Zoek.exe v5.0.0.0 Updated 31-12-2014 Tool run by luc on do 01/01/2015 at 17:52:29.52. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\luc\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 1/01/2015 17:55:24 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Users\luc\AppData\Local\PackageStaging deleted successfully C:\Users\luc\AppData\Local\VirtualStore deleted successfully C:\Users\luc\AppData\Local\Wisdom-soft deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C8A04F9D-47BE-4971-9E60-27DA7164216D} deleted successfully HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01fd86b4-442e-4287-a818-ab17a0f76bd3} deleted successfully HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CAC6C9E-5A4E-4B6E-94D4-9D28CDA45C0} deleted successfully HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C8A8F22-29B4-4990-937E-7EF8DFB5D7B} deleted successfully HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91C645D4-A8C3-41FC-A32B-4C0FC919512} deleted successfully HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97C27120-44B1-407F-8FEE-EAB5C148EB1A} deleted successfully HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B32B84A-A4D-402F-8396-6C7AAD8D4D1D} deleted successfully HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9f2c6565-6bd8-42d9-bf52-a90e7b05c739} deleted successfully HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACB014FF-F3AA-4DED-8BB7-C448262553} deleted successfully HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9FCC90A-AF4E-42D9-B174-544642C39EB0} deleted successfully HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d9b4e5df-764e-4d48-99db-d826629079ee} deleted successfully HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dabd15b7-9d51-470c-9175-aca080cc80be} deleted successfully HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F97FA51B-C891-4368-9745-F8E4FA992734} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01fd86b4-442e-4287-a818-ab17a0f76bd3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9f2c6565-6bd8-42d9-bf52-a90e7b05c739} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d9b4e5df-764e-4d48-99db-d826629079ee} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dabd15b7-9d51-470c-9175-aca080cc80be} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== 7-Zip 9.20 (x64 edition) Alcor Micro USB Card Reader Driver AMD Catalyst Control Center AMD Catalyst Install Manager BitTorrent Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CDBurnerXP Connection Keeper CyberLink LabelPrint CyberLink Media Suite 10 CyberLink Power2Go 8 CyberLink PowerDVD 12 D3DX10 Energy Star Facebook Full size Profile Pictures File Shredder 2.5 Fotogalerie Galerie de photos GlassWire 1.0 (remove only) Google Chrome Google Drive Hewlett-Packard ACLM.NET v1.2.2.3 HP Connected Music (Meridian - installer) HP Customer Experience Enhancements HP Documentation HP Postscript Converter HP Registration Service HP SimplePass HP Support Information Inst5675 Inst5676 IsoBuster 3.5 KMSpico v10 Beta 2 Malwarebytes Anti-Malware versie 2.0.4.1028 ManyCam 4.1.0 MEGAsync Memory Improve Ultimate Free Version v5.2.1.340 Mendeley Desktop 1.12.4 MetaTrader 5 Microsoft Application Error Reporting Microsoft Office Microsoft OneDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 Nitro Reader 3 Photo Common Photo Gallery PrivaZer Realtek Card Reader Realtek High Definition Audio Driver Recovery Manager Security Task Manager 2.0 SlimCleaner SpeedFan (remove only) TAP-Windows 9.9.2 Ubuntu VirtualCloneDrive VLC media player Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Wisdom-soft ScreenHunter 6.0 Free WPS Office (9.1.0.4759) ==== Running Processes ====================== c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe C:\Program Files (x86)\GlassWire\GWCtlSrv.exe C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\Connection Keeper\conkeepm.exe C:\Users\luc\AppData\Local\MEGAsync\MEGAsync.exe C:\Program Files (x86)\GlassWire\GWIdlMon.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\SpeedFan\speedfan.exe C:\Program Files (x86)\Memory Improve Ultimate\MemoryImproveUltimate.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Users\luc\Desktop\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Facebook Full size Profile Pictures deleted C:\Users\luc\AppData\Local\10997 deleted C:\Users\luc\AppData\Local\15786 deleted C:\Users\luc\AppData\Local\28515 deleted C:\PROGRA~2\764d5413-013b-477d-a280-e960dc252bbd deleted C:\PROGRA~3\Package Cache deleted C:\PROGRA~3\EmailNotifier deleted C:\Users\luc\AppData\Local\Installer deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\windows\SysNative\Tasks\YTAUpdate deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\WINDOWS\SysWOW64\AniGIF.ocx deleted "C:\Users\luc\AppData\Roaming\GLZPLWWC" deleted "C:\WINDOWS\tasks\GLZPLWWC.job" deleted "C:\WINDOWS\SysNative\tasks\GLZPLWWC" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 3533 MB CPU Info: AMD E1-2500 APU with Radeon(TM) HD Graphics CPU Speed: 1405.1 MHz Sound Card: Speakers (Realtek High Definiti | Oortelefoon van hoofdtelefoon ( | Display Adapters: AMD Radeon HD 8240 | AMD Radeon HD 8240 Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: TAP-Windows Adapter V9 | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: hp CDDVDW SH-216DB Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 919.8GB | D: 10.2GB Hard Disks - Free: C: 881.5GB | D: 1.2GB Manufacturer *: AMI BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Hewlett-Packard 2AFE Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 39.0.2171.95 Internet Explorer Version: 11.0.9600.16384 Google Chrome version: 39.0.2171.95 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== 2014-12-23 21:25:11 6D7FDBF9CEAC51A76750FD38CF801F30 3584 ----a-w- C:\WINDOWS\SECOH-QAD.dll 2014-12-23 21:25:11 38DE5B216C33833AF710E88F7F64FC98 4608 ----a-w- C:\WINDOWS\SECOH-QAD.exe ====== C:\Users\luc\AppData\Local\Temp ==== 2015-01-01 16:45:56 7E7EB7AFF595774E5E500B34058CC1A7 192512 ----a-w- C:\Users\luc\AppData\Local\Temp\sfamcc00001.dll 2015-01-01 16:45:56 51151D3AD8DA0DFA0E7A681AA2FF8870 158720 ----a-w- C:\Users\luc\AppData\Local\Temp\sfareca00001.dll 2015-01-01 11:30:03 67E1D8F2BAC8518092A1F24E8A913B80 49152 ----a-w- C:\Users\luc\AppData\Local\Temp\pyl93E9.tmp.exe ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2014-12-24 21:48:47 35F2465DBB7412D6D5430EA91EB2F60D 702968 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-12-24 21:48:47 34BE0A77DA629D316145159207CC29ED 111608 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-24 09:35:03 A4001C78F2806662B3BD91ACB44E6330 45 ----a-w- C:\WINDOWS\SysWOW64\initdebug.nfo 2014-12-24 09:28:29 7EAC336CFB845753DE556D8EEDD8BD58 129536 ----a-w- C:\WINDOWS\SysWOW64\poqexec.exe ====== C:\WINDOWS\SysWOW64\drivers ===== 2014-12-23 17:03:08 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\WINDOWS\SysWOW64\drivers\103C_HP_cPC_100-203eb_Y53316J_0U_Q4CH40402YM_E14WE1RRA604_4A_I2AFE_SHP_V1.00_B80.08_T130925_W8101-0_L413_M3534_J1000_7AMD_8F01_91.40_#140120_N10EC8136_Z_G10029838_Ohp CDDVDW SH-216DB_DPKB00B9_HST1000DM003-1CH162.MRK ====== C:\WINDOWS\Sysnative ===== 2015-01-01 10:26:09 123DE631631A50FA763D58FE2048B266 336144 ----a-w- C:\WINDOWS\Sysnative\FNTCACHE.DAT 2014-12-26 10:05:38 3D733144477CADCF77009EF614413630 90112 ----a-w- C:\WINDOWS\Sysnative\Vestris.ResourceLib.dll 2014-12-24 15:32:10 A6D61CD951FB0057933FD2D2D8CDBC0B 112710672 ----a-w- C:\WINDOWS\Sysnative\MRT.exe 2014-12-24 11:10:09 C09A2537A8E548CE59D1EB7B4EA7EFEF 4370048 ----a-w- C:\WINDOWS\Sysnative\MetaViewer64.dll 2014-12-24 09:28:29 E4A75F7BA48F4281405C782E3DB9F828 146432 ----a-w- C:\WINDOWS\Sysnative\poqexec.exe 2014-12-24 08:44:18 A7B22A0542D02AB67A0A0D3107DD53F0 275080 ------w- C:\WINDOWS\Sysnative\MpSigStub.exe 2014-12-23 17:59:34 C8A7EE156FA0E860CB926C1EE3B6F0DB 29712 ----a-w- C:\WINDOWS\Sysnative\nitrolocalmon2.dll 2014-12-23 17:59:34 0412EBC207990E01E1C6232167749704 17936 ----a-w- C:\WINDOWS\Sysnative\nitrolocalui2.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2015-01-01 11:13:02 B83CDF2BC0C00D80302EBBF93307DBFA 8704 ----a-w- C:\WINDOWS\Sysnative\drivers\gwdrv.cat 2015-01-01 11:13:02 70F6A0F369B8F54E98DECFB44878C451 33296 ----a-w- C:\WINDOWS\Sysnative\drivers\gwdrv.sys 2015-01-01 11:13:02 6E3A145499E3843794171E5122AB870C 3104 ----a-w- C:\WINDOWS\Sysnative\drivers\gwdrv.inf 2014-12-26 07:08:39 2285B31039611D509F6120D691CA661F 27456 ----a-w- C:\WINDOWS\Sysnative\drivers\cpqdfw.sys 2014-12-24 07:44:49 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys 2014-12-24 07:42:36 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys 2014-12-24 07:42:32 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys 2014-12-24 07:42:32 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys 2014-12-23 17:22:12 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_LocationProvider_01_11_00.Wdf 2014-12-23 17:03:08 D41D8CD98F00B204E9800998ECF8427E 0 --sha-r- C:\WINDOWS\Sysnative\drivers\103C_HP_cPC_100-203eb_Y53316J_0U_Q4CH40402YM_E14WE1RRA604_4A_I2AFE_SHP_V1.00_B80.08_T130925_W8101-0_L413_M3534_J1000_7AMD_8F01_91.40_#140120_N10EC8136_Z_G10029838_Ohp CDDVDW SH-216DB_DPKB00B9_HST1000DM003-1CH162.MRK ====== C:\WINDOWS\Tasks ====== 2015-01-01 10:36:44 3D36BF7409398AB6095FDB3874BFF16B 3150 ----a-w- C:\WINDOWS\Sysnative\Tasks\HPCeeScheduleForluc 2015-01-01 10:36:44 13E99B30040C446BC0C5AFB0C2430248 340 ----a-w- C:\WINDOWS\Tasks\HPCeeScheduleForluc.job 2014-12-30 10:01:59 AF3C51C41D5FB1FA6E8DDF5DDF2DD806 3008 ----a-w- C:\WINDOWS\Sysnative\Tasks\SlimCleaner Run 2014-12-29 16:48:03 8F0317326DF5A61EE0B88A1BAD28233C 3090 ----a-w- C:\WINDOWS\Sysnative\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2322693781-2597380507-2506105236-1001 2014-12-29 16:43:07 E87624CFEB7A74F334A4FC1C94C56B62 3232 ----a-w- C:\WINDOWS\Sysnative\Tasks\{456862C8-C35D-483D-BAC8-CC6BE90DE5F1} 2014-12-24 14:55:59 4C873AEE5EC8D2F603F1EBCE0157E3E9 3360 ----a-w- C:\WINDOWS\Sysnative\Tasks\AutoPico Daily Restart 2014-12-23 17:42:18 5C6BFEBBA5D049A8012C621452CC54F8 4038 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA 2014-12-23 17:42:18 2B1AA153B5AA7A4C0D648A0702A5EB17 1066 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-23 17:42:16 6F72682E99C405669AB6E7CC82F956E9 3802 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore 2014-12-23 17:42:16 1B7B7FEBFF91BC1B296FD6E12E4F9F6F 1062 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-23 17:36:27 EC8FAD3BB65197E0B7359A5BA3DDA107 3946 ----a-w- C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{18A61628-12B9-4E1A-B350-6B157EF56A4D} 2014-12-23 17:14:57 623CAFB0D9524508590767643FCF70F6 3598 ----a-w- C:\WINDOWS\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2322693781-2597380507-2506105236-1001 2014-12-23 17:03:49 -------- d-----w- C:\WINDOWS\Sysnative\Tasks\WPD 2014-12-23 16:51:56 E0274DBAE0FB1135CC216098501A83B6 2320 ----a-w- C:\WINDOWS\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2322693781-2597380507-2506105236-500 ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-01-01 10:38:09 -------- d-----w- C:\Program Files\trend micro 2014-12-28 09:36:03 -------- d-----w- C:\Program Files\TAP-Windows 2014-12-24 14:55:43 -------- d-----w- C:\Program Files\KMSpico 2014-12-24 11:09:42 -------- d-----w- C:\Program Files\MetaTrader 5 2014-12-23 22:34:44 -------- d-----w- C:\Program Files\File Shredder 2014-12-23 20:51:01 -------- d-----w- C:\Program Files\VideoLAN 2014-12-23 17:58:13 -------- d-----w- C:\Program Files\Common Files\Nitro ======= C:\PROGRA~2 ===== 2015-01-01 11:12:51 -------- d-----w- C:\PROGRA~2\GlassWire 2015-01-01 11:10:07 -------- d-----w- C:\PROGRA~2\Smart Projects 2014-12-31 08:24:44 -------- d-----w- C:\PROGRA~2\PrivaZer 2014-12-30 10:02:00 -------- d-----w- C:\PROGRA~2\SlimCleaner 2014-12-29 11:47:26 -------- d-----w- C:\PROGRA~2\CDBurnerXP 2014-12-29 10:38:22 -------- d-----w- C:\PROGRA~2\Connection Keeper 2014-12-29 10:38:22 -------- d-----w- C:\PROGRA~2\COMMON~1\System-G 2014-12-25 12:21:47 -------- d-----w- C:\PROGRA~2\Wisdom-soft ScreenHunter 6.0 Free 2014-12-24 09:56:14 -------- d-----w- C:\PROGRA~2\ManyCam 2014-12-24 09:41:13 -------- d-----w- C:\PROGRA~2\Memory Improve Ultimate 2014-12-24 09:35:04 -------- d-----w- C:\PROGRA~2\SpeedFan 2014-12-23 23:00:47 -------- d-----w- C:\PROGRA~2\Elaborate Bytes 2014-12-23 22:04:51 -------- d-----w- C:\PROGRA~2\Mendeley Desktop 2014-12-23 17:58:08 -------- d-----w- C:\PROGRA~2\Nitro 2014-12-23 17:58:07 -------- d-----w- C:\PROGRA~2\COMMON~1\Nitro 2014-12-23 17:42:13 -------- d-----w- C:\PROGRA~2\Google ======= C: ===== 2014-12-23 17:50:33 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Recovery.txt ====== C:\Users\luc\AppData\Roaming ====== 2015-01-01 11:59:53 39D578BEF3715C384006B07B4A27EE5F 763368 ----a-w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2015-01-01 11:13:11 -------- d-----w- C:\Users\luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0 2014-12-31 08:24:51 -------- d-----w- C:\Users\luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer 2014-12-31 08:24:44 -------- d-----w- C:\Users\luc\AppData\Local\PrivaZer 2014-12-30 10:16:33 -------- d-----w- C:\Users\luc\AppData\Roaming\Nitro PDF 2014-12-30 10:02:09 -------- d-----w- C:\Users\luc\AppData\Local\SlimWare Utilities Inc 2014-12-29 11:47:32 -------- d-----w- C:\Users\luc\AppData\Roaming\Canneverbe Limited 2014-12-29 10:38:42 -------- d-----w- C:\Users\luc\AppData\Roaming\Gammadyne 2014-12-29 10:38:30 -------- d-----w- C:\Users\luc\AppData\Roaming\System-G 2014-12-28 09:29:06 -------- d-----w- C:\Users\luc\AppData\Roaming\BitTorrent 2014-12-27 10:10:59 -------- d-----w- C:\Users\luc\AppData\Local\Mega Limited 2014-12-27 10:10:56 -------- d-----w- C:\Users\luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync 2014-12-27 10:10:51 -------- d-----w- C:\Users\luc\AppData\Local\MEGAsync 2014-12-25 09:43:34 -------- d-----w- C:\Users\luc\AppData\Local\ElevatedDiagnostics 2014-12-24 11:09:37 -------- d-----w- C:\Users\luc\AppData\Roaming\MetaQuotes 2014-12-24 10:28:52 -------- d-----w- C:\Users\luc\AppData\Roaming\ADrive 2014-12-24 10:28:13 -------- d-----w- C:\Users\luc\AppData\Local\ADrive 2014-12-24 10:12:39 -------- d-----w- C:\Users\luc\AppData\Roaming\Nitro 2014-12-24 10:12:39 -------- d-----w- C:\Users\luc\AppData\Roaming\FileOpen 2014-12-24 09:57:28 -------- d-----w- C:\Users\luc\AppData\Local\ManyCam 2014-12-24 09:57:04 -------- d-----w- C:\Users\luc\AppData\Roaming\ManyCam 2014-12-24 07:41:55 -------- d-----w- C:\Users\luc\AppData\Local\Hewlett-Packard 2014-12-23 22:52:03 -------- d-----w- C:\Users\luc\AppData\Roaming\CyberLink 2014-12-23 22:05:30 -------- d-----w- C:\Users\luc\AppData\Local\Mendeley Ltd 2014-12-23 20:56:50 -------- d-----w- C:\Users\luc\AppData\Roaming\vlc 2014-12-23 19:58:59 -------- d-----w- C:\Users\luc\AppData\Local\Programs 2014-12-23 19:16:42 -------- d-----w- C:\Users\luc\AppData\Local\Kingsoft 2014-12-23 19:16:37 -------- d-----w- C:\Users\luc\AppData\Roaming\kingsoft 2014-12-23 18:18:00 5173E7B0A8F3024A996E78A0A5C15114 396 ---h--r- C:\Users\luc\AppData\Roaming\_fwwin32bk-3DEF-8688.cfg 2014-12-23 18:17:09 -------- d-----w- C:\Users\luc\AppData\Roaming\Lifestyle Toolbox 2014-12-23 18:17:03 -------- d-----w- C:\Users\luc\AppData\Local\Lifestyle_Toolbox 2014-12-23 18:03:13 -------- d-----w- C:\Users\luc\AppData\Local\GlassWire 2014-12-23 17:57:03 -------- d-s---w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Locallow\Microsoft 2014-12-23 17:54:44 -------- d-----w- C:\Users\luc\AppData\Roaming\Downloaded Installations 2014-12-23 17:41:57 -------- d-----w- C:\Users\luc\AppData\Local\Google 2014-12-23 17:37:57 -------- d-----w- C:\Users\luc\AppData\Local\Diagnostics 2014-12-23 17:15:02 -------- d-----w- C:\Users\luc\AppData\Roaming\Hewlett-Packard 2014-12-23 17:11:44 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\PnrpSqm 2014-12-23 17:05:54 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking 2014-12-23 17:05:06 -------- d-s---w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Locallow\Microsoft 2014-12-23 17:04:07 -------- d-----w- C:\Users\luc\AppData\Roaming\ATI 2014-12-23 17:04:07 -------- d-----w- C:\Users\luc\AppData\Local\ATI 2014-12-23 17:03:30 -------- d-----w- C:\Users\luc\AppData\Local\Power2Go8 2014-12-23 17:03:19 -------- d-----w- C:\Users\luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-12-23 17:03:19 -------- d-----w- C:\Users\luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-12-23 17:03:17 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft 2014-12-23 17:03:12 -------- d-----w- C:\Users\luc\AppData\Roaming\Adobe 2014-12-23 17:03:00 -------- d-----w- C:\Users\luc\AppData\Local\Packages 2014-12-23 17:02:41 -------- d-s---w- C:\Users\luc\AppData\Locallow\Microsoft 2014-12-23 17:02:40 -------- d-s---w- C:\Users\luc\AppData\Roaming\Microsoft 2014-12-23 17:02:40 -------- d-----w- C:\Users\luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-23 17:02:40 -------- d-----w- C:\Users\luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-12-23 17:02:40 -------- d-----w- C:\Users\luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-23 17:02:40 -------- d-----w- C:\Users\luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-12-23 17:02:40 -------- d-----w- C:\Users\luc\AppData\Local\Temp 2014-12-23 17:02:40 -------- d-----w- C:\Users\luc\AppData\Local\Microsoft ====== C:\Users\luc ====== 2015-01-01 11:10:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster 2015-01-01 11:07:34 EA588B70CB4FF2405DDF5F9F92873FAA 4085456 ----a-w- C:\Users\luc\Downloads\isobuster_install.exe 2015-01-01 10:37:06 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\luc\Downloads\RSITx64.exe 2014-12-31 08:24:44 -------- d-----w- C:\ProgramData\privazer 2014-12-31 08:24:05 3C4B945A177E3E9229D70E4297D88A44 7242376 ----a-w- C:\Users\luc\Downloads\privazer_free.exe 2014-12-31 08:21:49 8F802C0B42A8868A28755DFDD3685E30 1529520 ----a-w- C:\Users\luc\Downloads\shellbag_analyzer_cleaner.exe 2014-12-30 10:02:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner 2014-12-30 10:01:57 -------- d-----w- C:\Users\Public\Documents\Downloaded Installers 2014-12-30 10:01:43 80C6023214D7B9B9F51C17BC9404FB97 801088 ----a-w- C:\Users\luc\Downloads\SlimCleaner-setup.exe 2014-12-30 09:45:51 -------- d---a-r- C:\Users\luc\SkyDrive 2014-12-29 16:50:02 072376C5BB7C4A636721D4482FD5D2ED 7137440 ----a-w- C:\Users\luc\Downloads\OneDriveSetup.exe 2014-12-29 16:48:03 -------- d-----r- C:\Users\luc\OneDrive 2014-12-29 16:47:35 -------- d-----w- C:\ProgramData\Microsoft OneDrive 2014-12-29 11:47:38 -------- d-----w- C:\ProgramData\Canneverbe Limited 2014-12-29 11:46:05 A47A07B4E6CBCB214ECC87D5683DC29C 5641056 ----a-w- C:\Users\luc\Downloads\cdbxp_setup_4.5.4.5306.exe 2014-12-29 10:38:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gammadyne 2014-12-29 10:37:48 C79F7FB140EC5A4FB4C415E8347DD8BD 6718576 ----a-w- C:\Users\luc\Downloads\Setup Connection Keeper 14.1.exe 2014-12-28 09:36:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2014-12-28 09:28:39 55E0B31AE73681FF764A39A792415556 1691224 ----a-w- C:\Users\luc\Downloads\BitTorrent.exe 2014-12-27 10:09:51 ADC7C95D154D1BE54200FF3184A023C7 8360152 ----a-w- C:\Users\luc\Downloads\MEGAsyncSetup.exe 2014-12-26 07:06:35 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} 2014-12-25 12:21:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free 2014-12-25 12:17:43 -------- d-----w- C:\ProgramData\Office Genuine Advantage 2014-12-25 12:17:30 064AE4BA960EBB9F6E9AF3D83CC14DFC 1607032 ----a-w- C:\Users\luc\Downloads\MGADiag.exe 2014-12-25 11:50:30 C816AEE2C3B88E1135C14FD31B9938BF 69416 ----a-w- C:\Users\luc\Downloads\WGARemover.exe 2014-12-25 10:19:24 AC0EACB6CC1A4FE43BD634BD2ABAB38A 19330383 ----a-w- C:\Users\luc\Downloads\yodot-file-recovery.exe 2014-12-24 23:25:35 84C198B321B8FD994864C3247179363E 4831232 ----a-w- C:\Users\luc\Downloads\unetbootin-windows-608.exe 2014-12-24 14:55:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico 2014-12-24 14:19:06 C254F3ECEB9B1AC795BA6B25DE008EBA 1707646 ----a-w- C:\Users\luc\Downloads\JRT.exe 2014-12-24 14:02:36 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Users\luc\Downloads\adwcleaner_4.106.exe 2014-12-24 11:10:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 5 2014-12-24 11:09:10 013547D72FC07BB5DE7ABFA0B7D7A09D 505864 ----a-w- C:\Users\luc\Downloads\mt5setup.exe 2014-12-24 10:12:39 -------- d-----w- C:\ProgramData\FileOpen 2014-12-24 09:59:02 0762E980A9F23B59F312AAA52AFCA234 217904 ----a-w- C:\Users\luc\Downloads\ManyCamWebInstaller.exe 2014-12-24 09:56:15 -------- d-----w- C:\ProgramData\ManyCam 2014-12-24 09:35:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-12-24 09:34:49 BE4CB65CA589721F90EC9C0BD8F913F9 2174848 ----a-w- C:\Users\luc\Downloads\instsf450.exe 2014-12-23 23:00:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2014-12-23 22:35:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder 2014-12-23 22:33:59 38DEBB1FFD53D8C1C00A972D2C5E6676 2317839 ----a-w- C:\Users\luc\Downloads\file_shredder_setup.exe 2014-12-23 22:03:52 EDCEFCB80EDA82A33D590B8C6289F3EA 22521632 ----a-w- C:\Users\luc\Downloads\Mendeley-Desktop-1.12.4-win32.exe 2014-12-23 20:53:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-12-23 20:49:35 D390890BC4D52986AC867F8B4BD75782 25611537 ----a-w- C:\Users\luc\Downloads\vlc-2.1.5-win64.exe 2014-12-23 20:46:16 B0EF411AAC61053BE35E40FA6EC1FADA 5806407 ----a-w- C:\Users\luc\Downloads\FSViewerSetup53.exe 2014-12-23 20:07:36 -------- d-----w- C:\ProgramData\Microsoft Toolkit 2014-12-23 18:48:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-12-23 18:02:03 -------- d-----w- C:\ProgramData\GlassWire 2014-12-23 17:58:07 -------- d-----w- C:\ProgramData\Nitro 2014-12-23 17:45:36 -------- d-----r- C:\Users\luc\Google Drive 2014-12-23 17:43:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-12-23 17:03:19 -------- d-----r- C:\Users\luc\Searches 2014-12-23 17:03:18 -------- d-----r- C:\Users\luc\Contacts 2014-12-23 17:02:40 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\luc\ntuser.ini 2014-12-23 17:02:40 -------- d--h--w- C:\Users\luc\AppData 2014-12-23 17:02:40 -------- d-----r- C:\Users\luc\Documents 2014-12-23 17:02:40 -------- d-----r- C:\Users\luc\Desktop 2014-12-23 17:02:39 -------- d-----r- C:\Users\luc\Videos 2014-12-23 17:02:39 -------- d-----r- C:\Users\luc\Saved Games 2014-12-23 17:02:39 -------- d-----r- C:\Users\luc\Pictures 2014-12-23 17:02:39 -------- d-----r- C:\Users\luc\Music 2014-12-23 17:02:39 -------- d-----r- C:\Users\luc\Links 2014-12-23 17:02:39 -------- d-----r- C:\Users\luc\Favorites 2014-12-23 17:02:39 -------- d-----r- C:\Users\luc\Downloads 2014-12-23 16:58:07 -------- d--h--r- C:\Users\Public\AccountPictures ====== C: exe-files == 2015-01-01 11:30:30 B31731EA6CDBEBE1D02F8193DB420886 2551408 ----a-w- C:\ubuntu\uninstall-wubi.exe 2015-01-01 11:30:03 67E1D8F2BAC8518092A1F24E8A913B80 49152 ----a-w- C:\Users\luc\AppData\Local\Temp\pyl93E9.tmp.exe 2015-01-01 11:13:11 F0413CD82F94F818552027CAE2C2A59D 151682 ----a-w- C:\Program Files (x86)\GlassWire\uninstall.exe 2015-01-01 11:10:08 FD0580AB42550532DE60BDA945ADF98B 6625888 ----a-w- C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster.exe 2015-01-01 11:10:07 68FF498A0982131DC7F5A57C880E125F 1282656 ----a-w- C:\Program Files (x86)\Smart Projects\IsoBuster\Uninst\unins000.exe 2015-01-01 11:07:34 EA588B70CB4FF2405DDF5F9F92873FAA 4085456 ----a-w- C:\Users\luc\Downloads\isobuster_install.exe 2015-01-01 10:38:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\luc.exe 2015-01-01 10:37:06 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\luc\Downloads\RSITx64.exe 2014-12-31 08:24:49 79256E440D13F53F766F6B317A88694E 431752 ----a-w- C:\Program Files (x86)\PrivaZer\patch.exe 2014-12-31 08:24:49 3D091F64953B1CFE1917F227B917DD5A 854664 ----a-w- C:\Program Files (x86)\PrivaZer\privazer_start.exe 2014-12-31 08:24:44 D6B3DB0646ADF3A305C06C976440AEC4 13644424 ----a-w- C:\Program Files (x86)\PrivaZer\PrivaZer.exe 2014-12-31 08:24:05 3C4B945A177E3E9229D70E4297D88A44 7242376 ----a-w- C:\Users\luc\Downloads\privazer_free.exe 2014-12-31 08:21:49 8F802C0B42A8868A28755DFDD3685E30 1529520 ----a-w- C:\Users\luc\Downloads\shellbag_analyzer_cleaner.exe 2014-12-30 10:01:43 80C6023214D7B9B9F51C17BC9404FB97 801088 ----a-w- C:\Users\luc\Downloads\SlimCleaner-setup.exe 2014-12-29 16:50:02 0EC83E2DA29365048CBEB9A9A963BDFA 277672 ----a-w- C:\Users\luc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe 2014-12-29 16:50:02 072376C5BB7C4A636721D4482FD5D2ED 7137440 ----a-w- C:\Users\luc\Downloads\OneDriveSetup.exe 2014-12-29 16:50:02 072376C5BB7C4A636721D4482FD5D2ED 7137440 ----a-w- C:\Users\luc\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_1\OneDriveSetup.exe 2014-12-29 16:49:41 B0FBFCFA0105B45A3436AECC7D69A246 81576 ----a-w- C:\Users\luc\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918_1\SkyDriveConfig.exe 2014-12-29 16:48:03 072376C5BB7C4A636721D4482FD5D2ED 7137440 ----a-w- C:\Users\luc\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\OneDriveSetup.exe 2014-12-29 16:47:44 B0FBFCFA0105B45A3436AECC7D69A246 81576 ----a-w- C:\Users\luc\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveConfig.exe 2014-12-29 11:47:30 D6AE27758B5006B2A49B58A4FF442DB7 24392 ----a-w- C:\Program Files (x86)\CDBurnerXP\updater.exe 2014-12-29 11:47:30 AD71B733AF543D8A6C544FC289EBA063 25928 ----a-w- C:\Program Files (x86)\CDBurnerXP\cdbxpcmd.exe 2014-12-29 11:47:30 19DDBFD028622D8A306FD5AF18ED0BC5 1744712 ----a-w- C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe 2014-12-29 11:47:26 4EAD7B2EAD302A0124A49481A4AF6FC5 1581847 ----a-w- C:\Program Files (x86)\CDBurnerXP\unins000.exe 2014-12-29 11:46:05 A47A07B4E6CBCB214ECC87D5683DC29C 5641056 ----a-w- C:\Users\luc\Downloads\cdbxp_setup_4.5.4.5306.exe 2014-12-29 10:38:32 C79F7FB140EC5A4FB4C415E8347DD8BD 6718576 ----a-w- C:\Program Files (x86)\Connection Keeper\Uninstall.EXE 2014-12-29 10:37:48 C79F7FB140EC5A4FB4C415E8347DD8BD 6718576 ----a-w- C:\Users\luc\Downloads\Setup Connection Keeper 14.1.exe 2014-12-28 09:36:11 946D1AE94B07B8772CF96E6C7575B847 83823 ----a-w- C:\Program Files\TAP-Windows\Uninstall.exe 2014-12-28 09:29:56 55E0B31AE73681FF764A39A792415556 1691224 ----a-w- C:\Users\luc\AppData\Roaming\BitTorrent\updates\7.9.2_37596.exe 2014-12-28 09:29:47 55E0B31AE73681FF764A39A792415556 1691224 ----a-w- C:\Users\luc\AppData\Roaming\BitTorrent\BitTorrent.exe 2014-12-28 09:28:39 55E0B31AE73681FF764A39A792415556 1691224 ----a-w- C:\Users\luc\Downloads\BitTorrent.exe 2014-12-27 10:12:48 1A8F0D2A26678E2D553AE8E54DD48C6B 4147712 ----a-w- C:\Users\luc\AppData\Local\MEGAsync\MEGAsync.exe 2014-12-27 10:09:51 ADC7C95D154D1BE54200FF3184A023C7 8360152 ----a-w- C:\Users\luc\Downloads\MEGAsyncSetup.exe 2014-12-26 10:05:50 245824502AEFE21B01E42F61955AA7F4 30208 ----a-w- C:\Program Files\KMSpico\UninsHs.exe 2014-12-26 10:05:38 F160FC560E04D2E7397CC4851D0F754B 1086144 ----a-w- C:\Program Files\KMSpico\KMSELDI.exe 2014-12-26 10:05:37 57EC146BDA1835A3A4F967797F9E18A1 964800 ----a-w- C:\Program Files\KMSpico\AutoPico.exe 2014-12-26 10:05:36 30C7E8E918403B9247315249A8842CE5 731809 ----a-w- C:\Program Files\KMSpico\unins000.exe 2014-12-26 10:05:36 05230AFDEEB13718E926FD654DE63F12 225448 ----a-w- C:\Program Files\KMSpico\driver\tap-windows-9.21.0.exe 2014-12-26 08:50:40 FDF73721F1867FCCF2662EAD5FD70782 1791784 ----a-w- C:\Program Files (x86)\GlassWire\GWIdlMon.exe 2014-12-26 08:50:40 BCC290BD7043C82ADEB060AB22797DCF 10387752 ----a-w- C:\Program Files (x86)\GlassWire\GlassWire.exe 2014-12-26 08:50:40 AD22916D1154A6B5E8975A4E644C2778 58152 ----a-w- C:\Program Files (x86)\GlassWire\GWUnlock.exe 2014-12-26 08:50:34 B995217A4FF103D584CD6D2D452C332E 6296872 ----a-w- C:\Program Files (x86)\GlassWire\GWCtlSrv.exe 2014-12-26 07:08:51 8725ED11EF032D408C109DF0816D33BA 123192 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\Tools\UninstallHPSA.exe 2014-12-26 07:05:45 4541335F712FBB52BA6A9FB593F77E76 74808 ----a-w- C:\ProgramData\Hewlett-Packard\HPHelpUpdater.exe 2014-12-26 07:05:44 8725ED11EF032D408C109DF0816D33BA 123192 ----a-w- C:\ProgramData\Hewlett-Packard\UninstallHPSA.exe 2014-12-26 07:05:44 7A79D02EDC9EB290F5BBD681D276A5E0 31616 ----a-w- C:\ProgramData\Hewlett-Packard\Resource.exe === C: other files == 2015-01-01 16:43:06 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\luc\AppData\Local\Temp\_MEI42242\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2015-01-01 16:43:05 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\luc\AppData\Local\Temp\_MEI42242\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2015-01-01 11:13:02 70F6A0F369B8F54E98DECFB44878C451 33296 ----a-w- C:\Windows\System32\drivers\gwdrv.sys 2015-01-01 10:27:34 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\luc\AppData\Local\Temp\_MEI46322\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx 2015-01-01 10:27:27 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\luc\AppData\Local\Temp\_MEI46322\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx 2014-12-31 08:25:19 729BDEC7BE981001B078D57164FD97E8 301 ----a-w- C:\Users\luc\AppData\Local\PrivaZer\data_patch.tmp.doc.zip 2014-12-30 11:32:05 74DE650D98E69936BCCECCC5236EC38F 22442 ----a-w- C:\Users\luc\Downloads\drv_list.zip 2014-12-29 16:38:09 6086C0ACBC75C67F93491536CE17BE52 6080170 ----a-w- C:\Users\luc\Downloads\Install_Win8_8.1_8036_11242014.zip 2014-12-28 09:36:04 CDA0AC43715EF6CCF616B2E5D84B6F28 198 ----a-w- C:\Program Files\TAP-Windows\bin\deltapall.bat 2014-12-28 09:36:04 71EABB0EC38A482A7A78781A756A4063 165 ----a-w- C:\Program Files\TAP-Windows\bin\addtap.bat 2014-12-26 07:08:39 2285B31039611D509F6120D691CA661F 27456 ----a-w- C:\Windows\System32\drivers\cpqdfw.sys 2014-12-26 07:05:42 C8A9B21B203188163732BBABA8EB2CC1 435 ----a-w- C:\ProgramData\Hewlett-Packard\temp.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2322693781-2597380507-2506105236-1001\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Memory Improve Ultimate"="C:\Program Files (x86)\Memory Improve Ultimate\MemoryImproveUltimate.exe /autorun" "GlassWire"="C:\Program Files (x86)\GlassWire\glasswire.exe -hide" "GoogleChromeAutoLaunch_7E8F81EE8F61577A086FD06A0D72DD8A"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" "VirtualCloneDrive"="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe /s" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Memory Improve Ultimate"="C:\Program Files (x86)\Memory Improve Ultimate\MemoryImproveUltimate.exe /autorun" "GlassWire"="C:\Program Files (x86)\GlassWire\glasswire.exe -hide" "GoogleChromeAutoLaunch_7E8F81EE8F61577A086FD06A0D72DD8A"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SimplePass"="C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui" "OPBHOBroker"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe" "OPBHOBrokerDesktop"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe" ==== Startup Folders ====================== 2014-12-29 10:39:39 1951 ----a-w- C:\Users\luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Connection Keeper.lnk 2014-12-27 10:11:43 1075 ----a-w- C:\Users\luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/12/2014 18:42] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/12/2014 18:42] C:\WINDOWS\tasks\HPCeeScheduleForluc.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [14/09/2010 07:15] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\WINDOWS\SysNative\tasks\CLVDLauncher" [c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCeeScheduleForluc" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\WINDOWS\SysNative\tasks\SlimCleaner Run" ["C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{18A61628-12B9-4E1A-B350-6B157EF56A4D}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] ==== Chromium Look ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] Google Slides - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo selector is not a valid CSS selector - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Hide My Ass Web Proxy - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd Google Search - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf PanicButton - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm Google Sheets - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Bookmarks Menu - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi Google Drive App Launcher - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh AdRemover for Google Chrome™ - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb Chrome Speak - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgpmlgbbboameedkldbfbhoigbabcbhk Google Wallet - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Evernote Web Clipper - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc Gmail - luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\luc\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.ixquick.com/ned/", "startup_urls": [ "http://www.ixquick.com/ned/" ], ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-29906-12136-18/4" ==== Reset Google Chrome ====================== C:\Users\luc\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\luc\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Memory Improve Ultimate] C:\Program Files (x86)\Memory Improve Ultimate\MemoryImproveUltimate.exe /autorun O4 - HKCU\..\Run: [GlassWire] "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_7E8F81EE8F61577A086FD06A0D72DD8A] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - Startup: Connection Keeper.lnk = C:\Program Files (x86)\Connection Keeper\conkeepm.exe O4 - Startup: MEGAsync.lnk = luc\AppData\Local\MEGAsync\MEGAsync.exe O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing) O23 - Service: HP SimplePass Cachedrv Service (Cachedrv server) - Unknown owner - C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: GlassWire Control Service (GlassWire) - SecureMix LLC - C:\Program Files (x86)\GlassWire\GWCtlSrv.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe O23 - Service: HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} GoogleDriveSync = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [Google] CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Ltd] Memory Improve Ultimate = C:\Program Files (x86)\Memory Improve Ultimate\MemoryImproveUltimate.exe /autorun [WindowsCare Technology Inc.] GlassWire = "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide [SecureMix LLC] GoogleChromeAutoLaunch_7E8F81EE8F61577A086FD06A0D72DD8A = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [Google Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} SimplePass = C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui [Hewlett-Packard] OPBHOBroker = C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [Hewlett-Packard] OPBHOBrokerDesktop = C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [Hewlett-Packard] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} StartCCC = "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.] VirtualCloneDrive = "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [Elaborate Bytes AG] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\(Default) = HP Network Check Helper -> {HKLM...CLSID} = HP Network Check Helper \InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [Hewlett-Packard] -> {HKLM...Wow...CLSID} = HP Network Check Helper \InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [Hewlett-Packard] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}\(Default) = HP Network Check Helper -> {HKLM...CLSID} = HP Network Check Helper \InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [Hewlett-Packard] -> {HKLM...Wow...CLSID} = HP Network Check Helper \InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [Hewlett-Packard] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ###MegaShellExtPending\(Default) = {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -> {HKLM...CLSID} = ###MegaShellExtPending \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX64.dll [null data] ###MegaShellExtSynced\(Default) = {05B38830-F4E9-4329-978B-1DD28605D202} -> {HKLM...CLSID} = ###MegaShellExtSynced \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX64.dll [null data] ###MegaShellExtSyncing\(Default) = {0596C850-7BDD-4C9D-AFDF-873BE6890637} -> {HKLM...CLSID} = ###MegaShellExtSyncing \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX64.dll [null data] GDriveBlacklistedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSharedEditOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSharedViewOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSyncedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSyncingOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] StorageProviderError\(Default) = {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} -> {HKLM...CLSID} = Sync root make available online verb \InProcServer32\(Default) = C:\Windows\System32\shell32.dll [MS] StorageProviderSyncing\(Default) = {0A30F902-8398-4ee8-86F7-4CFB589F04D1} -> {HKLM...CLSID} = Sync root make available online verb \InProcServer32\(Default) = C:\Windows\System32\shell32.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ ###MegaShellExtPending\(Default) = {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -> {HKLM...Wow...CLSID} = ###MegaShellExtPending \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX32.dll [null data] ###MegaShellExtSynced\(Default) = {05B38830-F4E9-4329-978B-1DD28605D202} -> {HKLM...Wow...CLSID} = ###MegaShellExtSynced \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX32.dll [null data] ###MegaShellExtSyncing\(Default) = {0596C850-7BDD-4C9D-AFDF-873BE6890637} -> {HKLM...Wow...CLSID} = ###MegaShellExtSyncing \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX32.dll [null data] StorageProviderError\(Default) = {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} -> {HKLM...Wow...CLSID} = Sync root make available online verb \InProcServer32\(Default) = C:\Windows\SysWOW64\shell32.dll [MS] StorageProviderSyncing\(Default) = {0A30F902-8398-4ee8-86F7-4CFB589F04D1} -> {HKLM...Wow...CLSID} = Sync root make available online verb \InProcServer32\(Default) = C:\Windows\SysWOW64\shell32.dll [MS] HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} = PrivaZer -> {HKLM...CLSID} = PrivaZer Context Menu \InProcServer32\(Default) = C:\PROGRA~2\PrivaZer\PrivaMenu5.dll [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension -> {HKLM...CLSID} = DisplayCplExt Class \InProcServer32\(Default) = c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.] {5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.] {5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1} = NSE_WithSubFld -> {HKLM...CLSID} = NSE_WithSubFld \InProcServer32\(Default) = C:\Program Files (x86)\Hewlett-Packard\Recovery\Protect.dll [null data] {23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] {736AF091-C361-49B4-A928-87C586130D33} = DeleteFiles -> {HKLM...CLSID} = Delete Files \InProcServer32\(Default) = C:\PROGRA~1\FILESH~1\fsshell.dll [null data] {B7056B8E-4F99-44f8-8CBD-282390FE5428} = VirtualCloneDrive -> {HKLM...CLSID} = VirtualCloneDrive Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [Elaborate Bytes AG] {05B38830-F4E9-4329-978B-1DD28605D202} = ###MegaShellExtSynced -> {HKLM...CLSID} = ###MegaShellExtSynced \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX64.dll [null data] {056D528D-CE28-4194-9BA3-BA2E9197FF8C} = ###MegaShellExtPending -> {HKLM...CLSID} = ###MegaShellExtPending \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX64.dll [null data] {0596C850-7BDD-4C9D-AFDF-873BE6890637} = ###MegaShellExtSyncing -> {HKLM...CLSID} = ###MegaShellExtSyncing \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX64.dll [null data] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {05B38830-F4E9-4329-978B-1DD28605D202} = ###MegaShellExtSynced -> {HKLM...Wow...CLSID} = ###MegaShellExtSynced \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX32.dll [null data] {056D528D-CE28-4194-9BA3-BA2E9197FF8C} = ###MegaShellExtPending -> {HKLM...Wow...CLSID} = ###MegaShellExtPending \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX32.dll [null data] {0596C850-7BDD-4C9D-AFDF-873BE6890637} = ###MegaShellExtSyncing -> {HKLM...Wow...CLSID} = ###MegaShellExtSyncing \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX32.dll [null data] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <> ("" [file not found]) Security Packages = "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\ {F3F1B0FA-4775-41d8-8578-436772D93FB4}\(Default) = OmniPassCredProv -> {HKLM...CLSID} = OmniPassCredProv \InProcServer32\(Default) = C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [Softex Inc..] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {1ee7337f-85ac-45e2-a23c-37c753209769}\(Default) = Smartcard WinRT Provider -> {HKLM...CLSID} = Smartcard WinRT Provider \InProcServer32\(Default) = C:\WINDOWS\system32\SmartcardCredentialProvider.dll [MS] {F3F1B0FA-4775-41d8-8578-436772D93FB4}\(Default) = OmniPassCredProv -> {HKLM...CLSID} = OmniPassCredProv \InProcServer32\(Default) = C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [Softex Inc..] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ ###MegaContextMenuExt\(Default) = {0229E5E7-09E9-45CF-9228-0228EC7D5F17} -> {HKLM...CLSID} = ###MegaContextMenuExt \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX64.dll [null data] -> {HKLM...Wow...CLSID} = ###MegaContextMenuExt \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX32.dll [null data] 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] CLVDShellExt\(Default) = {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [Cyberlink] GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6} -> {HKLM...CLSID} = GDContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google] PrivaZer\(Default) = {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} -> {HKLM...CLSID} = PrivaZer Context Menu \InProcServer32\(Default) = C:\PROGRA~2\PrivaZer\PrivaMenu5.dll [null data] SlimShellExt\(Default) = {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} -> {HKLM...CLSID} = SlimShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [Slimware Utilities, Inc.] VirtualCloneDrive\(Default) = {B7056B8E-4F99-44f8-8CBD-282390FE5428} -> {HKLM...CLSID} = VirtualCloneDrive Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [Elaborate Bytes AG] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ DeleteFiles\(Default) = {736AF091-C361-49B4-A928-87C586130D33} -> {HKLM...CLSID} = Delete Files \InProcServer32\(Default) = C:\PROGRA~1\FILESH~1\fsshell.dll [null data] PrivaZer\(Default) = {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} -> {HKLM...CLSID} = PrivaZer Context Menu \InProcServer32\(Default) = C:\PROGRA~2\PrivaZer\PrivaMenu5.dll [null data] SlimShellExt\(Default) = {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} -> {HKLM...CLSID} = SlimShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [Slimware Utilities, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ ###MegaContextMenuExt\(Default) = {0229E5E7-09E9-45CF-9228-0228EC7D5F17} -> {HKLM...CLSID} = ###MegaContextMenuExt \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX64.dll [null data] -> {HKLM...Wow...CLSID} = ###MegaContextMenuExt \InProcServer32\(Default) = C:\Users\luc\AppData\Local\MEGAsync\ShellExtX32.dll [null data] 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6} -> {HKLM...CLSID} = GDContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google] PrivaZer\(Default) = {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} -> {HKLM...CLSID} = PrivaZer Context Menu \InProcServer32\(Default) = C:\PROGRA~2\PrivaZer\PrivaMenu5.dll [null data] SlimShellExt\(Default) = {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} -> {HKLM...CLSID} = SlimShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [Slimware Utilities, Inc.] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000} -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.] WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} -> {HKLM...CLSID} = Work Folders Context Menu Handler \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ PrivaZer\(Default) = {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} -> {HKLM...CLSID} = PrivaZer Context Menu \InProcServer32\(Default) = C:\PROGRA~2\PrivaZer\PrivaMenu5.dll [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} DisableTaskMgr = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ EnableCursorSuppression = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\WINDOWS\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ CDBurnerXP\ Provider = CDBurnerXP InvokeProgID = CDBurnerXPOpen InvokeVerb = open HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = "C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe" /od "%1" [null data] CyberLink Media Suite10HandleCDBurningOnArrival\ Provider = Media Suite 10 InvokeProgID = BlankCD InvokeVerb = PlayWithCyberLink Media Suite10 HKLM\SOFTWARE\Classes\BlankCD\shell\PlayWithCyberLink Media Suite10\Command\(Default) = "c:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10HandleDVDBurningOnArrival\ Provider = Media Suite 10 InvokeProgID = BlankDVD InvokeVerb = PlayWithCyberLink Media Suite10 HKLM\SOFTWARE\Classes\BlankDVD\shell\PlayWithCyberLink Media Suite10\Command\(Default) = "c:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10MixedContentOnArrival\ Provider = Media Suite 10 InvokeProgID = MixedContent InvokeVerb = PlayWithCyberLink Media Suite10 HKLM\SOFTWARE\Classes\MixedContent\shell\PlayWithCyberLink Media Suite10\Command\(Default) = "c:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10PlayMusicFilesOnArrival\ Provider = Media Suite 10 InvokeProgID = MusicFiles InvokeVerb = PlayWithCyberLink Media Suite10 HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithCyberLink Media Suite10\Command\(Default) = "c:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10PlayVideoFilesOnArrival\ Provider = Media Suite 10 InvokeProgID = VideoFiles InvokeVerb = PlayWithCyberLink Media Suite10 HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithCyberLink Media Suite10\Command\(Default) = "c:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.] CyberLink Media Suite10ShowPicturesOnArrival\ Provider = Media Suite 10 InvokeProgID = Picture InvokeVerb = PlayWithCyberLink Media Suite10 HKLM\SOFTWARE\Classes\Picture\shell\PlayWithCyberLink Media Suite10\Command\(Default) = "c:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.] MSFhConfigBackup\ Provider = @C:\WINDOWS\system32\fhautoplay.dll,-100 InvokeProgID = FHConfig.AutoPlayHandler InvokeVerb = config HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPromptEachTime\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTime HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSPromptEachTimeNoContent\ Provider = @C:\WINDOWS\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTimeNoContent HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] Power2Go8.0HandleBDBurningOnArrival\ Provider = Power2Go 8 InvokeProgID = BlankBD InvokeVerb = PlayWithPower2Go8.0 HKLM\SOFTWARE\Classes\BlankBD\shell\PlayWithPower2Go8.0\Command\(Default) = "c:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe" "%L" [CyberLink Corp.] Power2Go8.0HandleCDBurningOnArrival\ Provider = Power2Go 8 InvokeProgID = BlankDVD InvokeVerb = PlayWithPower2Go8.0 HKLM\SOFTWARE\Classes\BlankDVD\shell\PlayWithPower2Go8.0\Command\(Default) = "c:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe" "%L" [CyberLink Corp.] Power2Go8.0PlayCDAudioOnArrival\ Provider = Power2Go 8 InvokeProgID = AudioCD InvokeVerb = PlayWithPower2Go8.0 HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go8.0\Command\(Default) = "c:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe" /AudioRipper "%L" [CyberLink Corp.] PowerDVD12.0MixedContentOnArrival\ Provider = PowerDVD 12 InvokeProgID = MixedContent InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\MixedContent\shell\PlayWithPowerDVD12.0\Command\(Default) = "c:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" LOCALAUTOPLAY MIXCONTENT "%L" [CyberLink Corp.] PowerDVD12.0PlayCDAudioOnArrival\ Provider = PowerDVD 12 InvokeProgID = AudioCD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "c:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY CD "%L" [CyberLink Corp.] PowerDVD12.0PlayDVDMovieOnArrival\ Provider = PowerDVD 12 InvokeProgID = EnDVD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\EnDVD\shell\PlayWithPowerDVD12.0\Command\(Default) = "c:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY DVD "%L" [CyberLink Corp.] PowerDVD12.0PlayMusicFilesOnArrival\ Provider = PowerDVD 12 InvokeProgID = MusicFiles InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\MusicFiles\shell\PlayWithPowerDVD12.0\Command\(Default) = "c:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" LOCALAUTOPLAY AUDIO "%L" [CyberLink Corp.] PowerDVD12.0PlaySuperVideoCDMovieOnArrival\ Provider = PowerDVD 12 InvokeProgID = SVCD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "c:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY VCD "%L" [CyberLink Corp.] PowerDVD12.0PlayVideoCDMovieOnArrival\ Provider = PowerDVD 12 InvokeProgID = VCD InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD12.0\Command\(Default) = "c:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" AUTOPLAY VCD "%L" [CyberLink Corp.] PowerDVD12.0PlayVideoFilesOnArrival\ Provider = PowerDVD 12 InvokeProgID = VideoFiles InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\VideoFiles\shell\PlayWithPowerDVD12.0\Command\(Default) = "c:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" LOCALAUTOPLAY VIDEO "%L" [CyberLink Corp.] PowerDVD12.0ShowPicturesOnArrival\ Provider = PowerDVD 12 InvokeProgID = Picture InvokeVerb = PlayWithPowerDVD12.0 HKLM\SOFTWARE\Classes\Picture\shell\PlayWithPowerDVD12.0\Command\(Default) = "c:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe" LOCALAUTOPLAY PHOTO "%L" [CyberLink Corp.] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] Startup items in "luc" & "All Users" startup folders: ----------------------------------------------------- C:\Users\luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} Connection Keeper -> shortcut to: C:\Program Files (x86)\Connection Keeper\conkeepm.exe [Gammadyne Corporation] MEGAsync -> shortcut to: C:\Users\luc\AppData\Local\MEGAsync\MEGAsync.exe [Mega Limited] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks AutoPico Daily Restart -> launches: "C:\Program Files\KMSpico\AutoPico.exe" /silent [null data] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] CLMLSvc_P2G8 -> (HIDDEN!) launches: c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [CyberLink] CLVDLauncher -> (HIDDEN!) launches: c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [CyberLink Corp.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] HPCeeScheduleForluc -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForluc (null) [null data] Microsoft OneDrive Auto Update Task-S-1-5-21-2322693781-2597380507-2506105236-1001 -> launches: %localappdata%\Microsoft\SkyDrive\SkyDrive.exe [MS] Optimize Start Menu Cache Files-S-1-5-21-1042574177-205660189-2733560804-500 -> launches: {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\twinapi.dll [MS] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\SysWOW64\twinapi.dll [MS] Optimize Start Menu Cache Files-S-1-5-21-2322693781-2597380507-2506105236-1001 -> launches: {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\twinapi.dll [MS] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\SysWOW64\twinapi.dll [MS] Optimize Start Menu Cache Files-S-1-5-21-2322693781-2597380507-2506105236-500 -> launches: {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\twinapi.dll [MS] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\SysWOW64\twinapi.dll [MS] Optimize Start Menu Cache Files-S-1-5-21-3605641489-1874772759-1519610130-500 -> launches: {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\twinapi.dll [MS] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\SysWOW64\twinapi.dll [MS] SlimCleaner Run -> launches: "C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe" $(Arg0) [SlimWare Utilities, Inc.] User_Feed_Synchronization-{18A61628-12B9-4E1A-B350-6B157EF56A4D} -> (HIDDEN!) launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS] {456862C8-C35D-483D-BAC8-CC6BE90DE5F1} -> launches: C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\7-Zip\7zFM.exe" -d C:\Users\luc\Downloads -c "C:\Users\luc\Downloads\Install_Win8_8.1_8036_11242014.zip" [MS] C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant HP Support Assistant Quick Start -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart [null data] PC Health Analysis -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis [null data] Update Check -> launches: C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe /s /p 1 [null data] WarrantyChecker -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [null data] WarrantyChecker_DeviceScan -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 [null data] C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework .NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] .NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\AppID SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666} -> {HKLM...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS] -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\apprepsync.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent /increment [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1} -> {HKLM...CLSID} = Proactive Scan \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66} -> {HKLM...CLSID} = BthSQM \InProcServer32\(Default) = C:\WINDOWS\System32\BthSQM.dll [MS] Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\kernelceip.dll [MS] Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\WINDOWS\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F} -> {HKLM...CLSID} = Data Integrity Scan \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888} -> {HKLM...CLSID} = DsmRefreshTask Class \InProcServer32\(Default) = C:\WINDOWS\System32\DeviceSetupManagerAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic Microsoft-Windows-DiskDiagnosticDataCollector -> (HIDDEN!) launches: %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART [MS] C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A} -> {HKLM...CLSID} = FhTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\fhtask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\WINDOWS\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\MemoryDiagnostic.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\WINDOWS\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3} -> {HKLM...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS] -> {HKLM...Wow...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371} -> {HKLM...CLSID} = PerfTrack TaskHandler class \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PI Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209} -> {HKLM...CLSID} = Device Installation Group Policy Task Handler \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS] Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b} -> {HKLM...CLSID} = Device Installation Reboot Dialog Task \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS] Plug and Play Cleanup -> launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF} -> {HKLM...CLSID} = Plug and Play Maintenance Task \InProcServer32\(Default) = C:\Windows\System32\pnpclean.dll [MS] Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\energytask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\WINDOWS\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\WINDOWS\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RecoveryEnvironment VerifyWinRE -> (HIDDEN!) launches: {89d1d0c2-a3cf-490c-abe3-b86cde34b047} -> {HKLM...CLSID} = ReAgentTaskHandler \InProcServer32\(Default) = C:\WINDOWS\System32\ReAgentTask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\WINDOWS\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools MRT_HB -> launches: C:\WINDOWS\system32\MRT.exe /EHB /Q [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Servicing StartComponentCleanup -> launches: 752073A1-23F2-4396-85F0-8FDB879ED0ED [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} -> {HKLM...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] BackupTask -> (HIDDEN!) launches: {60A4C78C-E2B8-4E6E-876F-DA203B02C05E} -> {HKLM...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Backup Upload Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20} -> {HKLM...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] -> {HKLM...Wow...CLSID} = Network State Change Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\SettingSyncCore.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43} -> {HKLM...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\WINDOWS\system32\shell32.dll [MS] FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS] FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA} -> {HKLM...CLSID} = FamilySafety.WebSync \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS] IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\WINDOWS\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SkyDrive Idle Sync Maintenance Task -> launches: {bf6c1e47-86ec-4194-9ce5-13c15dcb2001} [InProcServer32 entry not found] Routine Maintenance Task -> launches: {1b1f472e-3221-4826-97db-2c2324d389ae} [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC} -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\WINDOWS\System32\sppcext.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\WINDOWS\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler Idle Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8} -> {HKLM...CLSID} = Maintenance Configurator \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\WINDOWS\system32\msched.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\WINDOWS\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9} -> {HKLM...CLSID} = Time Synchronization Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TimeSyncTask.dll [MS] SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone SynchronizeTimeZone -> launches: %windir%\system32\tzsync.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TPM Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\WINDOWS\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\WINDOWS\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender Windows Defender Cache Maintenance -> launches: C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance [MS] Windows Defender Cleanup -> launches: C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup [MS] Windows Defender Scheduled Scan -> launches: C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob [MS] Windows Defender Verification -> launches: C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate Scheduled Start -> launches: C:\WINDOWS\system32\sc.exe start wuauserv [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\WINDOWS\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders Work Folders Logon Synchronization -> launches: {97d47d56-3777-49fb-8e8f-90d7e30e1a1e} -> {HKLM...CLSID} = Work Folder Logon Trigger Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] Work Folders Maintenance Work -> launches: {63260bce-a3fb-4a34-aa51-d4d8e877b62b} -> {HKLM...CLSID} = Work Folder Maintenance Task Class \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WS Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC} -> {HKLM...CLSID} = WinStore Tile Badge Updater \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS] License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS] Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E} -> {HKLM...CLSID} = WinStore License Sync task \InProcServer32\(Default) = C:\WINDOWS\winstore\WinStoreUI.dll [MS] WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS] WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\WINDOWS\System32\WSService.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-2322693781-2597380507-2506105236-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {25510184-5A38-4A99-B273-DCA8EEF6CD08}\ ButtonText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 MenuText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 Exec = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [null data] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {25510184-5A38-4A99-B273-DCA8EEF6CD08}\ ButtonText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 MenuText = @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 Exec = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ HP SimplePass Cachedrv Service, Cachedrv server, "C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe" [Softex Inc.] HP SimplePass Service, omniserv, C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [Softex Inc.] AMD External Events Utility, AMD External Events Utility, C:\WINDOWS\system32\atiesrxx.exe [AMD] CyberLink PowerDVD 12 Media Server Monitor Service, CyberLink PowerDVD 12 Media Server Monitor Service, "c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe" [CyberLink] CyberLink PowerDVD 12 Media Server Service, CyberLink PowerDVD 12 Media Server Service, "c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" [CyberLink] GlassWire Control Service, GlassWire, "C:\Program Files (x86)\GlassWire\GWCtlSrv.exe" [SecureMix LLC] HP Support Assistant Service, HP Support Assistant Service, "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [null data] Hulpservice voor toepassingshost, AppHostSvc, C:\WINDOWS\system32\svchost.exe -k apphost {C:\WINDOWS\system32\inetsrv\apphostsvc.dll [MS]} Network Connection Broker, NcbService, C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\WINDOWS\System32\ncbservice.dll [MS]} NitroPDFReaderDriverCreatorReadSpool3, NitroReaderDriverReadSpool3, "C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe" [Nitro PDF Software] Realtek Audio Service, RtkAudioService, C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [Realtek Semiconductor] Service KMSELDI, Service KMSELDI, C:\Program Files\KMSpico\Service_KMS.exe [null data] Windows Defender Network Inspection Service, WdNisSvc, "C:\Program Files\Windows Defender\NisSrv.exe" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> MCODS, <> mcpltsvc, (title not found) <> SystemEventsBroker, Service <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> MCODS, <> mcpltsvc, (title not found) <> SystemEventsBroker, Service <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ HP Universal Port Monitor\Driver = hpbprtmon.dll [Hewlett-Packard] Nitro PDF Port Monitor\Driver = nitrolocalmon2.dll [Nitro PDF Software] ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\luc\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\luc\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\luc\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\luc\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\luc\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=48 folders=41 32976589 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\luc\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\luc\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 01/01/2015 at 18:27:31.30 ======================