Geen verbinding met bepaalde site

[Nel47]

Hallo lieve mensen,

Ik krijg sinds een week geen verbinding meer met de site Den Hutsepot - De lekkerste site van Vlaanderen!

Met mijn andere laptop krijg ik wel verbinding met deze site (net uitgeprobeerd)

Kan iemand mij helpen a.u.b.?

Bij voorbaat dank

Nel van Santen

Ik krijg dit te zien

[Nel47]

Is er niemand die mij kan helpen?

[kape]

We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem.

1. Download HijackThis. (klik er op)

De download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere PC en het bestand met een USB-stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden. Dit kan je HIER doen.

Sla deze op in een nieuwe map op de C schijf (bvb C:\\hijackthis) en start hijackthis dan vanaf deze map. De logjes kan je dan ook in die map terugvinden.

---

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

---

3. Na het plaatsen van je logje wordt dit door een expert nagekeken en hij begeleidt jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

[Nel47]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:55:32, on 6-9-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:\Users\Nel\Desktop\uTorrent.exe

C:\Users\Nel\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\Nel\AppData\Roaming\BrowserCompanion\tcbhn.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo XI\Corel Paint Shop Pro Photo.exe

Q:\140066.nld\Office14\WINWORDC.EXE

Q:\140066.nld\Office14\OffSpon.EXE

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.8010003&st=12

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Nel\Desktop\uTorrent.exe" /MINIMIZED

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O4 - Startup: Dropbox.lnk = Nel\AppData\Roaming\Dropbox\bin\Dropbox.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater12.1.3 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10238 bytes

[Nel47]

Dit is een oude zo te zien, hoe moet ik die vervangen, deze stond al op mijn pc zeker

[kape]

Klopt inderdaad ... maar daar zitten al een aantal aanduidingen van malware in. Mogelijk zal dit dus ook nu nog het geval zijn. Maak even een actueel logje met HijackThis en dan bekijken we de huidige toestand.

[Nel47]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:27:11, on 11-8-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16635)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Del7869751] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Del7545690] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Del6938082] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs:

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11139 bytes

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKUS\S-1-5-18\..\RunOnce: [Del7869751] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Del7545690] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Del6938082] cmd.exe /Q /D /c del "C:\Windows\TEMP\0.del" (User 'SYSTEM')

O20 - AppInit_DLLs:

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download zoek.exe naar het bureaublad.

• Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
  (hier of hier) kan je lezen hoe je dat doet.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

 
startupall; 
filesrcm; 

Vink nu de onderstaande opties aan.

• HijackThis Log
  
• Firefox Look
  
• Chrome Look
  
• System Specs
  
• Silent Runners
  
• Firefox Defaults
  
• Reset Chrome
  
• IE Defaults
  
• Reset Hosts
  
• Auto Clean
  

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post nu de inhoud van het geopende logje in het volgende bericht.
  

[Nel47]

Zoek.exe Version 4.0.0.4 Updated 10-August-2013

Tool run by Nel on ma 12-08-2013 at 7:03:39,97.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Nel\Desktop\zoek.exe [script inserted] [Checkboxes used]

==== System Restore Info ======================

12-8-2013 7:07:24 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.

127.0.0.1 localhost

::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2088802119-1191371545-69361678-1001\Software\Microsoft\Internet Explorer\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\prefs.js:

Added to C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Nel\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0

user.js not found

---- Lines o6argr@yv-yya.co.uk removed from prefs.js ----

---- Lines o6argr@yv-yya.co.uk modified from prefs.js ----

---- Lines babyue@cwh-.org removed from prefs.js ----

---- Lines babyue@cwh-.org modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_12-08-2013_0710_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Nel\Downloads\SoftonicDownloader_voor_utorrent.exe" deleted

"C:\windows\SysNative\Tasks\DealPly" deleted

"C:\windows\SysNative\Tasks\DealPlyUpdate" deleted

"C:\windows\SysNative\Tasks\EPUpdater" deleted

"C:\Windows\Syswow64\shoFEA.tmp" deleted

"C:\ProgramData\safE saave" deleted

"C:\ProgramData\SearchNewTab" deleted

"C:\Program Files (x86)\Uninstall Information\ib_uninst_514" deleted

"C:\Program Files (x86)\Uninstall Information\ib_uninst_539" deleted

"C:\ProgramData\StarApp" deleted

"C:\ProgramData\SearchNewTab" deleted

"C:\ProgramData\InstallMate" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safE saave" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchNewTab" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchNewTab" deleted

"C:\Users\Nel\AppData\Local\CRE" deleted

"C:\Windows\SysWow64\searchplugins" deleted

"C:\Windows\SysWow64\Extensions" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 3935 MB

CPU Info: Intel® Core i5-3210M CPU @ 2.50GHz

CPU Speed: 2499,1 MHz

Sound Card: Speakers (Realtek High Definiti |

Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Algemeen PnP-beeldscherm |

Screen Resolution: 1600 X 900 - 32 bit

Network: Network Present

Network Adapters: TeamViewer VPN Adapter | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)

CD / DVD Drives: 1x (D: | ) D: PIONEER DVD-RW DVRTD11RS

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 3 Button Wheel Mouse Present

Hard Disks: C: 450,2GB | Q: 0,0MB

Hard Disks - Free: C: 356,5GB | Q: 0,0MB

Manufacturer *: Insyde Corp.

BIOS Info: AT/AT COMPATIBLE | 06/08/12 | ACRSYS - 1

Time Zone: West-Europa (standaardtijd)

Motherboard *: Type2 - Board Vendor Name1 VA70_HC

Internet Explorer Version: 10.0.9200.16635

Sun Java version: No Java Installed?

Country: Nederland

Language: NLD

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Nel\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2013-07-19 23:50:56 C8D9EEACF266512C1FA52E2ECF5AD944 71480 ----a-w- C:\Windows\Sysnative\drivers\avgidsha.sys

2013-07-19 23:50:56 241C32E942869FD1351CC5864976C3AC 246072 ----a-w- C:\Windows\Sysnative\drivers\avgidsdrivera.sys

2013-07-19 23:50:50 FACD18A89FDEBC35C85CAF762B294BE2 206648 ----a-w- C:\Windows\Sysnative\drivers\avgldx64.sys

2013-07-15 08:54:59 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

====== C:\Windows\Tasks ======

2013-07-19 07:14:36 A28D82B29D9D032032BF30214CA13193 3252 ----a-w- C:\Windows\Sysnative\Tasks\{A4050AEC-4A46-4CDB-8E7F-922263B11A7D}

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\Program Files (x86) =====

2013-08-11 12:21:27 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-07-29 05:09:12 -------- d-----w- C:\Program Files (x86)\OpenOffice 4

2013-07-15 15:03:00 -------- d-----w- C:\Program Files (x86)\Internetbeveiliging

======= C: =====

====== C:\Users\Nel\AppData\Roaming ======

2013-07-31 06:11:22 1117845200C8AE252B9D82CA4E720CAB 3584 ----a-w- C:\users\Nel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-07-29 05:11:17 -------- d-----w- C:\users\Nel\AppData\Roaming\OpenOffice

====== C:\Users\Nel ======

2013-07-31 06:43:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2013-07-29 05:09:49 -------- d-s---w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0

2013-07-15 14:54:04 -------- d-----w- C:\ProgramData\F-Secure

2013-07-13 07:07:52 549D79E01B7D5F48B998272D10FF7298 110725 ----a-w- C:\Users\Nel\less 291.jpg

====== C: exe-files ==

=== C: other files ==

2013-08-10 07:02:58 A150BB0ACF59E0935BB700CDB017CB3F 133827 ----a-w- C:\Users\Nel\Desktop\materiaalgirlwithdragon.zip

2013-08-09 12:27:27 C59763A232CAA12C9CF54A25BD751790 338991 ----a-w- C:\Users\Nel\Desktop\my bbq grill.zip

2013-08-09 12:16:26 052466E63FB8431DCCB9487538A465DA 2469 ----a-w- C:\Users\Nel\Desktop\Yeagle-WM.zip

2013-08-09 10:59:36 24E67C23FDADB6D91F7B6FCBDC752DB7 8674675 ----a-w- C:\Users\Nel\Desktop\Dreamland32\InzpiredCreationz-AlittleBirdieToldMe.zip

2013-08-08 10:52:28 B36E81C4C1A1FC462666609BC9A1AD1B 7882124 ----a-w- C:\Users\Nel\Desktop\106124_std.zip

2013-08-08 10:51:20 94D34B4474CBB693B51DA61B82DAC6AC 4702048 ----a-w- C:\Users\Nel\Desktop\106156_std.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BkupTray"="C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe /TRAYONLY"

"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s "

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Apoint"

"hkey"="HKLM"

"command"="C:\\Program Files\\Apoint2K\\Apoint.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AthBtTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AthBtTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\AthBtTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtStack]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AtherosBtStack"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\BtvStack.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BackupManagerTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\NTI\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlazeServoTool]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BlazeServoTool"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\NTI\\NTI Digital Flix 2.5.0.4\\MediaDetector.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Corel Photo Downloader]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Corel Photo Downloader"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Corel\\Corel Snapfire\\Corel Photo Downloader.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dolby Home Theater v4]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Dolby Home Theater v4"

"hkey"="HKLM"

"command"="\"C:\\Dolby PCEE4\\pcee4.exe\" -autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HotKeysCmds"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\hkcmd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IgfxTray"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\igfxtray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InstantUpdate]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="InstantUpdate"

"hkey"="HKLM"

"command"="C:\\Program Files\\Acer\\Acer Instant Service\\InstantUpdate\\iuDaemon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelTBRunOnce]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="IntelTBRunOnce"

"hkey"="HKLM"

"command"="wscript.exe //b //nologo \"C:\\Program Files\\Intel\\TurboBoost\\RunTBGadgetOnce.vbs\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LManager"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Norton Online Backup"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Persistence"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\igfxpers.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Power Management]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Power Management"

"hkey"="HKLM"

"command"="C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg_Dolby]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RtHDVBg_Dolby"

"hkey"="HKLM"

"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE4 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SuiteTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USB3MON]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="USB3MON"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Intel\\Intel® USB 3.0 eXtensible Host Controller Driver\\Application\\iusb3mon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="uTorrent"

"hkey"="HKCU"

"command"="\"C:\\Users\\Nel\\Desktop\\uTorrent.exe\" /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="vProt"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\AVG Secure Search\\vprot.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Nel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

"path"="C:\\Users\\Nel\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"

"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\Users\\Nel\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"

"item"="Dropbox"

==== Startup Folders ======================

2013-01-19 12:06:57 1296 ----a-w- C:\users\Nel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15-07-2013 17:14]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Nel\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]

nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Nel\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="Google"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="Google"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Google"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

==== HijackThis Entries ======================

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O1 - Hosts: ::1 localhost

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [bkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, Silent Runners - Adware? Disinfect, don't reformat!

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}

BkupTray = "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [null data]

AVG_UI = "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.]

BCSSync = "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)

-> {HKLM...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = Java Plug-In SSV Helper

\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = Windows Live ID Sign-in Helper

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

-> {HKLM...Wow...CLSID} = Aanmeldhulp voor Windows Live ID

\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO

-> {HKLM...CLSID} = Office Document Cache Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]

-> {HKLM...Wow...CLSID} = Office Document Cache Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = Java Plug-In 2 SSV Helper

\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)

-> {HKLM...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}\(Default) = IESpeakDoc

-> {HKLM...Wow...CLSID} = CIESpeechBHO Class

\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = Windows Live ID Sign-in Helper

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

-> {HKLM...Wow...CLSID} = Aanmeldhulp voor Windows Live ID

\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO

-> {HKLM...Wow...CLSID} = Skype Browser Helper

\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO

-> {HKLM...CLSID} = Office Document Cache Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]

-> {HKLM...Wow...CLSID} = Office Document Cache Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}

-> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU...Wow...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU...Wow...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU...Wow...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [Dropbox, Inc.]

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt

-> {HKCU...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt

-> {HKCU...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt

-> {HKCU...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt

-> {HKCU...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice Property Handler

-> {HKLM...CLSID} = OpenOffice Property Handler

\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll [Apache Software Foundation]

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension

-> {HKLM...CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll [AVG Technologies CZ, s.r.o.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)

-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim

-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim

-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim

-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension

-> {HKLM...Wow...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal]

{2086A549-ED96-4DC9-BBE3-0538AB29ABEC} = PSP Thumbnail Handler Shell Extension

-> {HKLM...Wow...CLSID} = PSP Thumbnail Handler Shell Extension

\InProcServer32\(Default) = C:\Program Files (x86)\PSP Thumbnail Handler\PSPThumb.dll [bot Productions]

{ABC70703-32AF-11d4-90C4-D483A70F4825} = CMenuExtender

-> {HKLM...Wow...CLSID} = CMenuExtender

\InProcServer32\(Default) = C:\Program Files (x86)\iColorFolder\CMExt.dll [Revenger inc.]

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = TuneUp Shredder Shell Extension

-> {HKLM...Wow...CLSID} = TuneUp Shredder Shell Extension

\InProcServer32\(Default) = C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-win32.dll [TuneUp Software]

{4838CD50-7E5D-4811-9B17-C47A85539F28} = TuneUp Disk Space Explorer Shell Extension

-> {HKLM...Wow...CLSID} = TuneUp Disk Space Explorer Shell Extension

\InProcServer32\(Default) = C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x86.dll [TuneUp Software]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler

-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler

\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler

-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler

\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension

-> {HKLM...Wow...CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler

-> {HKLM...Wow...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension

-> {HKLM...Wow...CLSID} = Workspaces

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search

-> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search

\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}

-> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class

\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}

-> {HKLM...Wow...CLSID} = CInfoTipShellExt Class

\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper

-> {HKLM...Wow...CLSID} = Groove GFS Browser Helper

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler

-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar

-> {HKLM...Wow...CLSID} = Groove Folder Synchronization

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook

-> {HKLM...Wow...CLSID} = Groove GFS Stub Execution Hook

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler

-> {HKLM...Wow...CLSID} = Groove GFS Stub Icon Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

-> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler

-> {HKLM...Wow...CLSID} = Groove XML Icon Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

{00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler

-> {HKLM...Wow...CLSID} = Microsoft Outlook

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\MLSHEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler

-> {HKLM...Wow...CLSID} = Outlook File Icon Extension

\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice Property Handler

-> {HKLM...Wow...CLSID} = OpenOffice Property Handler

\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl.dll [Apache Software Foundation]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice Column Handler

-> {HKLM...Wow...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice Infotip Handler

-> {HKLM...Wow...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice Property Sheet Handler

-> {HKLM...Wow...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice Thumbnail Viewer

-> {HKLM...Wow...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook

-> {HKLM...CLSID} = Groove GFS Stub Execution Hook

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook

-> {HKLM...CLSID} = Groove GFS Stub Execution Hook

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\

{ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider

-> {HKLM...CLSID} = AthCredentialProvider

\InProcServer32\(Default) = AthCredentialProvider.dll [Atheros Commnucations]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider

-> {HKLM...CLSID} = AthCredentialProvider

\InProcServer32\(Default) = AthCredentialProvider.dll [Atheros Commnucations]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}

-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

-> {HKCU...Wow...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F}

-> {HKLM...CLSID} = AppShellPage Class

\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]

AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

-> {HKLM...CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll [AVG Technologies CZ, s.r.o.]

-> {HKLM...Wow...CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.]

Corel PaintShop Pro X4\(Default) = {CA34A346-C652-4F33-8CFF-FD6A91D9D64A}

-> {HKLM...CLSID} = PSPContextMenu Class

\InProcServer32\(Default) = c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [Corel Software, Inc.]

TuneUp Shredder Shell Extension\(Default) = {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}

-> {HKLM...CLSID} = TuneUp Shredder Shell Extension

\InProcServer32\(Default) = C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-x64.dll [TuneUp Software]

-> {HKLM...Wow...CLSID} = TuneUp Shredder Shell Extension

\InProcServer32\(Default) = C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-win32.dll [TuneUp Software]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}

-> {HKLM...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM...Wow...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1}

-> {HKLM...CLSID} = FTShellContext Class

\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM...CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

MWLIVShellExt\(Default) = {B1B294FE-EC1E-4fef-AF68-D34CE3E38157}

-> {HKLM...CLSID} = MWLIVShell Class

\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll [Egis Technology Inc. ]

-> {HKLM...Wow...CLSID} = MWLIVShell Class

\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec MyWinLocker\MWLIVShellExt.dll [Egis Technology Inc. ]

ShredderContextMenu\(Default) = {521065F1-DE6C-4E46-BBCB-89B0D0BE860D}

-> {HKLM...CLSID} = ShredContextMenu Class

\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [Egis Technology Inc.]

-> {HKLM...Wow...CLSID} = ShredContextMenu Class

\InProcServer32\(Default) = C:\Program Files (x86)\EgisTec Shredder\x86\ShredderContextMenu.dll [Egis Technology Inc.]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

-> {HKCU...Wow...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

CMenuExtender\(Default) = {ABC70703-32AF-11d4-90C4-D483A70F4825}

-> {HKLM...Wow...CLSID} = CMenuExtender

\InProcServer32\(Default) = C:\Program Files (x86)\iColorFolder\CMExt.dll [Revenger inc.]

Corel PaintShop Pro X4\(Default) = {CA34A346-C652-4F33-8CFF-FD6A91D9D64A}

-> {HKLM...CLSID} = PSPContextMenu Class

\InProcServer32\(Default) = c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [Corel Software, Inc.]

TuneUp Disk Space Explorer Shell Extension\(Default) = {4838CD50-7E5D-4811-9B17-C47A85539F28}

-> {HKLM...CLSID} = TuneUp Disk Space Explorer Shell Extension

\InProcServer32\(Default) = C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x64.dll [TuneUp Software]

-> {HKLM...Wow...CLSID} = TuneUp Disk Space Explorer Shell Extension

\InProcServer32\(Default) = C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x86.dll [TuneUp Software]

TuneUp Shredder Shell Extension\(Default) = {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}

-> {HKLM...CLSID} = TuneUp Shredder Shell Extension

\InProcServer32\(Default) = C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-x64.dll [TuneUp Software]

-> {HKLM...Wow...CLSID} = TuneUp Shredder Shell Extension

\InProcServer32\(Default) = C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-win32.dll [TuneUp Software]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}

-> {HKLM...CLSID} = Ath_CopyHook

\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll [Atheros Commnucations]

HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}

-> {HKCU...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

-> {HKCU...Wow...CLSID} = DropboxExt

\InProcServer32\(Default) = C:\Users\Nel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}

-> {HKLM...CLSID} = GraphicsShellExt Class

\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [intel Corporation]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice Column Handler

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll [Apache Software Foundation]

-> {HKLM...Wow...CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info

-> {HKLM...Wow...CLSID} = PDF Shell Extension

\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

-> {HKLM...CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgsea.dll [AVG Technologies CZ, s.r.o.]

-> {HKLM...Wow...CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files (x86)\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM...CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}

-> {HKLM...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM...Wow...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}

-> {HKLM...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

-> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler

\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}

-> {HKLM...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}

-> {HKLM...Wow...CLSID} = WinRAR

\InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

disableregistrytools = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

disablecmd = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to the command prompt}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

SCRNSAVE.EXE = C:\Windows\system32\Acer.scr [null data]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AcerClearfiMediaAutoPlayMOVIE\

Provider = Acer

InvokeProgID = AcerClearfiMediaAutoPlayMOVIE\AutoPlay

InvokeVerb = open

HKLM\SOFTWARE\Classes\AcerClearfiMediaAutoPlayMOVIE\AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\Acer\clear.fi Media\clearfiMediaAutoplay.exe %1 MOVIE [Acer Incorporated]

AcerClearfiMediaAutoPlayMUSIC\

Provider = Acer

InvokeProgID = AcerClearfiMediaAutoPlayMUSIC\AutoPlay

InvokeVerb = open

HKLM\SOFTWARE\Classes\AcerClearfiMediaAutoPlayMUSIC\AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\Acer\clear.fi Media\clearfiMediaAutoplay.exe %1 MUSIC [Acer Incorporated]

Corel PaintShop Pro X4ShowPicturesOnArrivalHandler\

InvokeProgID = PaintShopProX4.Image

InvokeVerb = Overzicht

HKLM\SOFTWARE\Classes\PaintShopProX4.Image\shell\Overzicht\command\(Default) = "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%1" [Corel, Inc.]

MSLivePhotoAcquireDropHandler\

Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10

InvokeProgID = Microsoft.LivePhotoAcqDTShim.1

InvokeVerb = open

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}

-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\

Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10

InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1

InvokeVerb = open

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}

-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.AudioCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.DVD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.VCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.VCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\

Provider = @wmploc.dll,-6502

InvokeProgID = WMP.BurnCD

InvokeVerb = Burn

HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

NTIBurner\

Provider = NTI Media Maker

InvokeProgID = NTIBurnerOpen

InvokeVerb = open

HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = "C:\Program Files (x86)\NTI\NTI Media Maker 9 Premium\Launcher.exe" [null data]

WIA_{BB74B714-E937-417E-BCA7-73034D832B97}\

Provider = Paint Shop Pro 9

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe -wialaunch;

-> {HKLM...CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{CEBAD3B2-BD9E-48DA-98C4-FCD7CF0108B9}\

Provider = WinZip

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files\WinZip\WINZIP64.EXE /wia;

-> {HKLM...CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

Startup items in "Nel" & "All Users" startup folders:

-----------------------------------------------------

C:\Users\Nel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}

OneNote 2010 Screen Clipper and Launcher -> shortcut to: C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [MS]

Non-disabled Scheduled Tasks: {++}

-----------------------------

C:\Windows\System32\Tasks

Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]

Adobe-online actualiseringsprogramma -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated]

CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]

CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS]

DeviceDetector -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [CyberLink]

EgisUpdate -> launches: "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d [Egis Technology Inc.]

PMMUpdate -> launches: "C:\Program Files\EgisTec IPS\PMMUpdate.exe" [Egis Technology Inc.]

TuneUpUtilities_Task_BkGndMaintenance2011 -> launches: C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe $(Arg0) [file not found]

TuneUpUtilities_Task_BkGndMaintenance2012 -> launches: C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe $(Arg0) [TuneUp Software]

UALU notificatin -> launches: "C:\Program Files\Acer\Acer Updater\UALU.exe" [null data]

User_Feed_Synchronization-{1740CD31-5BE6-454A-85A4-6AA557B6EAD3} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]

{24A92C06-EE10-4CF3-BA69-D11592E07721} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Nel\AppData\Local\Temp\Temp1_Andromeda Complete Serie.zip\Andromeda Complete Serie\Perspective\Info en serial\fo-apf11.exe" [MS]

{37071B0F-6FA3-409B-9519-267D9A3A9ACF} -> launches: "c:\program files\internet explorer\iexplore.exe" Download Skype op uw computer ? Mac, Windows, Linux ? Skype [MS]

{47E5205E-46B0-4EAA-9A49-F38FB8991122} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Nel\AppData\Local\Temp\wlm-win7.exe -d C:\Users\Nel\Desktop -c -Shortcut [MS]

{7E5F50C3-2BA3-4DB3-B7FB-DE83C2725E7A} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2WETCE50\SetupRedfieldPlugins.exe" -d C:\Users\Nel\Desktop [MS]

{8377FE02-C4A8-4868-B941-6D0417AB3066} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Nel\Desktop\asdemo.exe -d C:\Users\Nel\Desktop [MS]

{8D8A4C7F-28DE-43D4-9E94-E2BAEF317409} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Nel\Documents\Insteekfilters\Andromeda\fo-apf11.exe -d C:\Users\Nel\Documents\Insteekfilters\Andromeda [MS]

{A4050AEC-4A46-4CDB-8E7F-922263B11A7D} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Nel\Desktop\rayflect\Rayflect Four Seasons v1.0\4SEASONS.EXE" -d "C:\Users\Nel\Desktop\rayflect\Rayflect Four Seasons v1.0" [MS]

{A861AB19-177E-4ADA-BBF1-1965E01BBA6C} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Nel\Documents\Insteekfilters\Andromeda_perspective_filter11\fo-apf11.exe -d C:\Users\Nel\Documents\Insteekfilters\Andromeda_perspective_filter11 [MS]

{B51B14F7-6A21-4598-8EB1-6BED3273A506} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\IncrediMail\Bin\ImSetup.exe" -c /uninstallProduct /addon:incredimail [MS]

{DA73064F-E0C3-4876-82CC-85311C5668E7} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Nel\Desktop\fo-apf11.exe -d C:\Users\Nel\Desktop [MS]

{F4D97737-782C-4201-93B2-B2CCE7C690FD} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Nel\AppData\Local\Temp\Temp1_SqirlzReflect.zip\SqR_instal.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}

-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience

AitAgent -> launches: aitagent [MS]

ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk

Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]

KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}

-> {HKLM...CLSID} = KernelCeipCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]

Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS]

UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}

-> {HKLM...CLSID} = UsbCeip

\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

-> {HKLM...Wow...CLSID} = UsbCeip

\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis

Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}

-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location

Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance

WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}

-> {HKLM...CLSID} = WinSAT Task Manger Task

\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task

\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]

ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]

DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]

ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]

InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]

mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]

mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]

MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]

ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]

OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]

OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]

PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]

PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]

PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]

PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]

PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]

RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]

ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]

SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]

StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]

UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic

CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}

-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}

-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}

-> {HKLM...CLSID} = HotStart User Agent

\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS]

LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}

-> {HKLM...CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace

GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics

AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}

-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler

\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler

\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras

MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}

-> {HKLM...CLSID} = RasMobilityManager

\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry

RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}

-> {HKLM...CLSID} = RegistryIdleBackupHandler

\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}

-> {HKLM...CLSID} = GadgetsManager Class

\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager

Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}

-> {HKLM...CLSID} = RunTask

\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

-> {HKLM...Wow...CLSID} = RunTask

\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]

IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}

-> {HKLM...CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization

SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}

-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies

ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]

ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform

BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing

UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup

AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS]

Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet

CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}

-> {HKLM...CLSID} = Wininet Cache task object

\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

-> {HKLM...Wow...CLSID} = Wininet Cache task object

\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE

Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}

-> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\WPD

SqmUpload_S-1-5-21-2088802119-1191371545-69361678-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]

000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]

000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]

000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

000000000009\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}

000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]

000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]

000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]

000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

Toolbars, Explorer Bars, Extensions:

------------------------------------

Explorer Bars

HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

ButtonText = Send to OneNote

MenuText = Se&nd to OneNote

CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}

-> {HKLM...CLSID} = Send to OneNote from Internet Explorer button

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\

ButtonText = OneNote Lin&ked Notes

MenuText = OneNote Lin&ked Notes

CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}

-> {HKLM...CLSID} = Linked Notes button

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\

ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004

MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003

CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}

-> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class

\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

ButtonText = Send to OneNote

MenuText = Se&nd to OneNote

CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}

-> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button

\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]

{7815BE26-237D-41A8-A98F-F7BD75F71086}\

MenuText = Send by Bluetooth to

CLSIDExtension = {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}

-> {HKLM...Wow...CLSID} = CIESpeechBHO Class

\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\

ButtonText = OneNote Lin&ked Notes

MenuText = OneNote Lin&ked Notes

CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}

-> {HKLM...Wow...CLSID} = Linked Notes button

\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\

ButtonText = Skype Click to Call

CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}

-> {HKLM...Wow...CLSID} = Skype Browser Helper

\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]

Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS]

Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS]

AVG Firewall, avgfws, "C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" [AVG Technologies CZ, s.r.o.]

AVG WatchDog, avgwd, "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.]

AVGIDSAgent, AVGIDSAgent, "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [AVG Technologies CZ, s.r.o.]

Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS]

F-Secure Dll Hoster, fshoster, "C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe" -hosterid:0 [F-Secure Corporation]

LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [Hewlett-Packard Company]

Live Updater Service, Live Updater Service, C:\Program Files\Acer\Acer Updater\UpdaterService.exe [Acer Incorporated]

Nalpeiron Licensing Service, ASTSRV, C:\Windows\system32\ASTSRV.EXE [file not found]

NTI Backup Now 5 Agent Service, BUNAgentSvc, "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [NewTech Infosystems, Inc.]

NTI Backup Now 5 Backup Service, NTIBackupSvc, "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe" [NewTech InfoSystems, Inc.]

NTI Backup Now 5 Scheduler Service, NTISchedulerSvc, "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe" [NewTech Infosystems, Inc.]

NTI IScheduleSvc, NTI IScheduleSvc, C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [NTI Corporation]

Protexis Licensing V2, PSI_SVC_2, "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [Protexis Inc.]

ProtexisLicensing, ProtexisLicensing, C:\Windows\SysWOW64\PSIService.exe [null data]

TeamViewer 7, TeamViewer7, C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [TeamViewer GmbH]

TuneUp Thema-uitbreiding, UxTuneUp, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\System32\uxtuneup.dll [TuneUp Software]}

TuneUp Utilities Service, TuneUp.UtilitiesSvc, "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [TuneUp Software]

vToolbarUpdater15.3.0, vToolbarUpdater15.3.0, C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [AVG Secure Search]

Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]

Safe Mode Drivers & Services (subkey name, subkey default value):

-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> MCODS,

<<!>> PEVSystemStart, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> MCODS,

<<!>> PEVSystemStart, Service

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Nel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Nel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ma 12-08-2013 at 7:18:06,14 ======================

[kape]

En geraak je nu terug bij "De Hutsepot" ?