzicht maar ik zie niets van Mega, heb gekeken of ik 't kon verwijderen maar volgens mij is dit iets wat al voor geinstallerd was op de pc, zou dat kunnen? - - - Updated - - - screenshots 't komt volgens mij van Acer

Dat heb ik gedaan nieuw gebruikers account maar het probleem blijft die Mega blijft bezig :dong:

Ik heb ie en Firefox maar Firefox wil ik er af hebben dat is ook gekomen door die Mega dat ik die moest instaleren wil ik er af hebben, hoe moet ik dan een nieuw account aanmaken voor IE ? - - - Updated - - - Firefox is er nu af - - - Updated - - - Als je me dan even uitlegt hoe ik een nieuw account kan aanmaken voor IE dan kan ik dat misschien tussendoor nog even en anders vanavond later b.v.d. voor de hulp gr.

Ik zag na het terug lezen dat ik niet vermeld had dat mijn desktop een Windows 8 is

alles uitgevoerd opdrachtpromp succesvol !! browser cookies alles ook wachtwoorden etc verwijderd En het probleem blijft als ik er nog maar ooit van af kom. gr. Romijo

Zoek.exe Version 4.0.0.2 Updated 31-May-2013 Tool run by Robbescheuten on vr 31-05-2013 at 22:47:10,01. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results29-05-2013-1810.log 125974 bytes ==== EOF on vr 31-05-2013 at 22:47:41,12 ======================

't probleem is er overigens nog steeds

# AdwCleaner v2.301 - Verslag gemaakt op 30/05/2013 om 23:43:00 # Geactualiseerd op 16/05/2013 door Xplode # Besturingssysteem : Windows 8 (64 bits) # Gebruiker : Robbescheuten - PCROBBESCHEUTEN # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Robbescheuten\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\1ClickDownload Sleutel Verwijdert : HKCU\Software\APN Sleutel Verwijdert : HKCU\Software\APN PIP Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\AskToolbar Sleutel Verwijdert : HKCU\Software\Ask.com Sleutel Verwijdert : HKCU\Software\BabylonToolbar Sleutel Verwijdert : HKCU\Software\BI Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKCU\Software\DataMngr Sleutel Verwijdert : HKCU\Software\DataMngr_Toolbar Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Sleutel Verwijdert : HKCU\Software\PIP Sleutel Verwijdert : HKCU\Software\SmartBar Sleutel Verwijdert : HKCU\Software\SmartbarBackup Sleutel Verwijdert : HKCU\Software\SmartbarLog Sleutel Verwijdert : HKCU\Software\Softonic Sleutel Verwijdert : HKCU\Software\5e68f8ce635e542 Sleutel Verwijdert : HKLM\Software\APN Sleutel Verwijdert : HKLM\Software\AskToolbar Sleutel Verwijdert : HKLM\Software\Babylon Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute Sleutel Verwijdert : HKLM\SOFTWARE\Classes\IESmartBar.BHO Sleutel Verwijdert : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel Sleutel Verwijdert : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar Sleutel Verwijdert : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject Sleutel Verwijdert : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState Sleutel Verwijdert : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Sleutel Verwijdert : HKLM\Software\Conduit Sleutel Verwijdert : HKLM\Software\DataMngr Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Sleutel Verwijdert : HKLM\Software\PIP Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\5e68f8ce635e542 Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Sleutel Verwijdert : HKLM\SOFTWARE\Tarma Installer Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Waarde Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [browser Infrastructure Helper] ***** [browsers] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v20.0.1 (nl) File : C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\5l2ur4u4.default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. File : C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[s1].txt - [8942 octets] - [30/05/2013 23:43:00] ########## EOF - C:\AdwCleaner[s1].txt - [9002 octets] ########## Bijlage staat bij mij niet op de werkbalk gr. Romijo

Deze mail kreeg ik vandaag binnen - - - Updated - - - Maar 't probleem is er nog steeds, ik heb waarschijnlijk geen virus maar er is ergens iets wat zich via hun opent als ik wil downloaden.

Zoek.exe Version 4.0.0.2 Updated 28-May-2013 Tool run by Robbescheuten on wo 29-05-2013 at 17:58:34,77. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected ==== System Restore Info ====================== 29-5-2013 18:01:08 Zoek.exe System Restore Point Created Succesfully. ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\Classic Shell\ClassicShellService.exe C:\Program Files\Tablet\Pen\WTabletServiceCon.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\csrss.exe C:\Windows\System32\WinLogon.exe C:\Windows\System32\LogonUI.exe C:\Windows\System32\dwm.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\csrss.exe C:\Windows\System32\WinLogon.exe C:\Windows\System32\LogonUI.exe C:\Windows\System32\dwm.exe C:\Windows\system32\csrss.exe C:\Windows\System32\WinLogon.exe C:\Windows\System32\LogonUI.exe C:\Windows\System32\dwm.exe C:\Windows\system32\csrss.exe C:\Windows\System32\WinLogon.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\System32\LogonUI.exe C:\Windows\System32\dwm.exe C:\Windows\system32\dwm.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskhostex.exe C:\Program Files\Classic Shell\ClassicStartMenu.exe C:\Windows\Explorer.EXE C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Program Files\Tablet\Pen\WacomHost.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Acer\Acer Power Management\ePowerTray.exe C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe C:\Windows\explorer.exe C:\Windows\system32\taskeng.exe C:\Users\Robbescheuten\AppData\Local\Temp\Temp2_zoek.zip\zoek.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\srtasks.exe C:\Windows\system32\conhost.exe ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Creating Sample_29-05-2013_1802.zip ====================== Process iexplore.exe killed Copied file C:\Users\Robbescheuten\AppData\Roaming\Acoustica-CD-Label-Maker-Installer.exe to sample sample\Acoustica-CD-Label-Maker-Installer.exe renamed to 702541C4EFA268FF973F8F423B0008E1 C:\Users\Public\Desktop\sample_29-05-2013_1802.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_CLASSES_ROOT\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Installed Programs ====================== clear.fi SDK- Movie 2 clear.fi SDK - Video 2 Acer Power Management Acer Recovery Management AcerCloud Docs AcerCloud Portal Acoustica CD/DVD Label Maker Adobe AIR Adobe Community Help Adobe Shockwave Player 12.0 Agatha Christie - Death on the Nile Aloha TriPeaks Any DVD Cloner Platinum 1.2.0 ArcSoft Perfect365 ArtRage Studio Pro Ashampoo Burning Studio 10.0.1 Bamboo Bejeweled 3 BufferChm CameraHelperMsi Canon Easy-PhotoPrint EX Canon MG6200 series MP Drivers Canon MP Navigator EX 5.0 CCleaner Classic Shell clear.fi Media clear.fi Photo Click'N Design 3D for AfterBurner (V5) Corel PaintShop Pro X5 CyberLink PowerDVD 12 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Delicious: Emily's True Love Premium Edition Destinations DocProc Droppix Label Maker XE 2.x DVD Shrink 3.2 Easy Poster Printer erLT ESET Smart Security Express Burn ffdshow [rev 2975] [2009-05-28] Firebird SQL Server - MAGIX Edition FormatFactory 3.0.1 Foxit Reader Governor of Poker 2 Premium Edition Hema Fotoalbum Hotkey Utility HP Imaging Device Functions 14.5 HP Product Detection HP Scanjet G3110 HP Update hpg3110 ICA Identity Card Inpaint 3.1 Intel® Control Center Intel® Management Engine Components Intel© Trusted Connect Service Client IPM_PSP_COM Java 7 Update 21 Java Auto Updater Jewel Match 3 John Deere Drive Green Junk Mail filter update jZip Live Updater Logitech-webcamsoftware Logo Design Studio Pro LogoDesignStudio LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Magic Academy Magic Video Converter 12.1.11.2 MAGIX 3D Maker (embeded) MAGIX 3D Maker Download version 6.0.0.10 (UK) MAGIX Foto's op CD & DVD 8 deluxe 8.0.5.3 (NL) MAGIX Foto Manager 9 MAGIX Photo Graphic Designer 6 Update MAGIX Photo & Graphic Designer 6 MAGIX Screenshare MAGIX Speed burnR MAGIX Xtreme Photo Designer 6 Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 32-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Windows Media Video 9 VCM More Games from WildTangent Games Movie Maker Mozilla Firefox 20.0.1 (x86 nl) MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) Nero 8 Lite New Project NVIDIA 3D Vision Controller Driver 305.46 NVIDIA 3D Vision Driver 305.46 NVIDIA Control Panel 305.46 NVIDIA Graphics Driver 305.46 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA Optimus 1.10.8 NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Stereoscopic 3D Driver NVIDIA Update Components OCR Software by I.R.I.S. 14.5 Office Addin Office Addin 2003 Penguins Photo Common Photo Gallery Plants vs. Zombies - Game of the Year Polar Bowler PSE10 STI Installer PSE11 STI Installer PSPPContent PSPPHelp PSPPro64 QuickShare QuickTime Alternative 2.8.0 Real Alternative 1.9.0 Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Revo Uninstaller Pro 3.0.5 RonyaSoft CD DVD Label Maker 3.01 Scan Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2760762) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition Setup Shared C Run-time for x64 Sothink Logo Maker Professional Speccy swMSM Tales of Lagoona Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Update Installer for WildTangent Games App Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual Studio 2005 Tools for Office tweede editie runtime Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) VLC media player 2.0.5 WebReg WebTablet FB Plugin 32 bit WebTablet FB Plugin 64 bit Windows-stuurprogrammapakket - Hewlett-Packard Image (05/24/2012 11.5.0.116) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR v4.20 (x64) Wondershare DVD Creator(Build 2.6.5) XFlip 2.0.1 Xilisoft YouTube HD Video Converter Your Software Deals Zuma's Revenge ==== FireFox Fix ====================== Deleted from C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\5l2ur4u4.default\prefs.js: Added to C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\5l2ur4u4.default\prefs.js: user_pref("browser.startup.homepage", "Google"); user_pref("browser.search.defaulturl", "Google="); user_pref("browser.newtab.url", "Google"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "Google="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\prefs.js: Added to C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\prefs.js: user_pref("browser.startup.homepage", "Google"); user_pref("browser.search.defaulturl", "Google="); user_pref("browser.newtab.url", "Google"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "Google="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ==== Deleting Files \ Folders ====================== "C:\ProgramData\.zreglib" deleted "C:\Users\Robbescheuten\AppData\Roaming\Adobe CS5-voorkeuren voor filter Exporteren" deleted "C:\Users\Robbescheuten\AppData\Roaming\Adobe CS5-voorkeuren voor PNG-indeling" deleted "C:\Users\Robbescheuten\AppData\Roaming\Adobe PNG Format CS5 Prefs" deleted "C:\Users\Robbescheuten\AppData\Roaming\Acoustica-CD-Label-Maker-Installer.exe" deleted "C:\Users\Robbescheuten\AppData\Roaming\Real" deleted "C:\Program Files (x86)\Delta" deleted "C:\Program Files (x86)\Wondershare" deleted "C:\Program Files (x86)\Common Files\Wondershare" deleted "C:\Users\Robbescheuten\AppData\Roaming\Babylon" deleted "C:\ProgramData\boost_interprocess" deleted "C:\ProgramData\Tarma Installer" deleted "C:\ProgramData\Babylon" deleted "C:\Users\Robbescheuten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com" deleted "C:\Users\Robbescheuten\AppData\Local\jZip" deleted "C:\Users\Robbescheuten\AppData\Local\Wondershare" deleted "C:\Users\Robbescheuten\AppData\Local\Bundled software uninstaller" deleted "C:\Users\Robbescheuten\AppData\Local\Smartbar" deleted "C:\Users\Robbescheuten\AppData\LocalLow\AskToolbar" deleted "C:\Users\Robbescheuten\AppData\LocalLow\Smartbar" deleted "C:\Windows\SysWow64\searchplugins" deleted "C:\Windows\SysWow64\Extensions" deleted "C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-05-26 21:23:31 0A055B0F280E342CD335CC154FEDDB94 24 ---h--w- C:\Windows\msrgctb.ini 2013-05-26 21:23:31 0A055B0F280E342CD335CC154FEDDB94 24 ---h--w- C:\Windows\msrgcta.ini ====== C:\Users\ROBBES~1\AppData\Local\Temp ==== ====== C:\Windows\SysWOW64 ===== 2013-05-26 21:23:20 F8D176DB5B14AED7C9B25E0640226BD1 258352 ----a-w- C:\Windows\SysWOW64\unicows.dll 2013-05-26 21:23:20 EB5F811C1F78005B3C147599A0CCCF51 608448 ----a-w- C:\Windows\SysWOW64\comctl32.ocx 2013-05-26 21:23:20 D329085A88A9019ED5700C0F04B3176E 137000 ----a-w- C:\Windows\SysWOW64\msmapi32.ocx 2013-05-24 22:30:31 8421128C739B34EDBCE050623516B530 14323712 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-05-24 22:30:29 C5DC8777254F7BA750F6E03FF5185AD4 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-05-24 22:30:29 99AB708B283850A7B229424E445F2F91 1767424 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-05-24 22:30:29 64B461764FC576B417F7FC1FDE503B7F 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-05-24 22:30:29 1901EAD5E10209B5BE639E13B9904D35 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-05-24 22:30:28 E3C37A15A04C1DF9B3B5C27237A41C5C 1130496 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-05-24 22:30:28 D06F4C0A339AD7B5168A1C3D15B91866 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-05-24 22:30:28 BEDA75EA6827DD7DB9B08D0C492FEA75 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-05-24 22:28:58 EDE68B7304297E03B50918B4AF650E86 17561600 ----a-w- C:\Windows\SysWOW64\shell32.dll 2013-05-24 22:28:54 2939B7C8F291680F5803DEBB4BCA52E4 199168 ----a-w- C:\Windows\SysWOW64\shdocvw.dll 2013-05-24 22:28:20 77A8C35CA0804AF869180CA598F8D26D 2382336 ----a-w- C:\Windows\SysWOW64\esent.dll 2013-05-24 22:28:13 06C5E22E47C68A204CAA7206ECD6E58B 11878912 ----a-w- C:\Windows\SysWOW64\wmp.dll 2013-05-24 22:28:12 70032A556617347A4E6C53DA16DC3FCE 10789888 ----a-w- C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2013-05-24 22:28:12 18152CAB34DF83B2B16A7FC0BFE80AAB 2767360 ----a-w- C:\Windows\SysWOW64\tquery.dll 2013-05-24 22:28:11 4B6BCFDA47A2E55C326494F12452D36B 1593344 ----a-w- C:\Windows\SysWOW64\mssrch.dll 2013-05-24 22:28:08 9398353A04C00C3B9B7A9A45DF3C13A9 1113600 ----a-w- C:\Windows\SysWOW64\MSAudDecMFT.dll 2013-05-24 22:28:08 49CDF50EDBC11418B1A33959A99961EA 403968 ----a-w- C:\Windows\SysWOW64\mssph.dll 2013-05-24 22:28:07 FCCEDE04F10EC0B72321333FF928E5AF 1408896 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2013-05-24 22:28:07 6E3DF13A4F37DF490BEEF87417B21F28 8857088 ----a-w- C:\Windows\SysWOW64\twinui.dll 2013-05-24 22:28:07 5B2CA9D6F7E49EE443453D93472918CA 324096 ----a-w- C:\Windows\SysWOW64\schannel.dll 2013-05-24 22:28:07 4DD38C9F28B9A0D8B1635580E8DF7D86 302592 ----a-w- C:\Windows\SysWOW64\SearchProtocolHost.exe 2013-05-24 22:28:06 E23423B873733BB831898C67300C3CAC 656896 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2013-05-24 22:28:06 7D815C01B62B86BFC8D36F1134C0E3F1 2035200 ----a-w- C:\Windows\SysWOW64\authui.dll 2013-05-24 22:28:06 58ABD60925CE849CEAEBAC105E74BE5A 426024 ----a-w- C:\Windows\SysWOW64\AudioEng.dll 2013-05-24 22:28:06 434D27871C24D123038BCE8507010276 252928 ----a-w- C:\Windows\SysWOW64\rsaenh.dll 2013-05-24 22:28:06 1F2C7F52F7A53751ED38287EF90942C8 324368 ----a-w- C:\Windows\SysWOW64\AudioSes.dll 2013-05-24 22:28:06 031397F2F9B2445CD901C8694E4012FD 670208 ----a-w- C:\Windows\SysWOW64\SearchIndexer.exe 2013-05-24 22:28:05 EE6CD55E45FB9022B90C12B760A32876 186880 ----a-w- C:\Windows\SysWOW64\mssphtb.dll 2013-05-24 22:28:05 D582457BE12CE7649D8FFE6BDFBF83A0 389632 ----a-w- C:\Windows\SysWOW64\intl.cpl 2013-05-24 22:28:05 D54A923CB6EEA45576380C197A480142 411136 ----a-w- C:\Windows\SysWOW64\Windows.Networking.dll 2013-05-24 22:28:05 CE3EE84318F36CEFFE8B35F97BFA2804 214528 ----a-w- C:\Windows\SysWOW64\mfreadwrite.dll 2013-05-24 22:28:05 C043356858B65CEC5B751CE74F013125 106496 ----a-w- C:\Windows\SysWOW64\Robocopy.exe 2013-05-24 22:28:05 BB208BC1082B114AFBBE6CCBE42AA6CA 171008 ----a-w- C:\Windows\SysWOW64\SearchFilterHost.exe 2013-05-24 22:28:05 98AE6E68249F47584EB5353D2E371AF4 361984 ----a-w- C:\Windows\SysWOW64\MFMediaEngine.dll 2013-05-24 22:28:05 973490D8FA14A14C6307BC4F672178DB 123880 ----a-w- C:\Windows\SysWOW64\wscapi.dll 2013-05-24 22:28:05 701B9B1100E251A9125BD72307ABACFF 659456 ----a-w- C:\Windows\SysWOW64\mssvp.dll 2013-05-24 22:28:05 492EDFADEFB48CCAE6D848BC484E9630 41984 ----a-w- C:\Windows\SysWOW64\fmifs.dll 2013-05-24 22:28:05 450DBA20B14DA7F827C71F880483B859 155648 ----a-w- C:\Windows\SysWOW64\dmvdsitf.dll 2013-05-24 22:28:05 2616F018CF3BB7D8CEE0C00EE5730898 364544 ----a-w- C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-05-24 22:28:05 1F8B4D03B06617338750496530A92BE5 268800 ----a-w- C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-05-24 22:28:04 CF3FE167858C4DC3E853AFCC43AB4B7F 35328 ----a-w- C:\Windows\SysWOW64\mssprxy.dll 2013-05-24 22:28:04 688C938523639C1A96A66B3832B7E74F 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll 2013-05-24 22:28:04 48C690A3F2106A23B261442E08992E08 10752 ----a-w- C:\Windows\SysWOW64\msshooks.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-05-24 22:30:32 3BEB35752C6CB89441725C637F28E741 19231232 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-05-24 22:30:30 9A7830D03B6DC20781C160733B8CE248 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-05-24 22:30:30 19A53C33DF574849FB0A5DEE90D0B224 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-05-24 22:30:29 9B9107F1486476D86B6910EDF07F4358 2242048 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-05-24 22:30:29 19EFE41F8BF6B7781BF0FA08C84E0034 2647552 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-05-24 22:30:29 16D90132E422A965307406DC1B00E9BF 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-05-24 22:30:28 E508A303148C549C28B5723699EF4552 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-05-24 22:30:28 DC7CD161C78524ADB54F4334431B319F 915968 ----a-w- C:\Windows\Sysnative\uxtheme.dll 2013-05-24 22:30:28 42950B529F6F0D0035B25E88C1FC632E 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-05-24 22:30:28 113D4D908B1EC3A69183729371A55405 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-05-24 22:29:00 F8E8AB38B693DD43A982F95B7A3158CC 19758592 ----a-w- C:\Windows\Sysnative\shell32.dll 2013-05-24 22:28:54 5544F876B3932D3D6ED67656B28228CF 112872 ----a-w- C:\Windows\Sysnative\consent.exe 2013-05-24 22:28:54 4FF1C0F2B66119DA7A48BC1F160892C5 222208 ----a-w- C:\Windows\Sysnative\shdocvw.dll 2013-05-24 22:28:54 4F750B7EFCB6520AE01E01D082D7D476 70144 ----a-w- C:\Windows\Sysnative\appinfo.dll 2013-05-24 22:28:20 56DA495DE9758984ADF855D4EA30D4A9 2851840 ----a-w- C:\Windows\Sysnative\esent.dll 2013-05-24 22:28:15 43F4569BFF89D84E7E43DC41AA7B8554 13648384 ----a-w- C:\Windows\Sysnative\Windows.UI.Xaml.dll 2013-05-24 22:28:14 64C3C2FCFECC783279FBC51769673144 3552768 ----a-w- C:\Windows\Sysnative\tquery.dll 2013-05-24 22:28:14 57EF2DC36D34092F79CD9F7F016359F3 14267904 ----a-w- C:\Windows\Sysnative\wmp.dll 2013-05-24 22:28:12 13FC1A4A3463E9DE1EF1881E8525EB56 2107904 ----a-w- C:\Windows\Sysnative\mssrch.dll 2013-05-24 22:28:11 A05BA2FE3B3FFE1920F383E3E321D9A2 1829408 ----a-w- C:\Windows\Sysnative\ntdll.dll 2013-05-24 22:28:11 092115A536C478921DA3D24E29C06E3E 1444864 ----a-w- C:\Windows\Sysnative\MSAudDecMFT.dll 2013-05-24 22:28:09 80E66F3F18603523585AF96B43D7945A 4038144 ----a-w- C:\Windows\Sysnative\win32k.sys 2013-05-24 22:28:09 39F8E0D68E941FB947F4116A29C5D53E 10116096 ----a-w- C:\Windows\Sysnative\twinui.dll 2013-05-24 22:28:08 ED40ED9A65F3E79A8C43DD50C5FDADBF 1285632 ----a-w- C:\Windows\Sysnative\schedsvc.dll 2013-05-24 22:28:08 A7FA87716A1F39BECB5CDED4F03C73F7 306952 ----a-w- C:\Windows\Sysnative\kd_02_10ec.dll 2013-05-24 22:28:08 9FDAA6957F04A6D1917463B7CBBEF88A 816128 ----a-w- C:\Windows\Sysnative\SearchIndexer.exe 2013-05-24 22:28:08 810F30FF8490ED5ED510621DF10DE320 785408 ----a-w- C:\Windows\Sysnative\audiosrv.dll 2013-05-24 22:28:07 C82794F9B5AF314F7CACA6AF758C44A0 422400 ----a-w- C:\Windows\Sysnative\schannel.dll 2013-05-24 22:28:07 A6D52417607B399790678AFB2B44CDF3 172544 ----a-w- C:\Windows\Sysnative\dwmredir.dll 2013-05-24 22:28:07 8FB468CFB4A4B0E13A19A672D9429B1F 2303488 ----a-w- C:\Windows\Sysnative\authui.dll 2013-05-24 22:28:07 78DF3884149D09A3E703DDCA91BFFD84 446792 ----a-w- C:\Windows\Sysnative\AudioSes.dll 2013-05-24 22:28:07 77DAB73F2AF988D07D72FD2DA0DC91FC 298456 ----a-w- C:\Windows\Sysnative\rsaenh.dll 2013-05-24 22:28:07 7018F9EEEC3B5427046E6D761715BC54 595456 ----a-w- C:\Windows\Sysnative\Windows.Networking.dll 2013-05-24 22:28:07 6B8EDB9EC94DC2D1370C57564E853051 489576 ----a-w- C:\Windows\Sysnative\AudioEng.dll 2013-05-24 22:28:07 58C0CA86362B32ABC87E39A99013C75A 367616 ----a-w- C:\Windows\Sysnative\conhost.exe 2013-05-24 22:28:07 489B2DC75115A61769B9304FAEBC7D66 817152 ----a-w- C:\Windows\Sysnative\kerberos.dll 2013-05-24 22:28:07 480FB2259449C49C630D4AC3EC1EB426 373760 ----a-w- C:\Windows\Sysnative\SearchProtocolHost.exe 2013-05-24 22:28:07 38069D6F774EB0B83A9301E5698B52CA 435200 ----a-w- C:\Windows\Sysnative\mssph.dll 2013-05-24 22:28:06 E1B0C213296FF324992BEF0E285BB623 1403784 ----a-w- C:\Windows\Sysnative\winload.efi 2013-05-24 22:28:06 AB279D4734BC508911C004F8D1011973 456704 ----a-w- C:\Windows\Sysnative\wpncore.dll 2013-05-24 22:28:06 4E1F42D7616BB19253B99E85EDDA6E8C 1267424 ----a-w- C:\Windows\Sysnative\winload.exe 2013-05-24 22:28:06 46159633AA549E4D2CF6455B056CAB96 523264 ----a-w- C:\Windows\Sysnative\XpsGdiConverter.dll 2013-05-24 22:28:06 3B002BD044161080F3A5235E79AE171E 391168 ----a-w- C:\Windows\Sysnative\Windows.Networking.BackgroundTransfer.dll 2013-05-24 22:28:06 22B9D38C6A69591811C10D4D1BF96AFE 1217328 ----a-w- C:\Windows\Sysnative\winresume.efi 2013-05-24 22:28:06 205162CCEBA17B54C6A7788C31726E95 804352 ----a-w- C:\Windows\Sysnative\RecoveryDrive.exe 2013-05-24 22:28:06 09B2F3A41C6A8BFA22640826F70E9810 253544 ----a-w- C:\Windows\Sysnative\audiodg.exe 2013-05-24 22:28:05 F2027911CBDC096576F0F1F81C790C1B 468992 ----a-w- C:\Windows\Sysnative\MFMediaEngine.dll 2013-05-24 22:28:05 F0CFE7AA1100CDEF41ABA210C5610E85 196096 ----a-w- C:\Windows\Sysnative\dmvdsitf.dll 2013-05-24 22:28:05 E8801AF63EE3DEACA29F1F5526C35F53 86280 ----a-w- C:\Windows\Sysnative\kdnet.dll 2013-05-24 22:28:05 D3461BAFD6314E47C3C984DFEFAA6EEA 419840 ----a-w- C:\Windows\Sysnative\intl.cpl 2013-05-24 22:28:05 D2EFA32998014927140E40054645CA4E 414720 ----a-w- C:\Windows\Sysnative\GenuineCenter.dll 2013-05-24 22:28:05 BCD7A47EF587DC00DD61D12D9C2D1E44 169472 ----a-w- C:\Windows\Sysnative\AudioEndpointBuilder.dll 2013-05-24 22:28:05 B7F4C0DEC76583C128D40579C36D6AA8 1093880 ----a-w- C:\Windows\Sysnative\winresume.exe 2013-05-24 22:28:05 8383D48F0A55703A613C339EF586C6AA 50176 ----a-w- C:\Windows\Sysnative\fmifs.dll 2013-05-24 22:28:05 61A9A710077526C9A7F068741540D96E 77960 ----a-w- C:\Windows\Sysnative\kdvm.dll 2013-05-24 22:28:05 5EAC1240B4699EC313C69FCADC5F457A 126464 ----a-w- C:\Windows\Sysnative\Robocopy.exe 2013-05-24 22:28:05 5D072A59331A34C9BE621C7A55578562 210432 ----a-w- C:\Windows\Sysnative\iuilp.dll 2013-05-24 22:28:05 4C1C6E9BB02654EB38CD6DF4ACE6664B 281088 ----a-w- C:\Windows\Sysnative\mfreadwrite.dll 2013-05-24 22:28:05 3EA778FE9D9B56E67C0783A63C4B142E 197120 ----a-w- C:\Windows\Sysnative\SearchFilterHost.exe 2013-05-24 22:28:05 365C6C6BC10201CC1080EB97A559BFC1 503080 ----a-w- C:\Windows\Sysnative\ci.dll 2013-05-24 22:28:05 31CAB21D19D8794854E037DEAABB499C 745984 ----a-w- C:\Windows\Sysnative\mssvp.dll 2013-05-24 22:28:05 0B43D0E9E00CB4F98FC62AB2FA5D96F3 231936 ----a-w- C:\Windows\Sysnative\fhengine.dll 2013-05-24 22:28:05 012CFE7F0F95266F554EE3B91EE2128A 99840 ----a-w- C:\Windows\Sysnative\wscsvc.dll 2013-05-24 22:28:04 FDA6525D9018812E4237ED5EEB29F5DA 2048 ----a-w- C:\Windows\Sysnative\tzres.dll 2013-05-24 22:28:04 E55A2C4497247F8CA09F1B2AAFAEDD3C 13824 ----a-w- C:\Windows\Sysnative\msshooks.dll 2013-05-24 22:28:04 D0B384E810077BF3FE5A11718B512275 387688 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml 2013-05-24 22:28:04 3C77496ED7DB0D802427689F7E613777 96256 ----a-w- C:\Windows\Sysnative\mssprxy.dll 2013-05-24 22:28:04 0E2D8CE7A7A459256CBD5698F90D100A 65024 ----a-w- C:\Windows\Sysnative\msscntrs.dll 2013-05-24 22:27:59 59ADE56B6D7F9392ACBAD9641AE03CD4 6987528 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe ====== C:\Windows\Sysnative\drivers ===== 2013-05-24 22:30:06 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 1455368 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys 2013-05-24 22:28:48 F4A91D985EB9D1D2717D538F3424603C 861184 ----a-w- C:\Windows\Sysnative\drivers\http.sys 2013-05-24 22:28:07 61FE70659CD43E07F94DA4DC31DEC493 805376 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys 2013-05-24 22:28:06 56218A571ECF8D55E0CDFF8DF2546CF1 623104 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys 2013-05-24 22:28:05 FD97DEF4D031A4D73A149C4A97375042 83968 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys 2013-05-24 22:28:05 9E11EE0F2E117B2D5A835B2B91752827 27648 ----a-w- C:\Windows\Sysnative\drivers\hidusb.sys 2013-05-24 22:28:05 872E937681910E2456A054331C7D5A18 284424 ----a-w- C:\Windows\Sysnative\drivers\spaceport.sys 2013-05-24 22:28:05 61F6972FF9AC9A8D0B4D62076DC30051 83456 ----a-w- C:\Windows\Sysnative\drivers\wanarp.sys 2013-05-24 22:28:05 3730942D7DB2F8BB5F84542B7FF6F650 60416 ----a-w- C:\Windows\Sysnative\drivers\ndproxy.sys 2013-05-24 22:28:05 14FC338B80CFF7E04215133B568D15C4 247808 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys 2013-05-24 22:28:05 085F150D002B7F0153D3C06DDF33A143 95744 ----a-w- C:\Windows\Sysnative\drivers\hidbth.sys 2013-05-10 22:45:24 3D50891CAA71E3479A8A10F25CA9207F 352008 ----a-w- C:\Windows\Sysnative\drivers\cbfs3.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-05-01 19:59:28 -------- d-----w- C:\Program Files\adobe portable 2013-5 ======= C:\Program Files (x86) ===== 2013-05-09 20:30:26 -------- d-----w- C:\Program Files (x86)\Common Files\Magic Video Converter 2013-05-09 20:30:06 -------- d-----w- C:\Program Files (x86)\Magic Video Converter 2013-05-02 13:05:32 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe 2013-04-30 21:36:31 -------- d-----w- C:\Program Files (x86)\Adobe ======= C: ===== 2013-05-01 20:10:39 E272C14D7D0782A0C252DB62CD9C409E 112 ---ha-w- C:\5C26FC92A9C2 ====== C:\Users\Robbescheuten\AppData\Roaming ====== 2013-05-09 22:09:16 -------- d-----w- C:\users\Robbescheuten\AppData\Roaming\dvdcss 2013-05-09 20:30:34 -------- d-----w- C:\users\Robbescheuten\AppData\Local\Real 2013-05-02 13:05:32 -------- d-----w- C:\users\Robbescheuten\AppData\Local\Adobe 2013-05-01 21:50:56 -------- d-----w- C:\users\Robbescheuten\AppData\Roaming\Adobe 2013-04-30 22:13:08 -------- d-----w- C:\users\Robbescheuten\AppData\Local\Xilisoft 2013-04-30 22:13:05 -------- d-----w- C:\users\Robbescheuten\AppData\Roaming\Xilisoft 2013-04-30 21:54:01 -------- d-----we C:\users\Robbescheuten\AppData\Locallow\PlayReady ====== C:\Users\Robbescheuten ====== 2013-05-25 22:22:42 -------- d-----w- C:\ProgramData\Zylom 2013-05-09 20:30:34 -------- d-----w- C:\ProgramData\Real 2013-05-09 20:30:32 -------- d-----w- C:\ProgramData\Apple Computer 2013-05-09 20:30:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Video Converter ====== C: exe-files == 2013-05-28 20:48:09 98889B175B89C1A6BD413991C2FE88E8 331264 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00003afc\updatus.16005495_RUNASUSER.exe 2013-05-28 19:40:22 2EF18E8F9DF5A2428AE212C92BCDCE86 450352 ----a-w- C:\Users\Robbescheuten\Pictures\FixitCenter_Run.exe 2013-05-25 11:30:30 0C3C9A77BCAB1B1AC89E451480833C42 1167872 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\TelegraafMediaNederland.DeTelegraaf_w8zgx0kmdem4w\AC\Microsoft\CLR_v4.0_32\NativeImages\Telegraaf.Win8\a863441842318fa8708a9b2ca53c694c\Telegraaf.Win8.ni.exe 2013-05-25 11:30:26 988A4F29997DDDA9ED6C92DDA9A9D97C 953344 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\DePersgroep.AD_jq644qkv4n918\AC\Microsoft\CLR_v4.0_32\NativeImages\Metro.Paper.Client\c65b87886d038ec6fe4bf2d7c8912a42\Metro.Paper.Client.ni.exe 2013-05-25 11:30:24 8E7833764AAD97758B71F7497B5418FC 415232 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\61768iRop.Regionieuws_t0qychrd0p8g4\AC\Microsoft\CLR_v4.0_32\NativeImages\Regionieuws\cd3661bbf5b81e32e839265ae40c3ec0\Regionieuws.ni.exe 2013-05-25 11:30:23 583004E42539751FADA268733239B7D0 681984 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\42414ArendMelissant.EssentialWeather_aspqep25jzha0\AC\Microsoft\CLR_v4.0_32\NativeImages\EssentialWeather\461b00c7af4144374176ca88cd247d78\EssentialWeather.ni.exe 2013-05-25 11:30:22 FEF6A82CC9B73604E3C9D8A02D91D11A 381952 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\39894WimHoek.Tuinieren_8zxhjnee5n5vw\AC\Microsoft\CLR_v4.0_32\NativeImages\Tuinieren\58d3e53a5222b452c8be1b295532ec6d\Tuinieren.ni.exe 2013-05-25 11:30:22 0DA9486473B29D6559B7E115DF770DFD 429056 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\35101NielsLaute.Regenmeter_ppjayf9g3ze9e\AC\Microsoft\CLR_v4.0_32\NativeImages\RegenmeterRT\207fb932c3f264d0ef8c8caf0021eda5\RegenmeterRT.ni.exe 2013-05-25 11:29:44 EFEACDD83ECD6A8C2253F0A8F0591939 1094656 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\SanomaMediaNetherlandsB.V.NU.nl_g20pnp589533g\AC\Microsoft\CLR_v4.0\NativeImages\NU.nl\74e20ecc221f7ff32af4eebc58814543\NU.nl.ni.exe 2013-05-25 11:29:34 AC4FBB34047D702B38D66596ABFE39FB 2900480 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\Microsoft.BingMaps_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0\NativeImages\Map\aa4afea7cfa6b0e816a021c8baf046cf\Map.ni.exe 2013-05-25 11:29:25 DBEEBAF04DA129E28B5E54660D166338 2208768 ----a-w- C:\Users\Robbescheuten\AppData\Local\Packages\AccuWeather.AccuWeatherforWindows8_8zz2pj9h1h1d8\AC\Microsoft\CLR_v4.0\NativeImages\AccuWeatherMetro.UI\5545e950e7efb06c5f6c11276e4ec046\AccuWeatherMetro.UI.ni.exe 2013-05-24 22:30:28 E508A303148C549C28B5723699EF4552 51712 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-05-24 22:28:54 5544F876B3932D3D6ED67656B28228CF 112872 ----a-w- C:\Windows\System32\consent.exe 2013-05-24 22:28:08 9FDAA6957F04A6D1917463B7CBBEF88A 816128 ----a-w- C:\Windows\System32\SearchIndexer.exe 2013-05-24 22:28:07 58C0CA86362B32ABC87E39A99013C75A 367616 ----a-w- C:\Windows\System32\conhost.exe 2013-05-24 22:28:07 4DD38C9F28B9A0D8B1635580E8DF7D86 302592 ----a-w- C:\Windows\SysWOW64\SearchProtocolHost.exe 2013-05-24 22:28:07 480FB2259449C49C630D4AC3EC1EB426 373760 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2013-05-24 22:28:06 4E1F42D7616BB19253B99E85EDDA6E8C 1267424 ----a-w- C:\Windows\System32\winload.exe 2013-05-24 22:28:06 4E1F42D7616BB19253B99E85EDDA6E8C 1267424 ----a-w- C:\Windows\System32\Boot\winload.exe 2013-05-24 22:28:06 205162CCEBA17B54C6A7788C31726E95 804352 ----a-w- C:\Windows\System32\RecoveryDrive.exe 2013-05-24 22:28:06 09B2F3A41C6A8BFA22640826F70E9810 253544 ----a-w- C:\Windows\System32\audiodg.exe 2013-05-24 22:28:06 031397F2F9B2445CD901C8694E4012FD 670208 ----a-w- C:\Windows\SysWOW64\SearchIndexer.exe 2013-05-24 22:28:05 C043356858B65CEC5B751CE74F013125 106496 ----a-w- C:\Windows\SysWOW64\Robocopy.exe 2013-05-24 22:28:05 BB208BC1082B114AFBBE6CCBE42AA6CA 171008 ----a-w- C:\Windows\SysWOW64\SearchFilterHost.exe 2013-05-24 22:28:05 B7F4C0DEC76583C128D40579C36D6AA8 1093880 ----a-w- C:\Windows\System32\winresume.exe 2013-05-24 22:28:05 B7F4C0DEC76583C128D40579C36D6AA8 1093880 ----a-w- C:\Windows\System32\Boot\winresume.exe 2013-05-24 22:28:05 5EAC1240B4699EC313C69FCADC5F457A 126464 ----a-w- C:\Windows\System32\Robocopy.exe 2013-05-24 22:28:05 3EA778FE9D9B56E67C0783A63C4B142E 197120 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2013-05-24 22:27:59 59ADE56B6D7F9392ACBAD9641AE03CD4 6987528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-05-24 22:17:45 4DE637AC4849A781DDA6095547F9CC4F 175928 ----a-w- C:\Users\Robbescheuten\AppData\Local\Apps\2.0\EJL2P913.KLO\R1P7P7A7.BVV\scan..tion_9729c35283d7424a_0001.000f_b25f94c03cf4097c\ScanCircle.exe 2013-05-23 20:44:13 C2137A6CDD700265969E81DFBC07CA3C 330688 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00003a39\updatus.15869751_RUNASUSER.exe 2013-05-22 20:43:26 F4FC5C803AC4BF4970587EE92E60B24B 330136 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\00003989\updatus.15840555_RUNASUSER.exe === C: other files == 2013-05-29 16:02:30 9FB325E90DA3FB1B79430730AA5EE3CA 10628359 ----a-w- C:\Users\Public\Desktop\sample_29-05-2013_1802.zip 2013-05-29 15:55:40 850B5AB0E1DAAC6F17E4402F0BCD3DCB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2617873385-1771127311-2925833956-1002\$IZ39SH5.zip 2013-05-24 22:30:06 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 1455368 ----a-w- C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-24 22:28:48 F4A91D985EB9D1D2717D538F3424603C 861184 ----a-w- C:\Windows\System32\Drivers\http.sys 2013-05-24 22:28:09 80E66F3F18603523585AF96B43D7945A 4038144 ----a-w- C:\Windows\System32\win32k.sys 2013-05-24 22:28:07 61FE70659CD43E07F94DA4DC31DEC493 805376 ----a-w- C:\Windows\System32\Drivers\PEAuth.sys 2013-05-24 22:28:06 56218A571ECF8D55E0CDFF8DF2546CF1 623104 ----a-w- C:\Windows\System32\Drivers\srv2.sys 2013-05-24 22:28:05 FD97DEF4D031A4D73A149C4A97375042 83968 ----a-w- C:\Windows\System32\Drivers\hidclass.sys 2013-05-24 22:28:05 9E11EE0F2E117B2D5A835B2B91752827 27648 ----a-w- C:\Windows\System32\Drivers\hidusb.sys 2013-05-24 22:28:05 872E937681910E2456A054331C7D5A18 284424 ----a-w- C:\Windows\System32\Drivers\spaceport.sys 2013-05-24 22:28:05 61F6972FF9AC9A8D0B4D62076DC30051 83456 ----a-w- C:\Windows\System32\Drivers\wanarp.sys 2013-05-24 22:28:05 3730942D7DB2F8BB5F84542B7FF6F650 60416 ----a-w- C:\Windows\System32\Drivers\ndproxy.sys 2013-05-24 22:28:05 14FC338B80CFF7E04215133B568D15C4 247808 ----a-w- C:\Windows\System32\Drivers\srvnet.sys 2013-05-24 22:28:05 085F150D002B7F0153D3C06DDF33A143 95744 ----a-w- C:\Windows\System32\Drivers\hidbth.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "TpScrex"="C:\ProgramData\TpScrex\TpScrex.exe /somering" "Browser Infrastructure Helper"="C:\Users\Robbescheuten\AppData\Local\Smartbar\Application\QuickShare.exe startup" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" "Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" "Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" "Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "PowerDVD12DMREngine"="C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" "PowerDVD12Agent"="C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" "LWS"="C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" "SonneDVDCreator"="C:\Program Files (x86)\Magic Video Converter\dc.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "TpScrex"="C:\ProgramData\TpScrex\TpScrex.exe /somering" "Browser Infrastructure Helper"="C:\Users\Robbescheuten\AppData\Local\Smartbar\Application\QuickShare.exe startup" "RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" "Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" "Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" "Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice" ==== Startup Folders ====================== 2013-03-22 20:47:04 1116 ----a-w- C:\users\Robbescheuten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Productregistratie.lnk ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Robbescheuten\AppData\Roaming\Mozilla\Firefox\Profiles\5l2ur4u4.default ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11 9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ B3BA4E18594082F88D9013CC8C080855 - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System 2147C8ED020B1CE3B82BBDD3C49C8F81 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll - WacomTabletPlugin ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Startpagina.nl | Jouw startpagina voor weer, verkeer en meer" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{9DD089FE-3DBF-407D-97C1-B219EA7CE64C}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Startpagina.nl | Jouw startpagina voor weer, verkeer en meer" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" {9DD089FE-3DBF-407D-97C1-B219EA7CE64C} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2617873385-1771127311-2925833956-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9DD089FE-3DBF-407D-97C1-B219EA7CE64C} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, Silent Runners - Adware? Disinfect, don't reformat! Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} msnmsgr = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [MS] TpScrex = C:\ProgramData\TpScrex\TpScrex.exe /somering [file not found] Browser Infrastructure Helper = C:\Users\Robbescheuten\AppData\Local\Smartbar\Application\QuickShare.exe startup [file not found] RESTART_STICKY_NOTES = C:\Windows\System32\StikyNot.exe [MS] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++} Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64 = C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" [MS] Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727 = C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" [MS] Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 = C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" [MS] Uninstall C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910 = C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor] Logitech Download Assistant = C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [MS] BCSSync = "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS] egui = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [ESET] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} HP Software Update = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard] (Default) = (empty string) [file not found] PowerDVD12DMREngine = "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [CyberLink] PowerDVD12Agent = "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [CyberLink Corp.] LWS = C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [Logitech Inc.] SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] Wondershare Helper Compact.exe = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [file not found] SonneDVDCreator = C:\Program Files (x86)\Magic Video Converter\dc.exe [MagicVideoSoftware Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] -> {HKLM...Wow...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {647FD14A-C4F1-46F4-8FC3-0B40F54226F7}\(Default) = EmailBHO -> {HKLM...Wow...CLSID} = jZip Webmail plugin \InProcServer32\(Default) = C:\Program Files (x86)\jZip\WebmailPlugin.dll [Discordia Limited] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] -> {HKLM...Wow...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll [MS] EldosIconOverlay\(Default) = {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} -> {HKLM...CLSID} = VSMntNtfOverlayIcon Class \InProcServer32\(Default) = C:\Windows\system32\CbFsMntNtf3.dll [EldoS Corporation] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...Wow...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...Wow...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...Wow...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll [MS] EldosIconOverlay\(Default) = {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} -> {HKLM...Wow...CLSID} = VSMntNtfOverlayIcon Class \InProcServer32\(Default) = C:\Windows\SysWow64\CbFsMntNtf3.dll [EldoS Corporation] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...CLSID} = Werkruimten \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM...CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {86D38419-E3B2-464e-9B78-7652D9802E04} = ArtRage Painting Thumbnail Handler -> {HKLM...CLSID} = ArtRage Painting Thumbnail Handler \InProcServer32\(Default) = C:\Program Files (x86)\Ambient Design\ArtRage Studio Pro\AR3Thumb64.dll [Ambient Design Ltd] {B089FE88-FB52-11D3-BDF1-0050DA34150D} = ESET Smart Security - Context Menu Shell Extension -> {HKLM...CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\shellExt.dll [ESET] {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} = Revo Uninstaller Pro Extension -> {HKLM...CLSID} = RUShellExt Class \InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group] {5FF49FE8-B332-4CB9-B102-FB6951629E55} = Virtual Storage Mount Notification -> {HKLM...CLSID} = Virtual Storage Mount Notification \InProcServer32\(Default) = C:\Windows\system32\CbFsMntNtf3.dll [EldoS Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler -> {HKLM...Wow...CLSID} = NeroDigitalIconHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] {7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler -> {HKLM...Wow...CLSID} = NeroDigitalPropSheetHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...Wow...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...Wow...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...Wow...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...Wow...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext -> {HKLM...Wow...CLSID} = Ondernemingsprojecten \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...Wow...CLSID} = Werkruimten \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {5D607245-F832-4faa-9C92-895B7E06CFCF} = ArtRage Painting Thumbnail Handler -> {HKLM...Wow...CLSID} = ArtRage Painting Thumbnail Handler \InProcServer32\(Default) = C:\Program Files (x86)\Ambient Design\ArtRage Studio Pro\AR3Thumb.dll [Ambient Design Ltd] {EAC179B1-B2AD-4695-902B-43D77A3D8D11} = Easy Poster Printer Thumbnail -> {HKCU...Wow...CLSID} = Easy_Poster_Printer.ThumbnailProvider \InProcServer32\(Default) = mscoree.dll [MS] {B089FE88-FB52-11D3-BDF1-0050DA34150D} = ESET Smart Security - Context Menu Shell Extension -> {HKLM...Wow...CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\x86\shellExt.dll [ESET] {5FF49FE8-B332-4CB9-B102-FB6951629E55} = Virtual Storage Mount Notification -> {HKLM...Wow...CLSID} = Virtual Storage Mount Notification \InProcServer32\(Default) = C:\Windows\SysWow64\CbFsMntNtf3.dll [EldoS Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ <<!>> {5FF49FE8-B332-4CB9-B102-FB6951629E55} = Virtual Storage Mount Notification -> {HKLM...CLSID} = Virtual Storage Mount Notification \InProcServer32\(Default) = C:\Windows\system32\CbFsMntNtf3.dll [EldoS Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ <<!>> {5FF49FE8-B332-4CB9-B102-FB6951629E55} = Virtual Storage Mount Notification -> {HKLM...CLSID} = Virtual Storage Mount Notification \InProcServer32\(Default) = C:\Windows\system32\CbFsMntNtf3.dll [EldoS Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ EldosMountNotificator = {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> {HKLM...CLSID} = Virtual Storage Mount Notification \InProcServer32\(Default) = C:\Windows\system32\CbFsMntNtf3.dll [EldoS Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ EldosMountNotificator = {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> {HKLM...Wow...CLSID} = Virtual Storage Mount Notification \InProcServer32\(Default) = C:\Windows\SysWow64\CbFsMntNtf3.dll [EldoS Corporation] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> AppInit_DLLs = C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL [NVIDIA Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> AppInit_DLLs = c:\progra~2\nvidia~1\3dvisi~1\nvstinit.dll [NVIDIA Corporation] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll [MS] -> {HKCU...Wow...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Corel PaintShop Pro X5\(Default) = {D6D67107-2AFB-41D4-97E3-4F6ED2A21FF8} -> {HKLM...CLSID} = PSPContextMenu Class \InProcServer32\(Default) = c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\PSPContextMenu64.dll [Corel Software, Inc.] ESET Smart Security - Context Menu Shell Extension\(Default) = {B089FE88-FB52-11D3-BDF1-0050DA34150D} -> {HKLM...CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\shellExt.dll [ESET] -> {HKLM...Wow...CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\x86\shellExt.dll [ESET] jZip\(Default) = {E677C7AD-2B66-4539-AA29-3771A1CFEDA9} -> {HKLM...Wow...CLSID} = jZipShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\jZip\jZipShell.dll [Discordia Limited] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\Tools\WinRAR\rarext32.dll [Alexander Roshal] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll [MS] -> {HKCU...Wow...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ Corel PaintShop Pro X5\(Default) = {D6D67107-2AFB-41D4-97E3-4F6ED2A21FF8} -> {HKLM...CLSID} = PSPContextMenu Class \InProcServer32\(Default) = c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\PSPContextMenu64.dll [Corel Software, Inc.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ SkyDriveEx\(Default) = {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} -> {HKCU...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll [MS] -> {HKCU...Wow...CLSID} = SkyDriveEx \InProcServer32\(Default) = C:\Users\Robbescheuten\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler -> {HKLM...Wow...CLSID} = NeroDigitalColumnHandler Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\Lib\NeroDigitalExt.dll [Nero AG] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ ESET Smart Security - Context Menu Shell Extension\(Default) = {B089FE88-FB52-11D3-BDF1-0050DA34150D} -> {HKLM...CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\shellExt.dll [ESET] -> {HKLM...Wow...CLSID} = ESET Smart Security - Context Menu Shell Extension \InProcServer32\(Default) = C:\Program Files\ESET\ESET Smart Security\x86\shellExt.dll [ESET] jZip\(Default) = {E677C7AD-2B66-4539-AA29-3771A1CFEDA9} -> {HKLM...Wow...CLSID} = jZipShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\jZip\jZipShell.dll [Discordia Limited] RUShellExt\(Default) = {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} -> {HKLM...CLSID} = RUShellExt Class \InProcServer32\(Default) = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [VS Revo Group] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\Tools\WinRAR\rarext32.dll [Alexander Roshal] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\Tools\WinRAR\rarext32.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoRun = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoControlPanel = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ EnableCursorSuppression = (REG_DWORD) dword:0x00000001 {unrecognized setting} DisableTaskMgr = (REG_DWORD) dword:0x00000000 {unrecognized setting} DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Robbescheuten\Pictures\wallpaper\aurora_2-wallpaper-1920x1080.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AcerClearfiMediaAutoPlayMOVIE\ Provider = Acer InvokeProgID = AcerClearfiMediaAutoPlayMOVIE\AutoPlay InvokeVerb = open HKLM\SOFTWARE\Classes\AcerClearfiMediaAutoPlayMOVIE\AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\Acer\clear.fi Media\clearfiMediaAutoplay.exe %1 MOVIE [Acer Incorporated] AcerClearfiMediaAutoPlayMUSIC\ Provider = Acer InvokeProgID = AcerClearfiMediaAutoPlayMUSIC\AutoPlay InvokeVerb = open HKLM\SOFTWARE\Classes\AcerClearfiMediaAutoPlayMUSIC\AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\Acer\clear.fi Media\clearfiMediaAutoplay.exe %1 MUSIC [Acer Incorporated] ASHAshampoo_Burning_Studio_10BURNONARRIVAL\ Provider = Ashampoo Burning Studio 10 InvokeProgID = Ashampoo.BurningStudio10 InvokeVerb = autoplay-burn HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio10\shell\autoplay-burn\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe" -autoplay -selectdrive "%l" [Ashampoo] ASHAshampoo_Burning_Studio_10COPYONARRIVAL\ Provider = Ashampoo Burning Studio 10 InvokeProgID = Ashampoo.BurningStudio10 InvokeVerb = autoplay-copy HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio10\shell\autoplay-copy\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe" -autoplay -selectdrive "%l" -copy [Ashampoo] ASHAshampoo_Burning_Studio_10RIPONARRIVAL\ Provider = Ashampoo Burning Studio 10 InvokeProgID = Ashampoo.BurningStudio10 InvokeVerb = autoplay-rip HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio10\shell\autoplay-rip\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 10\burningstudio10.exe" -autoplay -selectdrive "%l" -rip [Ashampoo] CanonMPNEX50PictureOnArrival\ Provider = MP Navigator EX Ver5.0 InvokeProgID = MPNavigatorEX50.AutoplayHandler InvokeVerb = open HKLM\SOFTWARE\Classes\MPNavigatorEX50.AutoplayHandler\shell\open\command\(Default) = C:\Program Files (x86)\Canon\MP Navigator EX 5.0\mpnex50.exe /AUTOPLAY %1 [CANON INC.] Corel PaintShop Pro X5ShowPicturesOnArrivalHandler\ InvokeProgID = PaintShopProX5.Image InvokeVerb = Overzicht HKLM\SOFTWARE\Classes\PaintShopProX5.Image\shell\Overzicht\command\(Default) = "c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%1" [Corel, Inc.] ExpressBurn.AutoPlay\ Provider = Express Burn InvokeProgID = ExpressBurn.AutoPlay InvokeVerb = open HKLM\SOFTWARE\Classes\ExpressBurn.AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe [NCH Software] MagicUSBCable\ Provider = @%windir%\system32\migwiz\wet.dll,-588 CLSID = {0C776A5A-FC42-4870-8D65-D62ADD9184FF} -> {HKLM...CLSID} = Magic USB Cable Class ID \LocalServer32\(Default) = "C:\Windows\System32\MigAutoPlay.exe" [MS] MSFhConfigBackup\ Provider = @C:\Windows\system32\fhautoplay.dll,-100 InvokeProgID = FHConfig.AutoPlayHandler InvokeVerb = config HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPromptEachTime\ Provider = @C:\Windows\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTime HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSPromptEachTimeNoContent\ Provider = @C:\Windows\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTimeNoContent HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] MSWPDNetworkConfigHandler\ Provider = @C:\Windows\system32\wpdshext.dll,-503 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /NetworkConfig;%SystemRoot%\system32\xwizard.exe;RunWizard {34c219bd-85c1-4338-95e8-788a36901dc2} /z %s -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] MXFotomakerBrowseOnArrival\ Provider = MAGIX Digital Foto Maker 9 InvokeProgID = Magix.Fotomaker.Brws InvokeVerb = Brws HKLM\SOFTWARE\Classes\Magix.Fotomaker.Brws\shell\Brws\command\(Default) = "C:\Program Files (x86)\MAGIX\Foto_Manager_9\FotoMaker.exe" /exp "%1" [MAGIX] MXFotomakerBurningCDArrival\ Provider = MAGIX Digital Foto Maker 9 InvokeProgID = Magix.Fotomaker.Burn InvokeVerb = Burn HKLM\SOFTWARE\Classes\Magix.Fotomaker.Burn\shell\Burn\command\(Default) = "C:\Program Files (x86)\MAGIX\Foto_Manager_9\FotoMaker.exe" [MAGIX] MXFotomakerHandleMTP\ Provider = MAGIX Digital Foto Maker 9 InvokeProgID = Magix.Fotomaker. InvokeVerb = HKLM\SOFTWARE\Classes\Magix.Fotomaker.\shell\\command\(Default) = "C:\Program Files (x86)\MAGIX\Foto_Manager_9\FotoMaker.exe" [MAGIX] MXFotomakerImportPicturesOnArrival\ Provider = MAGIX Digital Foto Maker 9 InvokeProgID = Magix.Fotomaker.ImportPic InvokeVerb = ImportPic HKLM\SOFTWARE\Classes\Magix.Fotomaker.ImportPic\shell\ImportPic\command\(Default) = "C:\Program Files (x86)\MAGIX\Foto_Manager_9\FotoMaker.exe" /k "%1" [MAGIX] MXFotomakerPlayVideoOnArrival\ Provider = MAGIX Digital Foto Maker 9 InvokeProgID = Magix.Fotomaker.PlayV InvokeVerb = PlayV HKLM\SOFTWARE\Classes\Magix.Fotomaker.PlayV\shell\PlayV\command\(Default) = "C:\Program Files (x86)\MAGIX\Foto_Manager_9\FotoMaker.exe" /exp "%1" [MAGIX] MXFotomakerShowPicturesOnArrival\ Provider = MAGIX Digital Foto Maker 9 InvokeProgID = Magix.Fotomaker.ShwPic InvokeVerb = ShwPic HKLM\SOFTWARE\Classes\Magix.Fotomaker.ShwPic\shell\ShwPic\command\(Default) = "C:\Program Files (x86)\MAGIX\Foto_Manager_9\FotoMaker.exe" /exp "%1" [MAGIX] PowerDVD12.0PlayBluRayOnArrival\ Provider = PowerDVD 12 InvokeProgID = BluRay InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\BluRay\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY BD "%L" [CyberLink Corp.] PowerDVD12.0PlayCDAudioOnArrival\ Provider = PowerDVD 12 InvokeProgID = AudioCD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY CD "%L" [CyberLink Corp.] PowerDVD12.0PlayDVDMovieOnArrival\ Provider = PowerDVD 12 InvokeProgID = DVD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY DVD "%L" [CyberLink Corp.] PowerDVD12.0PlaySuperVideoCDMovieOnArrival\ Provider = PowerDVD 12 InvokeProgID = SVCD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY VCD "%L" [CyberLink Corp.] PowerDVD12.0PlayVideoCDMovieOnArrival\ Provider = PowerDVD 12 InvokeProgID = VCD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY VCD "%L" [CyberLink Corp.] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] WIA_{318E669C-9060-4020-9907-243E8A674815}\ Provider = Photoshop CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Adobe\Photoshop Elements 11\PhotoshopElementsEditor.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{51BD566E-A02D-4387-9A82-D929EA8C20B0}\ Provider = MAGIX Foto Manager 9 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaClsid;{51BD566E-A02D-4387-9A82-D929EA8C20B0}; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{794D8CD9-9B5D-4EEC-A723-314701919B20}\ Provider = MP Navigator EX Ver5.0 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Canon\MP Navigator EX 5.0\mpnex50.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "Robbescheuten" & "All Users" startup folders: --------------------------------------------------------------- C:\Users\Robbescheuten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} Logitech . Productregistratie -> shortcut to: C:\Program Files (x86)\Logitech\Ereg\eReg.exe /remind /language=NLD /_WFM="." [Leader Technologies/Logitech] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks 0 -> launches: c:\program files\internet explorer\iexplore.exe [MS] 4801 -> launches: wscript.exe C:\Users\ROBBES~1\AppData\Local\Temp\launchie.vbs //B [MS] ALU -> launches: C:\Program Files (x86)\Acer\Live Updater\updater.exe -auto [null data] ALUAgent -> launches: C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [null data] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] CreateChoiceProcessTask -> launches: C:\Windows\BrowserChoice\browserchoice.exe /launch [MS] Hotkey Utility -> launches: "C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [Acer Incorporated] Optimize Start Menu Cache Files-S-1-5-21-2617873385-1771127311-2925833956-500 -> launches: {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\twinapi.dll [MS] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\SysWOW64\twinapi.dll [MS] Power Management -> launches: "C:\Program Files\Acer\Acer Power Management\ePowerTray.exe" [Acer Incorporated] Scheduled Update for Ask Toolbar -> launches: C:\Program Files (x86)\Ask.com\UpdateTask.exe [file not found] C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework .NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] .NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\AppID SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666} -> {HKLM...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS] -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent /increment [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1} -> {HKLM...CLSID} = Proactive Scan \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66} -> {HKLM...CLSID} = BthSQM \InProcServer32\(Default) = C:\Windows\System32\BthSQM.dll [MS] Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F} -> {HKLM...CLSID} = Data Integrity Scan \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888} -> {HKLM...CLSID} = DsmRefreshTask Class \InProcServer32\(Default) = C:\Windows\System32\DeviceSetupManagerAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A} -> {HKLM...CLSID} = FhTaskHandler Class \InProcServer32\(Default) = C:\Windows\System32\fhtask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS] RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS] LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3} -> {HKLM...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS] -> {HKLM...Wow...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371} -> {HKLM...CLSID} = PerfTrack TaskHandler class \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PI Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS] Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209} -> {HKLM...CLSID} = Device Installation Group Policy Task Handler \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS] Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b} -> {HKLM...CLSID} = Device Installation Reboot Dialog Task \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS] Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\energytask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Servicing StartComponentCleanup -> launches: dism.exe /online /cleanup-image /startcomponentcleanup /asynchronous [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} -> {HKLM...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\Windows\system32\SettingSyncInfo.dll [MS] -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\Windows\system32\SettingSyncInfo.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43} -> {HKLM...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS] -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS] FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS] FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA} -> {HKLM...CLSID} = FamilySafety.WebSync \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS] IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS] -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC} -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS] -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler Idle Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS] Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8} -> {HKLM...CLSID} = Maintenance Configurator \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS] Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS] Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9} -> {HKLM...CLSID} = Time Synchronization Task Handler \InProcServer32\(Default) = C:\Windows\system32\TimeSyncTask.dll [MS] SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TPM Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate Scheduled Start -> launches: C:\Windows\system32\sc.exe start wuauserv [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WS Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC} -> {HKLM...CLSID} = WinStore Tile Badge Updater \InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS] License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS] Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E} -> {HKLM...CLSID} = WinStore License Sync task \InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS] WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS] WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\WSService.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-2617873385-1771127311-2925833956-1002 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...Wow...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ArcSoft Exchange Service, ADExchange, C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [ArcSoft, Inc.] CCDMonitorService, CCDMonitorService, C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [Acer Incorporated] Classic Shell Service, ClassicShellService, "C:\Program Files\Classic Shell\ClassicShellService.exe" [ivoSoft] CLHNServiceForPowerDVD12, CLHNServiceForPowerDVD12, C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [CyberLink Corp.] CyberLink PowerDVD 12 Media Server Monitor Service, CyberLink PowerDVD 12 Media Server Monitor Service, "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe" [CyberLink] CyberLink PowerDVD 12 Media Server Service, CyberLink PowerDVD 12 Media Server Service, "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" [CyberLink] ePower Service, ePowerSvc, "C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe" [Acer Incorporated] ESET Service, ekrn, "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [ESET] FABS - Helping agent for MAGIX media database, Fabs, C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [MAGIX© AG] IconMan_R, IconMan_R, "C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe" [Realsil Microelectronics Inc.] Intel® Capability Licensing Service Interface, Intel® Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [intel® Corporation] Intel® Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [intel Corporation] Intel® Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [intel Corporation] Intel® Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [intel Corporation] NVIDIA Display Driver Service, nvsvc, C:\Windows\system32\nvvsvc.exe [NVIDIA Corporation] NVIDIA Stereoscopic 3D Driver Service, Stereo Service, C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [NVIDIA Corporation] NVIDIA Update Service Daemon, nvUpdatusService, C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [NVIDIA Corporation] Office Software Protection Platform, osppsvc, "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [MS] Protexis Licensing V2, PSI_SVC_2, "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [Protexis Inc.] Wacom Consumer Service, WTabletServiceCon, C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [Wacom Technology, Corp.] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <<!>> MCODS, HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> MCODS, Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor MG6200 series\Driver = CNMLMAU.DLL [CANON INC.] Canon BJNP Port\Driver = CNMN6PPM.DLL [CANON INC.] Virtual Monitor\Driver = C:\Windows\SysWOW64\LPPMn06u.DLL [LEAD Technologies, Inc.] ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robbescheuten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Robbescheuten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\users\Robbescheuten\AppData\Local\Mozilla\Firefox\Profiles\5l2ur4u4.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ROBBES~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on wo 29-05-2013 at 18:10:55,11 ======================

Ik kan de addons/pluggins niet vinden waar moet ik dan kijken, heb bij internetoptie's gekeken het hele rijtje afgegaan maar zal waarschijnlijk dan andere benaming zijn zou dat kunnen? Ze hebben van Megaupload mij vanochtend vroeg een mail verzonden daar stond in dat ze mijn account zouden verwijderen, maar volgens mij nog niet gebeurd, dus op de ene of andere manier moet ik ergens iets uitschakelen want op de pc zelf is nergens iets te vinden. Help je me a.u.b. nog verder? b.v.d. vr.gr. - - - Updated - - - waarschijnlijk heeft die megaupload zich op de pc genesteld met een andere naam (denk ik) - - - Updated - - - http://tweakers.net/nieuws/86757/nieuwe-opslagdienst-van-megaupload-medewerkers-opent-deuren.html - - - Updated - - - http://www.nu.nl/internet/3006790/opvolger-megaupload-geeft-50-gb-gratis-opslag.html

Nu heb ik een serieus probleem https://mega.co.nz heeft zich genesteld in mijn internetbrowser op al mijn pc's er is niets geinstalleerd maar dit is een online opslag media waar je 50Gb gratis kon parkeren, maar er staat nergens een verwijderknop van je account wat daar is aangemaakt heb al verschillende mails er naar toe gestuurd maar geen reactie, kan ik dit bij internetoptie's ergens uitvinken want telkens als ik b.v. iets wil downloaden komt hun site met de down en upload te voorschijn. En met dit probleem is het op de laptop begonnen. laptop werkt wel maar een heleboel werkt er niet meer filemanager, internet, etc. Maar nu wil ik toch graag mijn desktop pc eerst in orde dat die mega rotzooi uit mijn internet gaat wat kan ik doen?? gr. en alvast weer veel dank voor uw hulp.

Ik kan wel in de bios komen maar kan niet met de pijlen naar links of rechts oftewel naar boven of beneden. - - - Updated - - - vorige keer wel zo gedaan

Vorige keer zonder cd/dvd gedaan want die heb ik er nooit bij gekregen maar dat lukt nu niet meer. ??

Ja dat is het hem nou juist herinstalatie lukt niet omdat ik niets kan selecteren (zie bovenstaand bericht rebooten) eigenlijk hulp nodig met herinstalatie a.u.b.

Hoi, hoi, Clarkie ik kan geen herstelpunt maken staat er geen, Kweezie Wabbit, ik ben begonnen met die rotzooi te zoeken van opslag op 't internet dat is een nieuwe www.megaupload. Maar telkens als ik iets wilde downloaden begon die megaupload dus is deze blijkbaar zonder 't te weten aan mijn laptop gekoppeld, kon me ook niet herinneren dat ik iets daarvan had geinstalleerd maar toch maar zoeken nergens te vinden. op internet gezocht om me af te melden maar ook daarvoor is geen mogelijkheid. en ik ongeduldig ben maar door gegaan heb alle ongebruikte software erafgehaald toen kwam ik uit bij Microsoft office 2010 alles met revouninstaller verwijderd intussen kwam mijn zoon op bezoek en heb ik per ongeluk alle registervermeldingen van microsoft verwijderd niet meer terug te zetten, dus geen internet erg onstabiel niets meer in kunnen stellen etc. dus ik dacht ga ik 'm maar rebooten net als in januari maar ook dat lukt niet want ik kan zoveel op de geselecteerde items gaan staan maar enteren lukt niet ik heb dit toen zonder cd/dvd gedaan want die waren niet aanwezig bij aankoop. maar nu is 't hopeloos ik kan wel gewoon naar configuratiescherm en naar mappen maar instellen of iets veranderen gaat niet in configuratiescherm bij systeem of dergelijke valt niks meer te doen. ik hoop dat er nog wat aan te doen is?? dank je alvast dus bovenstaande speccy en Hijack log zijn nu niet meer recent er is na deze logjes vanalles gebeurd maar alles wat niet goed is. gr. - - - Updated - - - Oei ,Oei nou ging ik de link zoeken om jullie die rechtstreeks te geven en nou zal hij zich waarschijnlijk ook nog gaan nestelen op mijn nieuwe desktop ik hoop van niet hier is de link: https://mega.co.nz/

Oei, oei, inmiddels doorgegaan en van alles geprobeerd kan hem nu zelfs niet meer reboten dus ik kan niks meer hij start wel op maar als ik naar reboot in de bios ga kan ik niets selecteren dus nu ben ik afgewerkt op deze laptop HELP aub !!!!!!!!!!!!