Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Acer on ma 22/06/2015 at 9:15:52,91. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Acer\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 22/06/2015 9:21:19 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Activation deleted successfully C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\Hitman Pro deleted successfully C:\Users\Acer\AppData\Roaming\Lite deleted successfully C:\Users\Acer\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Acer\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Acer\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0C84E047-B963-4B80-9605-CEF10CF3C17E} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{0C84E047-B963-4B80-9605-CEF10CF3C17E} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{029ADA02-E124-428F-BF6B-C8A634AC3D2E} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{029ADA02-E124-428F-BF6B-C8A634AC3D2E} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0576A0ED-B81A-48C6-958A-28070EAD3E63} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0576A0ED-B81A-48C6-958A-28070EAD3E63} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{087AD99A-50AD-4AF8-AFD3-8D3146298F60} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{087AD99A-50AD-4AF8-AFD3-8D3146298F60} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{132B1D00-DC38-4B6C-9C90-809D1FE4C984} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{132B1D00-DC38-4B6C-9C90-809D1FE4C984} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15E70077-D5F1-4140-889F-EDE69D1D5D1E} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15E70077-D5F1-4140-889F-EDE69D1D5D1E} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16540BDE-1782-4249-BA1D-E526D734D07B} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16540BDE-1782-4249-BA1D-E526D734D07B} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{167F77DF-9139-47B0-9B5D-5BB58A583F81} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{167F77DF-9139-47B0-9B5D-5BB58A583F81} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{261937DC-F330-4E20-AA28-D8694442BEEE} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{261937DC-F330-4E20-AA28-D8694442BEEE} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26721059-C3DA-4408-BC0A-F8F70AB101F7} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26721059-C3DA-4408-BC0A-F8F70AB101F7} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A979BCE-CBAD-493D-8DF9-D3D48B1F721F} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A979BCE-CBAD-493D-8DF9-D3D48B1F721F} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F007FFC-50E5-4571-B93A-971226A71252} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F007FFC-50E5-4571-B93A-971226A71252} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37441734-1A25-4D24-9DDB-3E15C2F24BC1} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37441734-1A25-4D24-9DDB-3E15C2F24BC1} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380CE2A1-15C1-4561-A629-798D84BCB7CB} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380CE2A1-15C1-4561-A629-798D84BCB7CB} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A69A82A-504E-42BE-9512-72509844ADD8} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A69A82A-504E-42BE-9512-72509844ADD8} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E1FD2CF-AF24-4D0E-A83B-61CB7F3715CA} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E1FD2CF-AF24-4D0E-A83B-61CB7F3715CA} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F8A0E8A-B75C-4F29-8979-5974559077B7} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F8A0E8A-B75C-4F29-8979-5974559077B7} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4312EBFA-A331-492B-97AE-CACE8890C228} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4312EBFA-A331-492B-97AE-CACE8890C228} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C083E3C-8973-4525-8437-1348459734E2} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C083E3C-8973-4525-8437-1348459734E2} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FCF3D70-9A0E-44F0-BC94-A09C614C8980} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FCF3D70-9A0E-44F0-BC94-A09C614C8980} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CBB6BC5-2311-481C-BCB0-4C620A8D8D51} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CBB6BC5-2311-481C-BCB0-4C620A8D8D51} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E4DAB3F-D14E-4094-99C3-8FB83442BA82} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E4DAB3F-D14E-4094-99C3-8FB83442BA82} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603E666D-90EC-4F7D-B297-6CD2EF6B7A61} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603E666D-90EC-4F7D-B297-6CD2EF6B7A61} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{625850FA-81C0-46B2-8B22-8EF6D33E6031} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{625850FA-81C0-46B2-8B22-8EF6D33E6031} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64510041-3537-4A99-BBA1-9967128440D3} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64510041-3537-4A99-BBA1-9967128440D3} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65D9B9DE-9669-4B22-8931-F7C2F03CECFF} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65D9B9DE-9669-4B22-8931-F7C2F03CECFF} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AAB492E-B7CF-4A00-BA51-CBA4C7D06C37} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AAB492E-B7CF-4A00-BA51-CBA4C7D06C37} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C4015FA-D933-4E52-AF96-EF71CAAC79D5} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C4015FA-D933-4E52-AF96-EF71CAAC79D5} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73839D3C-598D-4A53-9DD6-C13880C8A741} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73839D3C-598D-4A53-9DD6-C13880C8A741} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{739BB59D-BE2D-4FF7-BB0D-84F33AB89EF5} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{739BB59D-BE2D-4FF7-BB0D-84F33AB89EF5} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7674A8C7-78FB-4D83-AE87-2957A0742A73} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7674A8C7-78FB-4D83-AE87-2957A0742A73} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C36271A-3EF8-4304-B969-97FA7BC235F5} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C36271A-3EF8-4304-B969-97FA7BC235F5} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{823E28F7-5658-4C7B-B79F-BA97D3516ED1} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{823E28F7-5658-4C7B-B79F-BA97D3516ED1} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83B35211-5082-4777-9A78-C06F934489ED} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83B35211-5082-4777-9A78-C06F934489ED} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{871AD361-B416-4D55-B607-ABC202F3EBBD} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{871AD361-B416-4D55-B607-ABC202F3EBBD} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{884DCD7B-AA36-4029-9E49-2C42E11CF220} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{884DCD7B-AA36-4029-9E49-2C42E11CF220} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B7D6E80-FD40-43C0-BC9F-8626B030E693} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B7D6E80-FD40-43C0-BC9F-8626B030E693} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C25FAAB-4E26-4BF4-92ED-8E6BC592AF14} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C25FAAB-4E26-4BF4-92ED-8E6BC592AF14} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E42FF8E-6816-42E4-95DF-24DA29E9D27D} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E42FF8E-6816-42E4-95DF-24DA29E9D27D} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{965D299E-2A9D-46E5-80E3-D76A01F486F5} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{965D299E-2A9D-46E5-80E3-D76A01F486F5} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99868346-0623-48AA-A9F8-5371A8739175} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99868346-0623-48AA-A9F8-5371A8739175} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B45E4CD-B897-4DF5-BF1A-C470C34D5F31} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B45E4CD-B897-4DF5-BF1A-C470C34D5F31} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F3BD305-353E-4B6D-A00C-D69002AEE4BF} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F3BD305-353E-4B6D-A00C-D69002AEE4BF} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FC21038-9A84-41DB-819A-54D633DA508C} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FC21038-9A84-41DB-819A-54D633DA508C} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A33916DF-F539-41E5-87C2-01B8696107FE} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A33916DF-F539-41E5-87C2-01B8696107FE} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A94C9D6B-0BEB-427B-B2BE-8B645AE5B9AD} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A94C9D6B-0BEB-427B-B2BE-8B645AE5B9AD} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEE33BE8-8976-4681-A898-95541BE13EBC} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEE33BE8-8976-4681-A898-95541BE13EBC} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B21B9474-6664-470A-AF12-6A19337173E8} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B21B9474-6664-470A-AF12-6A19337173E8} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B729D7D6-1E77-486A-AA5D-AB79897FF6C5} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B729D7D6-1E77-486A-AA5D-AB79897FF6C5} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B89C6484-31C9-4D94-9F55-E48090ADD8C9} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B89C6484-31C9-4D94-9F55-E48090ADD8C9} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC181E64-350F-4B22-9758-432B730B8708} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC181E64-350F-4B22-9758-432B730B8708} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0F6DCE1-D1DA-4DA7-BB89-93F9B36416EE} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0F6DCE1-D1DA-4DA7-BB89-93F9B36416EE} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3A8D74C-16F1-45ED-9615-4C98BCC659C6} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3A8D74C-16F1-45ED-9615-4C98BCC659C6} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C84B9CFF-C76C-45FA-B434-073016E49961} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C84B9CFF-C76C-45FA-B434-073016E49961} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA5C9C46-0C59-4F7A-8731-40D88284697C} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA5C9C46-0C59-4F7A-8731-40D88284697C} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF5B92FC-947A-42EE-B043-CC21724ACFFB} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF5B92FC-947A-42EE-B043-CC21724ACFFB} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D25CA3BF-27E5-4804-AA59-465F53ACC4AE} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D25CA3BF-27E5-4804-AA59-465F53ACC4AE} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D66A806A-1BA5-4AF0-929C-B14B80A324A9} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D66A806A-1BA5-4AF0-929C-B14B80A324A9} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB02D7F2-3264-43F8-BABB-627C3076423C} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB02D7F2-3264-43F8-BABB-627C3076423C} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E376F684-7DE1-424D-8825-A650799C598C} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E376F684-7DE1-424D-8825-A650799C598C} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E782FD91-76FB-4FFF-80E9-21DDF6C4794F} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E782FD91-76FB-4FFF-80E9-21DDF6C4794F} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECA23364-B084-49A5-8AD0-205FBDEDEBE3} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECA23364-B084-49A5-8AD0-205FBDEDEBE3} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F001F33C-D21E-4FA5-A3CF-B662067ED34A} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F001F33C-D21E-4FA5-A3CF-B662067ED34A} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F209FAE3-C025-4DC0-9A3D-027B5BEECEAC} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F209FAE3-C025-4DC0-9A3D-027B5BEECEAC} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2B9F70E-F338-4860-9B70-0BDA1A37E1C3} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2B9F70E-F338-4860-9B70-0BDA1A37E1C3} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F517CFA6-7BFE-4BD1-9823-66BBC1C7F770} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F517CFA6-7BFE-4BD1-9823-66BBC1C7F770} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F57F6715-4B5B-47A2-916D-F8C6C0D833A2} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F57F6715-4B5B-47A2-916D-F8C6C0D833A2} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6579E7F-D8C0-433E-9348-395F7B568931} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6579E7F-D8C0-433E-9348-395F7B568931} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F75FA9C6-1F31-4CBD-AF56-D962673E7448} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F75FA9C6-1F31-4CBD-AF56-D962673E7448} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7957E53-5AB1-4304-9003-47E31D93D7F0} deleted successfully HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7957E53-5AB1-4304-9003-47E31D93D7F0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0C84E047-B963-4B80-9605-CEF10CF3C17E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0C84E047-B963-4B80-9605-CEF10CF3C17E} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\Acer\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\syswow64\wwahost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Activation not found C:\PROGRA~2\AGEIA Technologies not found C:\Users\Acer\AppData\Roaming\Enigma Software Group not found C:\Program Files\Enigma Software Group not found "C:\windows\SysNative\drivers\EsgScanner.sys" not found C:\Users\Acer\AppData\Roaming\calibre deleted C:\Users\Acer\AppData\Roaming\CDisplayEx deleted C:\PROGRA~3\SPL85AF.tmp deleted C:\Users\Acer\AppData\Local\Software deleted C:\Users\Acer\AppData\Local\cache deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\machine deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted "C:\windows\Installer\35f04.msi" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 8011 MB CPU Info: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz CPU Speed: 2629,4 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | NVIDIA GeForce 710M Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR5BWB222 Wireless Network Adapter | Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) CD / DVD Drives: 1x (D: | ) D: MATSHITADVD-RAM UJ8E1 Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 2 Button Mouse Present Hard Disks: C: 676,5GB Hard Disks - Free: C: 587,6GB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | | ACRSYS - 1 Time Zone: West-Europa (standaardtijd) Motherboard *: Acer VA70_HC Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: McAfee Antivirus en antispyware On-access scanning disabled (Outdated) Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: McAfee Antivirus en antispyware disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Firewall: McAfee Firewall disabled Internet Explorer Version: 10.0.9200.17357 Google Chrome version: 43.0.2357.124 Adobe Reader version: 11.0.11.18 Sun Java version: 1.8.0_25 (32-bit) Sun Java version: 1.8.0_25 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Acer\AppData\Local\Temp ==== 2015-06-14 15:02:54 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw3124_27589\plugins\NPSWF32_14_0_0_179.dll 2015-06-13 07:20:29 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw3488_28927\plugins\NPSWF32_14_0_0_179.dll 2015-06-13 07:20:14 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw3488_28927\node_modules\is-reaction\reaction.dll 2015-06-13 07:20:12 DFE1F436ABC75EBA638A363FA8E5032D 421376 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw3488_28927\node_modules\goldengate\build\Release\goldengate.dll 2015-06-13 07:20:10 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw3488_28927\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-06-12 11:47:58 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw8928_13633\plugins\NPSWF32_14_0_0_179.dll 2015-06-12 11:47:40 DFE1F436ABC75EBA638A363FA8E5032D 421376 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw8928_13633\node_modules\goldengate\build\Release\goldengate.dll 2015-06-12 11:47:40 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw8928_13633\node_modules\gameo_utils\build\Release\gameo_utils.dll 2015-06-12 11:47:40 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw8928_13633\node_modules\is-reaction\reaction.dll 2015-06-11 11:36:05 9EE20E6E2E3F94714D44F739B9A228F4 17048240 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw7400_30080\plugins\NPSWF32_14_0_0_179.dll 2015-06-11 11:35:42 43F8EEB04CBBF8791B74A851EE250525 491520 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw7400_30080\node_modules\is-reaction\reaction.dll 2015-06-11 11:35:41 DFE1F436ABC75EBA638A363FA8E5032D 421376 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw7400_30080\node_modules\goldengate\build\Release\goldengate.dll 2015-06-11 11:35:39 CDA956C83B7D59D1A886C4155C8D2F57 90112 ----a-w- C:\Users\Acer\AppData\Local\Temp\nw7400_30080\node_modules\gameo_utils\build\Release\gameo_utils.dll ====== Java Cache ===== 2015-05-24 09:11:39 97B93BBBB813910CB8BFC80753E88AFF 533 ----a-w- C:\Users\Acer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2550737a-200ad4df ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== ====== C:\Windows\Tasks ====== 2015-06-19 20:06:50 F49E485849CF074A2F2495D2F7C5A884 3204 ----a-w- C:\Windows\Sysnative\Tasks\{98984EAB-9B0F-4EE4-8054-8259B7A49268} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-06-21 18:30:18 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== 2015-06-14 20:05:47 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Acer\AppData\Roaming ====== 2015-06-07 10:51:06 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\Google ====== C:\Users\Acer ====== 2015-06-21 18:48:59 1A6501B45306B3F5A125FAACE18C5FDE 2244096 ----a-w- C:\Users\Acer\Desktop\adwcleaner_4.207.exe 2015-06-21 18:30:03 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Acer\Downloads\RSITx64.exe 2015-06-14 20:05:28 -------- d-----w- C:\Users\Acer\Start Menu 2015-06-14 20:04:09 B9FF555660A02DC4D3EAFF58357BE02A 3109248 ----a-w- C:\Users\Acer\Downloads\SpyHunter-Installer.exe 2015-06-14 19:50:55 D848F66D99F9008CE10D3FBC0E325F8E 6480192 ----a-w- C:\Users\Acer\Downloads\HitmanPro35A.exe 2015-06-14 18:45:47 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol 2015-06-14 18:40:11 D56605A4F5CE2DBEBA1540304827B394 2231296 ----a-w- C:\Users\Acer\Downloads\adwcleaner_4.206.exe 2015-06-01 15:47:47 A2D9FB33E4CE9A88C226F2393AAB1190 24 ----a-w- C:\Users\Acer\random.dat 2015-06-01 15:47:47 5A6F148F0BDA138F5EACFE1825D02059 43 ----a-w- C:\Users\Acer\jagex_cl_runescape_LIVE.dat 2015-06-01 15:47:43 6B2E133F603DAE22EF1771FCBED87B32 23 ----a-w- C:\Users\Acer\jagexappletviewer.preferences 2015-06-01 15:47:09 -------- d-----w- C:\Users\Acer\jagexcache ====== C: exe-files == 2015-06-22 07:15:04 E9E4799FAFA68F6894B7C34B0765D0D1 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-405472204-892392093-2721154632-1002\$IX36ZAI.exe 2015-06-21 18:46:05 F68A5507E37C1FC1C17F6B1A6BFF582E 1308672 ----a-w- C:\$Recycle.Bin\S-1-5-21-405472204-892392093-2721154632-1002\$RX36ZAI.exe 2015-06-21 18:30:19 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Acer.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" "Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background" "StartMenuX"="C:\Program Files\Start Menu X\StartMenuX.exe" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_USERS\S-1-5-21-405472204-892392093-2721154632-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" "Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background" "StartMenuX"="C:\Program Files\Start Menu X\StartMenuX.exe" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" "mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey" "dldfmon.exe"="C:\Program Files (x86) (x86)\Dell AIO Printer 948\dldfmon.exe" "MemoryCardManager"="C:\Program Files (x86) (x86)\Dell AIO Printer 948\memcard.exe" "Dell AIO Printer 948"="C:\Program Files (x86)\Dell AIO Printer 948\fm3032.exe /s" "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"="C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE RunWithWindows" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" "Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background" "StartMenuX"="C:\Program Files\Start Menu X\StartMenuX.exe" "TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\windows\\syswow64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "RtHDVBg_Dolby"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 " "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "dldfmon.exe"="C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe" "MemoryCardManager"="C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" ==== Startup Folders ====================== 2013-10-05 19:30:48 1270 ----a-w- C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/09/2013 14:47] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\ALU" [C:\Program Files (x86)\Acer\Live Updater\updater.exe] "C:\Windows\SysNative\tasks\ALUAgent" [C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe] "C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe] "C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe] "C:\Windows\SysNative\tasks\Dolby Selector" [C:\Dolby PCEE4\pcee4.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\iuBrowserIEAgent" ["C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe"] "C:\Windows\SysNative\tasks\iuEmailOutlookAgent" ["C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe"] "C:\Windows\SysNative\tasks\Power Management" ["C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\Windows\SysNative\tasks\Recovery Management\Notification" [C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Acer\AppData\Roaming\TomTom\HOME\Profiles\w0oqe8rt.default - Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com - TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be ==== Firefox Plugins ====================== ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fheoggkfdfchfphceeifdbepaooicaho - No path found[] Google Wallet - Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Preferences kbggdmjlpgkdkcbjmhmfcdpncadgh":"5CB9959F9FA90B37842836300BB0492BFC18D632CA2AA3E3B6515851BDFCED6A"}},"google":{"services":{"last_username":"E1588781A5B30B52FDBBC0246075225BDD997BA51A0B183FC4D4456662793C26","username":"62E20AC5A8D33070BF3D591DCE0C1B990CDB167C8112249032F0BC478BA8CABE"}},"homepage":"B215D86A9A1CCE210A5A74C8E01032816ED5F38CD3FD9465098E8ACDAD81E316","homepage_is_newtabpage":"717D14263B50C801059F416850CDA7FBE7B11AE014965BA956174206BC3DEFE9","pinned_tabs":"638B026E3E4F0A1615B77815F45075EB727F5BC36F7EF09781E29602C6524528","prefs":{"preference_reset_time":"8162B495AA11965117DE1492964A3FF362F83C73E053A38E91703B7C4A1456A2"},"profile":{"reset_prompt_memento":"BE8AFD147534B3A11C26203AE2596142CEBFA35DFF712FB286CC2FB45D8F78FA"},"safebrowsing":{"incidents_sent":"E879E5DF12F6C6F3B760E122FE49FA60820A09B33812D678E2135A5804EF8C0D"},"search_provider_overrides":"08BCF17A14CFF63BE6000C8054931338B1BD540EA852DEE94F7932418782A761","session":{"restore_on_startup":"9DA972C791D452102D8490CC694AA43630C241B084404B721FCE7B9A321AD7EB","startup_urls":"2CA9C3DD1066596FF17577F262ECEFFB18D4D86AA967A6D43D3D0F94358A529B"},"software_reporter":{"prompt_reason":"400BBD3DE8D628ECDC9B1E3A6AF7E6244D9E2C135576A17EC8D389F64B354D34","prompt_seed":"11DDEB77CCBA3314D5EB2B5CE3F6DA8E54E06C09718E53455F0F902EF3D5892F","prompt_version":"5FCD32F746F87D4D7C2BD0A301664FC12D46F4433C4DC63CB743D1786A106318"},"sync":{"remaining_rollback_tries":"2380D6713FF05320BDE150D9466CE22791430639279ECDE9102B20A36FEFD3C1"}},"super_mac":"602D258818CFBAE448C38791BD829927A875EAB4EDAA4CB23EE64A33CE1F6A4F"},"session":{"restore_on_startup":5,"startup_urls":["https://www.google.be/"]}} ==== Chromium Fix ====================== C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.extcontent00.extcontent.com_0.localstorage-journal deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopper.deals-way.com_0.localstorage deleted successfully C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopper.deals-way.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully ==== HijackThis Entries ====================== R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files (x86) (x86)\Dell AIO Printer 948\dldfmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files (x86) (x86)\Dell AIO Printer 948\memcard.exe" O4 - HKLM\..\Run: [Dell AIO Printer 948] "C:\Program Files (x86)\Dell AIO Printer 948\fm3032.exe" /s O4 - HKLM\..\Run: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE" RunWithWindows O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [MyDriveConnect.exe] "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background O4 - HKCU\..\Run: [StartMenuX] C:\Program Files\Start Menu X\StartMenuX.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dldfserv.exe O23 - Service: dldf_device - - C:\Windows\system32\dldfcoms.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe O23 - Service: McAfee OOBE Service (McOobeSv) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Application Statistics Service (MfeASUM) - McAfee, Inc. - C:\Program Files\McAfee\AppStats\MfeASUM.exe O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Spotify Web Helper = "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" [null data] OfficeSyncProcess = "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [MS] MyDriveConnect.exe = "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe" [TomTom] Sony PC Companion = "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background [Sony] StartMenuX = C:\Program Files\Start Menu X\StartMenuX.exe [OrdinarySoft] TomTomHOME.exe = "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [TomTom] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" [Qualcomm Atheros Commnucations] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation] HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation] Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation] ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor] RtHDVBg_Dolby = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [Realtek Semiconductor] BCSSync = "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS] dldfmon.exe = "C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe" [null data] MemoryCardManager = "C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe" [empty string] iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} mcui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [McAfee, Inc.] LManager = (empty string) [file not found] Norton Online Backup = C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [Symantec Corporation] mcpltui_exe = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [McAfee, Inc.] dldfmon.exe = "C:\Program Files (x86) (x86)\Dell AIO Printer 948\dldfmon.exe" [null data] MemoryCardManager = "C:\Program Files (x86) (x86)\Dell AIO Printer 948\memcard.exe" [empty string] Dell AIO Printer 948 = "C:\Program Files (x86)\Dell AIO Printer 948\fm3032.exe" /s [empty string] "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE" = "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE" RunWithWindows [D-Link Corporation] APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] beid = "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup [file not found] QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.] SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}\(Default) = IESpeakDoc -> {HKLM...CLSID} = CIESpeechBHO Class \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [Qualcomm Atheros Commnucations] {B164E929-A1B6-4A06-B104-2CD0E90A88FF}\(Default) = (no title provided) -> {HKLM...CLSID} = McAfee SiteAdvisor BHO \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.] -> {HKLM...Wow...CLSID} = McAfee SiteAdvisor BHO \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] -> {HKLM...Wow...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [Oracle Corporation] {B164E929-A1B6-4A06-B104-2CD0E90A88FF}\(Default) = (no title provided) -> {HKLM...CLSID} = McAfee SiteAdvisor BHO \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.] -> {HKLM...Wow...CLSID} = McAfee SiteAdvisor BHO \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] -> {HKLM...Wow...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...Wow...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...Wow...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...Wow...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS] SkyDrivePro1 (ErrorConflict)\(Default) = {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] SkyDrivePro2 (SyncInProgress)\(Default) = {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] SkyDrivePro3 (InSync)\(Default) = {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} = NvAppShExt extension -> {HKLM...CLSID} = NvAppShExt Class \InProcServer32\(Default) = C:\Windows\system32\nv3dappshext.dll [NVIDIA Corporation] {E97DEC16-A50D-49bb-AE24-CF682282E08D} = OpenGLShExt extension -> {HKLM...CLSID} = OpenGLShExt Class \InProcServer32\(Default) = C:\Windows\system32\nv3dappshext.dll [NVIDIA Corporation] {0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = ELAN Control Panel -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.] {B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension -> {HKLM...CLSID} = AppShellPage Class \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [Qualcomm Atheros Commnucations] {C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu -> {HKLM...CLSID} = ContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtContextMenu.dll [Qualcomm Atheros Commnucations] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...CLSID} = Werkruimten \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\VISSHE.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM...CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] {B28AA736-876B-46DA-B3A8-84C5E30BA492} = Web Sites -> {HKLM...CLSID} = Web Sites \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\WXPNSE.DLL [MS] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM...CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...Wow...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...Wow...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...Wow...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...Wow...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext -> {HKLM...Wow...CLSID} = Ondernemingsprojecten \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\OLKFSTUB.DLL [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...Wow...CLSID} = Werkruimten \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\msoshext.dll [MS] {EF7605D6-C512-4F90-827B-5DE32DAB94F7} = CDISPSHELL Extension -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\PROGRA~2\CDISPL~1\CDISPS~1.DLL [CDisplayEx] {8BA85C75-763B-4103-94EB-9470F12FE0F7} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] {CD55129A-B1A1-438E-A425-CEBC7DC684EE} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Icon Overlay 3 (InSync) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} = Microsoft SkyDrive Pro Browser Helper -> {HKLM...Wow...CLSID} = Microsoft SkyDrive Pro Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [MS] {DB19096C-5365-4164-A246-59FEFF9D8062} = Nameext -> {HKLM...Wow...CLSID} = Enterprise Projects \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office15\NAMEEXT.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\ <> AppInit_DLLs = c:\windows\syswow64\nvinit.dll [NVIDIA Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\ {ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider -> {HKLM...CLSID} = AthCredentialProvider \InProcServer32\(Default) = AthCredentialProvider.dll [Qualcomm Atheros Commnucations] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider -> {HKLM...CLSID} = AthCredentialProvider \InProcServer32\(Default) = AthCredentialProvider.dll [Qualcomm Atheros Commnucations] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> application/x-mfe-ipt\CLSID = {3EF5086B-5478-4598-A054-786C45D75692} -> {HKLM...CLSID} = McInternetProtocolRoot Class \InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL [McAfee, Inc.] <> text/xml\CLSID = {807583E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> dssrequest\CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5} -> {HKLM...CLSID} = McAfee SACore Protocol Handler \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.] <> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} -> {HKLM...CLSID} = HxProtocol Class \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS] <> osf\CLSID = {D924BDC6-C83A-4BD5-90D0-095128A113D1} -> {HKLM...CLSID} = Protocol Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [MS] <> sacore\CLSID = {5513F07E-936B-4E52-9B00-067394E91CC5} -> {HKLM...CLSID} = McAfee SACore Protocol Handler \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F} -> {HKLM...CLSID} = AppShellPage Class \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvAppExt.dll [Qualcomm Atheros Commnucations] McCtxMenuFrmWrk\(Default) = {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} -> {HKLM...CLSID} = McCtxFrmWrk Class \InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL [McAfee, Inc.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\ NBShellHook.6.0\(Default) = {0A920327-8189-4514-86FF-48D5F9C75FD4} -> {HKLM...Wow...CLSID} = NBShellHook Class \InProcServer32\(Default) = c:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} -> {HKLM...CLSID} = FTShellContext Class \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ShellContextExt.dll [Qualcomm Atheros Commnucations] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735} -> {HKLM...CLSID} = Ath_CopyHook \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\FolderViewImpl.dll [Qualcomm Atheros Commnucations] ClearfiCopyHook\(Default) = {ED32C084-BABB-11E1-B491-D4D66088709B} -> {HKLM...CLSID} = Clearfi Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll [null data] -> {HKLM...Wow...CLSID} = Clearfi Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll [null data] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} -> {HKLM...CLSID} = GraphicsShellExt Class \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation] NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [Malwarebytes Corporation] McCtxMenuFrmWrk\(Default) = {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} -> {HKLM...CLSID} = McCtxFrmWrk Class \InProcServer32\(Default) = c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL [McAfee, Inc.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] {0A920327-8189-4514-86FF-48D5F9C75FD4}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = NBShellHook Class \InProcServer32\(Default) = c:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBShell.dll [Nero AG] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ NBShellHook.6.0\(Default) = {0A920327-8189-4514-86FF-48D5F9C75FD4} -> {HKLM...Wow...CLSID} = NBShellHook Class \InProcServer32\(Default) = c:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBShell.dll [Nero AG] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoRun = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoControlPanel = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ EnableCursorSuppression = (REG_DWORD) dword:0x00000001 {unrecognized setting} EnableLinkedConnections = (REG_DWORD) dword:0x00000001 {unrecognized setting} DisableTaskMgr = (REG_DWORD) dword:0x00000000 {unrecognized setting} DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Windows\Web\Wallpaper\Theme1\img4.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AcerClearfiMediaAutoPlayMOVIE\ Provider = Acer InvokeProgID = AcerClearfiMediaAutoPlayMOVIE\AutoPlay InvokeVerb = open HKLM\SOFTWARE\Classes\AcerClearfiMediaAutoPlayMOVIE\AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\Acer\clear.fi Media\clearfiMediaAutoplay.exe %1 MOVIE [Acer Incorporated] AcerClearfiMediaAutoPlayMUSIC\ Provider = Acer InvokeProgID = AcerClearfiMediaAutoPlayMUSIC\AutoPlay InvokeVerb = open HKLM\SOFTWARE\Classes\AcerClearfiMediaAutoPlayMUSIC\AutoPlay\shell\open\command\(Default) = C:\Program Files (x86)\Acer\clear.fi Media\clearfiMediaAutoplay.exe %1 MUSIC [Acer Incorporated] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] MagicUSBCable\ Provider = @%windir%\system32\migwiz\wet.dll,-588 CLSID = {0C776A5A-FC42-4870-8D65-D62ADD9184FF} -> {HKLM...CLSID} = Magic USB Cable Class ID \LocalServer32\(Default) = "C:\Windows\System32\MigAutoPlay.exe" [MS] MSFhConfigBackup\ Provider = @C:\Windows\system32\fhautoplay.dll,-100 InvokeProgID = FHConfig.AutoPlayHandler InvokeVerb = config HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPromptEachTime\ Provider = @C:\Windows\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTime HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSPromptEachTimeNoContent\ Provider = @C:\Windows\system32\shell32.dll,-17411 ProgID = Shell.Autoplay InitCmdLine = PromptEachTimeNoContent HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7} -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] MSWPDNetworkConfigHandler\ Provider = @C:\Windows\system32\wpdshext.dll,-503 CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /NetworkConfig;%SystemRoot%\system32\xwizard.exe;RunWizard {34c219bd-85c1-4338-95e8-788a36901dc2} /z %s -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN] Startup items in "Acer" & "All Users" startup folders: ------------------------------------------------------ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} OneNote 2010 Schermopname en Snel starten -> shortcut to: C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [MS] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Acrobat Update Task -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated] ALU -> launches: C:\Program Files (x86)\Acer\Live Updater\updater.exe -auto [null data] ALUAgent -> launches: C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [null data] AutoKMS -> launches: C:\Windows\AutoKMS\AutoKMS.exe [null data] CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] CreateChoiceProcessTask -> launches: C:\Windows\BrowserChoice\browserchoice.exe /launch [MS] DeviceDetector -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [CyberLink] Dolby Selector -> launches: C:\Dolby PCEE4\pcee4.exe -autostart [null data] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] iuBrowserIEAgent -> (HIDDEN!) launches: "C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe" [null data] iuEmailOutlookAgent -> (HIDDEN!) launches: "C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe" [null data] Optimize Start Menu Cache Files-S-1-5-21-405472204-892392093-2721154632-1002 -> launches: {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\twinapi.dll [MS] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\SysWOW64\twinapi.dll [MS] Optimize Start Menu Cache Files-S-1-5-21-405472204-892392093-2721154632-500 -> launches: {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\twinapi.dll [MS] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\SysWOW64\twinapi.dll [MS] Power Management -> launches: "C:\Program Files\Acer\Acer Power Management\ePowerTray.exe" [Acer Incorporated] {98984EAB-9B0F-4EE4-8054-8259B7A49268} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Acer\AppData\Local\Roblox\Versions\version-8c5c6ce7499b4544\RobloxPlayerLauncher.exe -c -uninstall [MS] C:\Windows\System32\Tasks\Microsoft\Office Office 15 Subscription Heartbeat -> launches: %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [MS] OfficeTelemetryAgentFallBack -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload mininterval:2880 [MS] OfficeTelemetryAgentLogOn -> launches: "C:\Program Files\Microsoft Office\Office15\msoia.exe" scan upload [MS] C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework .NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] .NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = mscoree.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\AppID SmartScreenSpecific -> launches: {9f2b0085-9218-42a1-88b0-9f0e65851666} -> {HKLM...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS] -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler \InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent /increment [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] StartupAppTask -> launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData CleanupTemporaryState -> launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk ProactiveScan -> launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1} -> {HKLM...CLSID} = Proactive Scan \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66} -> {HKLM...CLSID} = BthSQM \InProcServer32\(Default) = C:\Windows\System32\BthSQM.dll [MS] Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] Uploader -> launches: %windir%\system32\WSqmCons.exe -u [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F} -> {HKLM...CLSID} = Data Integrity Scan \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -h -o -$ [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888} -> {HKLM...CLSID} = DsmRefreshTask Class \InProcServer32\(Default) = C:\Windows\System32\DeviceSetupManagerAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory File History (maintenance mode) -> launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A} -> {HKLM...CLSID} = FhTaskHandler Class \InProcServer32\(Default) = C:\Windows\System32\fhtask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: A9A33436-678B-4c9c-A211-7CC38785E79D -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS] RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3} -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts MNO Metadata Parser -> launches: %SystemRoot%\System32\MbaeParserTask.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS] LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg BindingWorkItemQueueHandler -> launches: {5AA199A0-1CED-43A5-9B85-3226086738A3} -> {HKLM...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS] -> {HKLM...Wow...CLSID} = Binding Engine Task Handler \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371} -> {HKLM...CLSID} = PerfTrack TaskHandler class \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PI Secure-Boot-Update -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS] Sqm-Tasks -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209} -> {HKLM...CLSID} = Device Installation Group Policy Task Handler \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS] Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b} -> {HKLM...CLSID} = Device Installation Reboot Dialog Task \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS] Sysprep Generalize Drivers -> launches: %SystemRoot%\System32\drvinst.exe 6 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: {927ea2af-1c54-43d5-825e-0074ce028eee} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\energytask.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools MRT_HB -> launches: C:\Windows\system32\MRT.exe /EHB /Q [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Servicing StartComponentCleanup -> launches: 752073A1-23F2-4396-85F0-8FDB879ED0ED [InProcServer32 entry not found] C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} -> {HKLM...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\Windows\system32\SettingSyncInfo.dll [MS] -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler \InProcServer32\(Default) = C:\Windows\system32\SettingSyncInfo.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup 8.1 auto install ping -> launches: %windir%\system32\AutoUpdate.exe /Ping [MS] 8.1 auto install v2 -> launches: C:\Windows\system32\AutoUpdate.exe /Auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43} -> {HKLM...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS] -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS] FamilySafetyMonitor -> launches: %windir%\System32\wpcmon.exe [MS] FamilySafetyRefresh -> launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA} -> {HKLM...CLSID} = FamilySafety.WebSync \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS] IndexerAutomaticMaintenance -> launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS] -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC} -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS] -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort SpaceAgentTask -> launches: %windir%\system32\SpaceAgent.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain WsSwapAssessmentTask -> launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler Idle Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS] Maintenance Configurator -> launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8} -> {HKLM...CLSID} = Maintenance Configurator \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS] Manual Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS] Regular Maintenance -> launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44} -> {HKLM...CLSID} = Maintenance Launcher Handler \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization ForceSynchronizeTime -> launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9} -> {HKLM...CLSID} = Time Synchronization Task Handler \InProcServer32\(Default) = C:\Windows\system32\TimeSyncTask.dll [MS] SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TPM Tpm-Maintenance -> launches: {5014B7C8-934E-4262-9816-887FA745A6C4} -> {HKLM...CLSID} = TPM Maintenance Task Handler \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate Scheduled Start -> launches: C:\Windows\system32\sc.exe start wuauserv [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WS Badge Update -> launches: {00CCDDF6-5107-424D-853D-3907AE5502DC} -> {HKLM...CLSID} = WinStore Tile Badge Updater \InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS] License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS] Sync Licenses -> launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E} -> {HKLM...CLSID} = WinStore License Sync task \InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS] WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS] WSTask -> launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Windows\System32\WSService.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\Recovery Management Notification -> launches: C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [null data] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-405472204-892392093-2721154632-1002 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] 000000000008\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] 000000000008\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = McAfee SiteAdvisor -> {HKLM...CLSID} = McAfee SiteAdvisor Toolbar \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = McAfee SiteAdvisor -> {HKLM...Wow...CLSID} = McAfee SiteAdvisor Toolbar \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [McAfee, Inc.] Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS] {7815BE26-237D-41A8-A98F-F7BD75F71086}\ MenuText = Send by Bluetooth to CLSIDExtension = {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> {HKLM...CLSID} = CIESpeechBHO Class \InProcServer32\(Default) = C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [Qualcomm Atheros Commnucations] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Verzenden naar OneNote MenuText = &Verzenden naar OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = &Gekoppelde notities van OneNote MenuText = &Gekoppelde notities van OneNote CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...Wow...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} = (no title provided) -> {HKLM...CLSID} = McAfee SiteAdvisor Toolbar \InProcServer32\(Default) = c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [McAfee, Inc.] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Apple Mobile Device Service, Apple Mobile Device Service, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] AtherosSvc, AtherosSvc, C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [Qualcomm Atheros Commnucations] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] CCDMonitorService, CCDMonitorService, C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [Acer Incorporated] dldf_device, dldf_device, C:\Windows\system32\dldfcoms.exe -service [ ] Dritek RF Button Command Service, RfButtonDriverService, C:\Windows\RfBtnSvc64.exe [Dritek System INC.] Dritek WMI Service, DsiWMIService, C:\Program Files (x86)\Launch Manager\dsiwmis.exe [Dritek System Inc.] Elan Service, ETDService, C:\Program Files\Elantech\ETDService.exe [ELAN Microelectronics Corp.] ePower Service, ePowerSvc, "C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe" [Acer Incorporated] IconMan_R, IconMan_R, "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe" [Realsil Microelectronics Inc.] Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation] Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [Intel Corporation] Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation] Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation] iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation] MBAMService, MBAMService, "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [Malwarebytes Corporation] McAfee Anti-Malware Core, mfecore, C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [McAfee, Inc.] McAfee Anti-Spam Service, MSK80Service, "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] McAfee AP Service, McAPExe, "C:\Program Files\McAfee\MSC\McAPExe.exe" [McAfee, Inc.] McAfee Application Statistics Service, MfeASUM, "C:\Program Files\McAfee\AppStats\MfeASUM.exe" [McAfee, Inc.] McAfee Firewall Core Service, mfefire, "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [McAfee, Inc.] McAfee Home Network, HomeNetSvc, "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] McAfee Personal Firewall Service, McMPFSvc, "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] McAfee Platform Services, mcpltsvc, "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] McAfee Proxy Service, McProxy, "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] McAfee SiteAdvisor Service, McAfee SiteAdvisor Service, "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] McAfee Validation Trust Protection Service, mfevtp, "C:\windows\system32\mfevtps.exe" [McAfee, Inc.] McAfee VirusScan Announcer, McNaiAnn, "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [McAfee, Inc.] Nero Update, NAUpdate, "c:\Program Files (x86)\Nero\Update\NASvc.exe" [Nero AG] Norton Online Backup, NOBU, "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [Symantec Corporation] NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation] NVIDIA Update Service Daemon, nvUpdatusService, "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [NVIDIA Corporation] Office Software Protection Platform, osppsvc, "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [MS] TomTomHOMEService, TomTomHOMEService, "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [TomTom] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> MCODS, (title not found) <> mcpltsvc, (title not found) <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> McMPFSvc, Service <> MCODS, (title not found) <> mcpltsvc, (title not found) <> mfefire, Driver <> mfefirek, Driver <> mfefirek.sys, Driver <> mfehidk, Driver <> mfehidk.sys, Driver <> mfevtp, Driver <> PEVSystemStart, Service Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Dell 948 Port\Driver = dldflmpm.dll [ ] Fax Dell AIO Printer 948 Port\Driver = DLDFPMON.DLL [null data] <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO5OU9DW will be deleted at reboot C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRE18FTV will be deleted at reboot C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3QELYBG will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=268 folders=29 15369038 bytes) ==== Empty Temp Folders ====================== C:\Users\Acer\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Acer\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO5OU9DW" not found "C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRE18FTV" not found "C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3QELYBG" not found ==== EOF on ma 22/06/2015 at 10:14:13,15 ======================