Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Patrick on di 23/08/2016 at 13:32:29,81. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Patrick\Desktop\zoek.scr [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 23/08/2016 13:35:30 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\3c54e3b7-2c96-4492-9f68-804ac5224d59 deleted successfully C:\PROGRA~2\69dc8177-a574-4dff-8461-b3267b078dcf deleted successfully C:\PROGRA~2\Acro Software deleted successfully C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\Anvisoft deleted successfully C:\PROGRA~2\AppendMonitor deleted successfully C:\PROGRA~2\Comodo deleted successfully C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\PROGRA~2\Mobo deleted successfully C:\PROGRA~2\MyFree Codec deleted successfully C:\PROGRA~2\predm deleted successfully C:\Program Files\DCE deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\log deleted successfully C:\Users\Patrick\AppData\Roaming\Firetrust deleted successfully C:\Users\Patrick\AppData\Roaming\hpqLog deleted successfully C:\Users\Patrick\AppData\Roaming\JAM Software deleted successfully C:\Users\Patrick\AppData\Roaming\Lite deleted successfully C:\Users\Patrick\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Patrick\AppData\Roaming\Solvusoft deleted successfully C:\Users\Patrick\AppData\Local\CutePDF Writer deleted successfully C:\Users\Patrick\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Patrick\AppData\Local\EmieSiteList deleted successfully C:\Users\Patrick\AppData\Local\EmieUserList deleted successfully C:\Users\Patrick\AppData\Local\genienext deleted successfully C:\Users\Patrick\AppData\Local\Samsung deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\SearchScopes\oldsearch deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12052762-3DF1-46C0-9134-AA7DF948C365} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{152EAFF-E9C6-4B08-A51F-B31DFA5F65D} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1860CAB3-1234-4AAD-8D59-72D8C860EE74} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E3EA3C2-EA61-4EA5-931C-9F72A6CF461} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27368E55-FE86-4C1A-9B48-453B9535D88} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{351471B7-59E0-4A61-947A-709C51F8337A} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{356819E8-94EE-429E-BAA4-B55342BA09C} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41733256-827F-4052-B8C3-E4EE11F3F5B1} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59015629-5320-4801-B3CB-E5FBAE184931} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5907C870-C853-4B77-9EFD-EFFBC7B7C2A} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E0B09-F72C-4D1F-9F38-11A9438744E6} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1FFF5D-5493-4148-BA1B-83A3BA7E984} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80D29C06-7C0E-472B-A685-98F937DE35F1} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87AA3D62-DC2C-4249-AF2B-3808F89A34} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E35F520-B2D4-42D7-A1BC-6E4DBF4309} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E457B5B-F7B0-4707-BFD-3AF3AB87DD13} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F7414F7-CD99-404B-AFBD-474F6492997} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1BBD75A-5B26-4A71-83F4-D31952B835EB} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A21C9E6-63C1-4B49-A24C-061D7E094} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8972BBC-795A-4F1F-8760-2E53E4C3CA82} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADE6CC0F-8A6D-43B3-A82C-8659B6528650} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEDBD8EF-9CF6-4B5E-A850-132B21153BE} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEDE096D-E138-40FE-ADAD-29941C843B9} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2EEA36E-21DE-4D9E-9C83-762CBE0EE37} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5CB4ED2-2442-47D1-985D-E2659F8322CB} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B76E98B8-70A8-458E-865A-6E8E058F05B} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B86DACA3-C8E6-47AA-8915-53581AB7FF9} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB805F51-400F-4612-ACC4-D257F81AD4C8} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3BF120F-BD42-4F47-BAD5-FBDFC8F235F} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C67B80E-7A1E-4637-96BE-B4236BE1D392} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB5E7DA3-26BF-4F13-B4F3-52E2B29164A} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF998F60-BDAF-4751-93DD-EEC9DA873CF} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2051172-DA36-4984-A92E-9A5A39B8A65} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9EA2A4E-6E08-486B-B93F-DEA7D0970DD} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAB3E72E-1-41F6-8345-F5A0902CDAA3} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E69F2CBB-58D9-4C9B-91FB-AB4A80C4B25} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E818086E-E98-4172-9680-6B6D94236397} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAC71B6-D336-4887-98FD-15E123E6B0} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB6A95ED-481A-4175-94C6-B391459B6E3F} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC0DC386-34ED-41E5-BCC-805CC1842D} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFBBD013-5EA1-4B52-88B3-D1189DDED28} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2212EFB-4947-4274-AD10-336D3F72940} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6720C80-4C01-4CE1-BF75-FA939BF8EF} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7CFE5A6-8B10-442C-B323-2BF7F644C60} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9209B9C-1F0B-40A4-AC19-37E244AD1DCE} deleted successfully HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF524340-8846-4117-88D3-132AD6C32A9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\oldsearch deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bebtosho deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\bebtosho deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.0 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.0 deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Batch Command(s) Run By Tool====================== De Winsock-catalogus is opnieuw ingesteld. De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien. ==== Deleting Files \ Folders ====================== C:\PROGRA~2\3c54e3b7-2c96-4492-9f68-804ac5224d59 not found C:\PROGRA~2\69dc8177-a574-4dff-8461-b3267b078dcf not found C:\PROGRA~2\Acro Software not found C:\PROGRA~2\AGEIA Technologies not found C:\PROGRA~2\Anvisoft not found C:\PROGRA~2\AppendMonitor not found C:\PROGRA~2\Comodo not found C:\PROGRA~2\Mobo not found C:\PROGRA~2\MyFree Codec not found C:\PROGRA~2\predm not found c:\programdata\{8a323be8-39b6-5b56-8a32-23be839befa0} not found "C:\Users\Patrick\AppData\Roaming\BYAIAMUF.exe" not found "C:\Users\Patrick\AppData\Roaming\drrSkPDFxWGhp.exe" not found "C:\Users\Patrick\AppData\Roaming\xBa2faHWNhuBgqUb3HdkaP.exe" not found C:\Users\Patrick\AppData\Local\Comodo deleted C:\PROGRA~2\Similar Sites Pro deleted C:\PROGRA~2\unnisalEs deleted C:\Users\Patrick\AppData\Roaming\freecorder deleted C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater deleted C:\Hijackthis deleted C:\windows\SysNative\Tasks\FrameVid deleted C:\Windows\tasks\FrameVid.job deleted C:\Users\Patrick\daemonprocess.txt deleted C:\Users\Patrick\.android deleted C:\PROGRA~2\COMMON~1\AVG Secure Search deleted C:\PROGRA~2\COMMON~1\Wondershare deleted C:\prefs.js deleted C:\install.exe deleted C:\Users\Patrick\AppData\Roaming\RHEng deleted C:\Users\Patrick\AppData\Roaming\GetRightToGo deleted C:\Users\Patrick\AppData\Local\{BFFB4DAD-9151-42DB-86FA-4F90FA6F699F} deleted C:\Users\Patrick\AppData\Local\AVG SafeGuard toolbar deleted C:\Users\Patrick\AppData\Local\Wondershare deleted C:\Users\Patrick\AppData\Local\cache deleted C:\Users\Patrick\AppData\Local\Installer deleted C:\Users\Patrick\AppData\Local\CrashRpt deleted C:\Users\Patrick\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Users\Patrick\Desktop\Youtube Downloader HD.lnk deleted "C:\Windows\tasks\BYAIAMUF.job" deleted "C:\Windows\tasks\drrSkPDFxWGhp.job" deleted "C:\Windows\tasks\xBa2faHWNhuBgqUb3HdkaP.job" deleted "C:\Users\Patrick\AppData\Roaming\Application" deleted "C:\Users\Patrick\AppData\Roaming\Automatic Filter" deleted "C:\Users\Patrick\AppData\Roaming\Automator" deleted "C:\Users\Patrick\AppData\Roaming\BSD" deleted "C:\Users\Patrick\AppData\Roaming\Bubble Noise" deleted "C:\Users\Patrick\AppData\Roaming\BYAIAMUF" deleted "C:\Windows\tasks\BYAIAMUF.job" deleted "C:\Windows\SysNative\tasks\BYAIAMUF" deleted "C:\Users\Patrick\AppData\Roaming\drrSkPDFxWGhp" deleted "C:\Windows\tasks\drrSkPDFxWGhp.job" deleted "C:\Windows\SysNative\tasks\drrSkPDFxWGhp" deleted "C:\Users\Patrick\AppData\Roaming\Enhance Tuning" deleted "C:\Users\Patrick\AppData\Roaming\Examples" deleted "C:\Users\Patrick\AppData\Roaming\xBa2faHWNhuBgqUb3HdkaP" deleted "C:\Windows\tasks\xBa2faHWNhuBgqUb3HdkaP.job" deleted "C:\ProgramData\Applause and Laugher" deleted "C:\ProgramData\Basic Track" deleted "C:\ProgramData\Bass" deleted "C:\ProgramData\Caches" deleted "C:\ProgramData\Extensions" deleted "C:\ProgramData\Filesystems" deleted "C:\ProgramData\mntemp" deleted "C:\Users\Patrick\AppData\Roaming\FreeCAD\system.cfg" deleted "C:\Users\Patrick\AppData\Roaming\FreeCAD\user.cfg" deleted "C:\Users\Patrick\AppData\Roaming\FreeCAD" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Patrick\AppData\Local\Temp ==== 2016-08-23 06:52:35 CBC7E83EFB57474D82A559511947EC12 2421192 ----a-w- C:\Users\Patrick\AppData\Local\Temp\divx30f8\DivXSetup.exe 2016-08-11 07:39:36 981E03BC9D04B743ABB8BAD8898D80E6 9568256 ----a-w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\mpam-94f4bfc4.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-08-17 07:02:57 9DE2ECE436DCD0A3237565AC1F66B7B3 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll 2016-08-11 11:51:12 FF80DB2A3E58752C0D3DF84A8C122F92 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2016-08-11 11:51:12 F5C14A878BF2E5910E10659B17301A0A 141312 ----a-w- C:\Windows\SysWOW64\rpchttp.dll 2016-08-11 11:51:12 B0357E6AD7A705F10B975638F984D003 260608 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2016-08-11 11:51:12 A5E65D7561D393E8C8653E242AEA5CC2 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2016-08-11 11:51:12 8241C71BECB78FE347E26F1444FF0408 251392 ----a-w- C:\Windows\SysWOW64\schannel.dll 2016-08-11 11:51:12 7B5FD967AE05EF838F478684281FC6C1 36352 ----a-w- C:\Windows\SysWOW64\cryptbase.dll 2016-08-11 11:51:12 6D6BDDB5C612877C7A2968F2811B738D 553472 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2016-08-11 11:51:12 61FA0F6C5D5AA1EF14B0A78DEDA31577 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2016-08-11 11:51:12 5FF4AD435A1EFF524409B220ACCD78B4 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2016-08-11 11:51:12 54111CE7EFC1EF72FAFB927C316FB2EE 690688 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2016-08-11 11:51:12 4CD27D535C6A15CCA00EDEBF8176C9E9 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2016-08-11 11:51:12 41241C3AE0B3229362AB5DE477BD7BC8 223232 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2016-08-11 11:51:12 39AB21759ADB139F8E8F8206F051491D 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2016-08-11 11:51:12 2CB48AD27A4A7CEB91874DB5FE313966 666112 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2016-08-11 11:51:12 1C77420F4551C8D71ECEA95E16117077 342528 ----a-w- C:\Windows\SysWOW64\certcli.dll 2016-08-11 11:51:12 0F6EA0C965294B39E1B2029CF8FCEB28 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2016-08-11 11:51:11 8371D7D799B02E9856F87C4A5836C4E7 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2016-08-11 11:51:09 F549CF4F85F6744F9BD836EFD0F2BB02 279040 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2016-08-11 11:51:09 F3EA89E72E6ADD295790092B57800DF8 91136 ----a-w- C:\Windows\SysWOW64\inseng.dll 2016-08-11 11:51:09 CF8D63650B723AD146882DE7238A21A4 346312 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2016-08-11 11:51:09 CAAFB21C8A0F20E3C422E284B077B28B 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-11 11:51:09 B234B83E0EFCA74F50E9EB6F6F899928 20343808 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2016-08-11 11:51:09 917A2834DD5B0715967C2B570B0F6307 497664 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2016-08-11 11:51:09 8CD353AE6565B8BA274DF7637F05F99A 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-11 11:51:09 64CEAFB38C22478231B1DA2A0BC6CDF7 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2016-08-11 11:51:09 586B9F1848F16DC8DD5E706ED1A3F27F 1316352 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2016-08-11 11:51:09 2E8B78648D278FCB07F5467F0431E3EF 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2016-08-11 11:51:09 2B46512370A9EC8A8833C42998B4AC20 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-11 11:51:09 227AABB662FFB3FA84D548CE0096D45E 130048 ----a-w- C:\Windows\SysWOW64\occache.dll 2016-08-11 11:51:09 0EC9E3CA8AFD25FD2DF1C1051C07C754 692736 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2016-08-11 11:51:08 F2905A16B566C8C7D32CF1F0BBEC3880 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2016-08-11 11:51:08 EB0157E1E081D4B24E39819054187803 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2016-08-11 11:51:08 A63EB09E14B5502C489262D4DE9C1FF3 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2016-08-11 11:51:08 8560664EC9AFDB4DB83F32A326509259 2055680 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2016-08-11 11:51:08 8394C481B63B959C1650AE5F73FF8E39 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2016-08-11 11:51:08 3398621BF58F9A352B01E56FB52C5EEE 2286592 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2016-08-11 11:51:08 29AA0A28C71C3DF34B651C43FCCACC6A 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll 2016-08-11 11:51:08 10D8F6B20CDC95F058446A0A6468BB34 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2016-08-11 11:51:07 F8868261CE69123E9271AD9E12AB9693 476160 ----a-w- C:\Windows\SysWOW64\ieui.dll 2016-08-11 11:51:07 C8DD4301F421E2B5633F86A94F7E2F56 13808128 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2016-08-11 11:51:07 BCF01E6EFF578F68407CC0B36C38EF17 416256 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2016-08-11 11:51:06 B269D6CE33447A716668291DBD9E5C22 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-11 11:51:06 74F975346D32CAB73552A9331CDA8C42 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2016-08-11 11:51:06 64829F4ED34D8339EC39D32204718ADD 2393088 ----a-w- C:\Windows\SysWOW64\wininet.dll 2016-08-11 11:51:06 616FE9AB9C7A398500CA7D0921F0FF85 4608000 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2016-08-11 11:51:06 56610536AAA4C3D96FEAEF7595034007 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2016-08-11 11:51:06 56276DD3F64D583675B2F183B1BEFF03 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2016-08-11 11:51:06 2B9F2BBB8FE8A95A81D2388B60C3E042 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-08-17 07:02:57 77F7A37A1AF97A0050448F2A40072A4E 2048 ----a-w- C:\Windows\Sysnative\tzres.dll 2016-08-11 11:51:12 F83C586FD2443B5138F74E10B9F46F95 312320 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2016-08-11 11:51:12 EEF212F3B6A6645D93CD0B2D424CF48A 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll 2016-08-11 11:51:12 D0CEF11E5B55B717AD6E8066CA9F2AC2 463872 ----a-w- C:\Windows\Sysnative\certcli.dll 2016-08-11 11:51:12 BA3BF48B745D3D5C90B360477A39AD52 690688 ----a-w- C:\Windows\Sysnative\adtschema.dll 2016-08-11 11:51:12 B6000CC0F681D94F2AFC15BE6193F241 343552 ----a-w- C:\Windows\Sysnative\schannel.dll 2016-08-11 11:51:12 B287DB3318E465176A97953BD464C034 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2016-08-11 11:51:12 A648773888E64002EFBB7B5CE35DA7D7 1464320 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2016-08-11 11:51:12 A05D21704365D26EB2ED4F45A354CD50 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2016-08-11 11:51:12 9B09C31B1F32D0D408E531135C4915F8 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2016-08-11 11:51:12 93ABBD493174AE383BA5234826CFB51E 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2016-08-11 11:51:12 85AE555C473DA14AF08A0515BA8E2D27 190464 ----a-w- C:\Windows\Sysnative\rpchttp.dll 2016-08-11 11:51:12 816606DFF52714CB2F80EB11388C720A 730624 ----a-w- C:\Windows\Sysnative\kerberos.dll 2016-08-11 11:51:12 814D408924CF9B4109216BBC458517A9 43520 ----a-w- C:\Windows\Sysnative\cryptbase.dll 2016-08-11 11:51:12 7770EE0B98AEC80A737652DC557C7F7E 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2016-08-11 11:51:12 47819B3FCC240EA34A696E5AC57DA4E8 316416 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2016-08-11 11:51:12 246A1663CA201B55796E9DDC027EB8ED 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2016-08-11 11:51:12 13FE29C1C8E782829C7FAA3B14F4A666 30720 ----a-w- C:\Windows\Sysnative\lsass.exe 2016-08-11 11:51:12 0FD231D3BB3867BD2CF35D76E35E4157 210432 ----a-w- C:\Windows\Sysnative\wdigest.dll 2016-08-11 11:51:12 0CB631D7FAAAD66FECCFE64AF7502961 1212928 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2016-08-11 11:51:11 18459FCD4B657CF6452D992D984740DB 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2016-08-11 11:51:09 FB5E30FD58CFCB42C4C58AC4F6B193B4 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2016-08-11 11:51:09 F34FCCD107EEE8F32E973B88B1B6879F 724992 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2016-08-11 11:51:09 C6CBF1C307BD7FBC15DF4245C4466B13 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2016-08-11 11:51:09 30AA13DD3AB392D31EE1F8280F02419F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2016-08-11 11:51:09 231B7E1CF644F83DEE1D14C96D1CE64A 107520 ----a-w- C:\Windows\Sysnative\inseng.dll 2016-08-11 11:51:09 1DCC47231EF77587C6058D0DB1C619BE 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2016-08-11 11:51:09 0795C990F18769F138B9C6DF757A1262 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2016-08-11 11:51:08 F20E4D8EB4B99BCC109AE599193243FD 394440 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2016-08-11 11:51:08 F13C89FB78ACFF5540F198EBF36FCA9F 152064 ----a-w- C:\Windows\Sysnative\occache.dll 2016-08-11 11:51:08 BE5436294A01E3C7DD4DD231C724F5C4 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2016-08-11 11:51:08 3E154893570038A59F73A8F7418DCF75 1550848 ----a-w- C:\Windows\Sysnative\urlmon.dll 2016-08-11 11:51:07 F09B558573C9BBBC949FA6B3D3200456 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2016-08-11 11:51:07 D30B023DC798FAC4ABA25D0B637C568A 315392 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2016-08-11 11:51:07 C588FEF8EE8AD70A1A739B23EF4B987A 969216 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2016-08-11 11:51:07 7EE91314F7FFC8A566ADDCD13DD51242 806400 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2016-08-11 11:51:07 50828D61E8A3205B337DC49A7C3FFF38 2131456 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2016-08-11 11:51:07 22336934420C6862F0847DED6C437B76 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2016-08-11 11:51:06 F685AC29447B34F623D85C973E028287 572416 ----a-w- C:\Windows\Sysnative\vbscript.dll 2016-08-11 11:51:06 EFB4DC94975BAFFE5FB0465E64A1E54B 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2016-08-11 11:51:06 C7C7C333FDBECF16C29A39635B84A1EA 2894336 ----a-w- C:\Windows\Sysnative\iertutil.dll 2016-08-11 11:51:05 CA73619BE9ADCEB3934551C223F6ADD0 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2016-08-11 11:51:05 C29752ECB73D5C92003568123975EA7C 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2016-08-11 11:51:05 8F9762BB257CAC7B119CB643212AAD75 489984 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2016-08-11 11:51:05 76A937F27F14BE9AB31901319335CED6 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll 2016-08-11 11:51:05 710634B4F8003066FB7329D776D0C5BE 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2016-08-11 11:51:05 679442D0595FBF5A6D91705D364784A3 615936 ----a-w- C:\Windows\Sysnative\ieui.dll 2016-08-11 11:51:05 429E72773966866CE5F6BBA9E07B750D 817664 ----a-w- C:\Windows\Sysnative\jscript.dll 2016-08-11 11:51:05 311416EBB1CFB6F39D0AE6176E79D2C2 15412224 ----a-w- C:\Windows\Sysnative\ieframe.dll 2016-08-11 11:51:04 8BE7C72DB66A760B2DC57DE1D99EDCA1 6047744 ----a-w- C:\Windows\Sysnative\jscript9.dll 2016-08-11 11:51:04 51BD4D3D74CDF4EFB6C8023C86914C6D 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2016-08-11 11:51:04 33821B684222F236711F7F8C78AA9247 2868224 ----a-w- C:\Windows\Sysnative\wininet.dll 2016-08-11 11:51:04 2FC7C339A0310E9E7A55384B2B798F06 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2016-08-11 11:51:04 2BCC67A19D5C041AE694DBCA3BA0A290 417792 ----a-w- C:\Windows\Sysnative\html.iec 2016-08-11 11:51:04 133BDD30B98E9158649E73B38434F673 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2016-08-11 11:51:03 E3E3B1226692DB497226CCD7F43AD7DF 25808384 ----a-w- C:\Windows\Sysnative\mshtml.dll 2016-08-11 11:50:55 F599F9438186D88E6A9D0F38806C1217 3218944 ----a-w- C:\Windows\Sysnative\win32k.sys ====== C:\Windows\Sysnative\drivers ===== 2016-08-11 11:51:12 CFBA6BCBBDC7E33813D92FFB3460FA07 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-08-11 11:51:12 CE66825289EE8326CB52C4E9E785ACB0 154856 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-08-11 11:51:12 B7FADA5E1E55BB63F90EB9F8F016113B 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-08-11 11:51:12 34AFF1849B3EC042C40C5EEC9D78562A 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-08-11 11:51:12 058CE7A55E140EB0C72FBA6FD2FA72DE 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys ====== C:\Windows\Tasks ====== 2016-08-13 11:52:27 C42D716F4D1C9E7E90F5D03435BCF530 3640 ----a-w- C:\Windows\Sysnative\Tasks\DivXUpdate ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Patrick\AppData\Roaming ====== ====== C:\Users\Patrick ====== ====== C: exe-files == 2016-08-23 07:16:11 D08C0324A6E9AA558B1A9A4EEC5B8279 8706672 ----a-w- C:\Users\Patrick\AppData\Local\NVIDIA\NvBackend\Packages\00009276\DAO.21074911.exe 2016-08-23 07:16:07 6DC461731E6D92804E0A75AA61683408 711816 ----a-w- C:\Users\Patrick\AppData\Local\NVIDIA\NvBackend\Packages\00009261\CoProc update.21073398.exe 2016-08-23 06:54:44 E7F0034446511A33FC2E037643D3C094 418087 ----a-w- C:\ProgramData\DivX\BundleLicenses\Uninstaller.exe 2016-08-23 06:54:42 F2067F0DAAB2F7B8691A8041AFFB5879 418784 ----a-w- C:\ProgramData\DivX\WebPlayer\Uninstaller.exe 2016-08-23 06:54:39 BBFF82475DF846D5A4ACB00986DC89FA 418392 ----a-w- C:\ProgramData\DivX\Update\Uninstaller.exe 2016-08-23 06:54:38 0884BFE4A4F8E668396B7FBCF4BB82AA 421041 ----a-w- C:\ProgramData\DivX\Player\Uninstaller.exe 2016-08-23 06:54:30 5FDC045458F9BC92550F7B132D1EDA7B 417519 ----a-w- C:\ProgramData\DivX\DivXMediaServer\Uninstaller.exe 2016-08-23 06:54:26 217BC250BA6E414FEF1758F2BCC0C46C 414924 ----a-w- C:\ProgramData\DivX\DPC\Uninstaller.exe 2016-08-23 06:54:20 2ED5434C6D5448165D5AF00780474222 420058 ----a-w- C:\ProgramData\DivX\Converter\Uninstaller.exe 2016-08-23 06:54:18 5E3E524E1A6BD5FE1271809D7E3B04CE 414998 ----a-w- C:\ProgramData\DivX\DivXComponentManager\Uninstaller.exe 2016-08-23 06:54:17 77130501B1B7D3381C9CB11679BC143C 420172 ----a-w- C:\ProgramData\DivX\TranscodeEngine\Uninstaller.exe 2016-08-23 06:54:04 C6C4D5E0908F208EA0D2299BB7CF625E 419803 ----a-w- C:\ProgramData\DivX\ControlPanel\Uninstaller.exe 2016-08-23 06:54:03 D0CBF93B61365EF485DA81BFD24B5A8A 415063 ----a-w- C:\ProgramData\DivX\Qt5.5.1\Uninstaller.exe 2016-08-23 06:53:59 FA75D16F60E4C9F5C006904390D696F7 415167 ----a-w- C:\ProgramData\DivX\Qt4.8\Uninstaller.exe 2016-08-23 06:53:56 13A03F9D076AF9A2376765AF207A5DCC 414500 ----a-w- C:\ProgramData\DivX\AACCodec\Uninstaller.exe 2016-08-23 06:52:35 CBC7E83EFB57474D82A559511947EC12 2421192 ----a-w- C:\Users\Patrick\AppData\Local\Temp\divx30f8\DivXSetup.exe 2016-08-22 18:00:46 183146F9CDFC736BA194A7AFB031CCE2 346552 ----a-w- C:\Users\Patrick\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2016-08-22 18:00:42 71A62782E2BB676AA6F11D48AB69F7F6 403896 ----a-w- C:\Users\Patrick\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2016-08-20 10:51:08 75E48FCCE3F1636528E443B6103D9BA8 8688128 ----a-w- C:\Users\Patrick\AppData\Local\NVIDIA\NvBackend\Packages\00009243\DAO.21063699.exe 2016-08-19 10:48:06 6409692CDC0F4C474E31D01E167217FA 710960 ----a-w- C:\Users\Patrick\AppData\Local\NVIDIA\NvBackend\Packages\0000922e\CoProc update.21061830.exe 2016-08-17 07:14:37 CF5C3D31EBCC03326911AC1AB35E8DA4 526672 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\iecontentservice.exe 2016-08-17 07:14:37 BD251D401E668DA12E9A82EF0870F30E 8022312 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\cmigrate.exe 2016-08-17 07:14:37 6991502A9E453C1C8E0C869EFA5FBBD4 999104 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\firstrun.exe 2016-08-17 07:14:36 C8252C9DA441BDF4AB6991E56611FE8A 483656 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dwtrig20.exe 2016-08-17 07:14:36 B1F60C56F2A9C20061B3FC6D79C414FC 559848 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\msosqm.exe 2016-08-17 07:14:36 AC45A61B4B85927B805F31923EC0EFBD 94048 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe 2016-08-17 07:14:36 9EB5452780F2F8D0897F6E10DCF32281 48840 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\appsharinghookcontroller64.exe 2016-08-17 07:14:36 856CD79AFABE8BBAE0BBD57CC1314B67 851736 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\dw20.exe 2016-08-17 07:14:36 6B852D9677D9E20AB6AC452E85DFB82C 5862696 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\cmigrate.exe 2016-08-17 07:14:36 383F74B6CD25EF72BDBBF7B10532C124 1163552 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\olicenseheartbeat.exe 2016-08-17 07:14:35 A4CCEDA7A8241A10EE78ED7D44768ED5 490272 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\selfcert.exe 2016-08-17 07:14:35 31F3F79091898096999D4D201BF62F5A 537856 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\vpreview.exe 2016-08-17 07:14:34 C2B9C355D1040F104150BEFCE398D9F5 883928 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe 2016-08-17 07:14:34 7465D32BDA717DEDB2D7574DD59EC648 508152 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msouc.exe 2016-08-17 07:14:33 5E9FC1741197DD209C18B59AF79A43C9 21955264 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe 2016-08-17 07:14:33 4C7549465857EE5913785B784CFDDF95 25739968 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excel.exe 2016-08-17 07:14:33 16ECE2AA2C1842C11AA6348FDDFC2D07 4531456 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\graph.exe 2016-08-17 07:14:32 E9A9A3D5AC03D359CDCDE367863F42D6 238320 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\clview.exe 2016-08-17 07:14:32 64CCE0284118BC8117BCE157AFDB330A 651032 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\integrator.exe 2016-08-17 07:14:25 7A24CB608F852EA854432133A842B649 578912 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE 2016-08-17 07:02:57 4D77048C36BACBAC5295AA21F7261D28 49664 ----a-w- C:\Windows\servicing\GC64\tzupd.exe 2016-08-16 16:17:54 210A004E09D29A7B093543DBAD814617 709064 ----a-w- C:\Users\Patrick\AppData\Local\NVIDIA\NvBackend\Packages\0000920b\CoProc update.21054141.exe 2016-08-16 16:17:44 21A2152A4AFB7D96893AEC1E5B765409 8648272 ----a-w- C:\Users\Patrick\AppData\Local\NVIDIA\NvBackend\Packages\00009193\DAO.21053763.exe === C: other files == ==== Orphaned Tasks deleted from Registry ====================== Opera scheduled Autoupdate 1437121828 deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "GoogleChromeAutoLaunch_133FC10A42EC311A0885C7B36F719938"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe" "DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe" "iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" "GoogleChromeAutoLaunch_133FC10A42EC311A0885C7B36F719938"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "hkey"="HKLM" "item"="Adobe ARM" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" "hkey"="HKLM" "item"="AdobeAAMUpdater-1.0" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5.5ServiceManager] "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5.5ServiceManager\\CS5.5ServiceManager.exe\" -launchedbylogin" "hkey"="HKLM" "item"="AdobeCS5.5ServiceManager" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Akamai NetSession Interface" "hkey"="HKCU" "command"="\"C:\\Users\\Patrick\\AppData\\Local\\Akamai\\netsession_win.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApplePhotoStreams] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ApplePhotoStreams" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\beid] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="beid" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Belgium Identity Card\\beid35gui.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrHelp] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BrHelp" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Brother\\Brother Help\\BrotherHelp.exe /AUTORUN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrScnStsMon00] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BrScnStsMon00" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\BrownyScn\\Brother\\BrStMonScn.exe /AUTORUN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrStsMon00] "command"="C:\\Program Files (x86)\\Browny02\\Brother\\BrStMonW.exe /AUTORUN" "hkey"="HKLM" "item"="BrStsMon00" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CCleaner Monitoring" "hkey"="HKCU" "command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Codec Pack Update Checker] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Codec Pack Update Checker" "hkey"="HKCU" "command"="\"C:\\Windows\\system32\\Codecs\\UpdateChecker.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Codec Settings UAC Manager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Codec Settings UAC Manager" "hkey"="HKLM" "command"="\"C:\\Windows\\system32\\Codecs\\CodecUACManager.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ControlCenter4] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ControlCenter4" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ControlCenter4\\BrCcBoot.exe /autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DivXMediaServer" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DivXUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DLSService] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DLSService" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\DYMO\\DYMO Label Software\\DLSService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DymoQuickPrint] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DymoQuickPrint" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DYMO\\DYMO Label Software\\DymoQuickPrint.exe\" /startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Patrick\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_133FC10A42EC311A0885C7B36F719938] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleChromeAutoLaunch_133FC10A42EC311A0885C7B36F719938" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IAStorIcon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIconLaunch.exe\" \"C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe\" 60" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudDrive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iCloudDrive" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudDrive.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudServices] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iCloudServices" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudServices.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndexSearch] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IndexSearch" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Nuance\\PaperPort\\IndexSearch.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISUSPM" "hkey"="HKCU" "command"="C:\\ProgramData\\FLEXnet\\Connect\\11\\ISUSPM.exe -scheduler" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mobilegeni daemon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Mobogenie\\DaemonProcess.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyImageConverter_8j Browser Plugin Loader 64] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MyImageConverter_8j Browser Plugin Loader 64" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\MyImageConverter_8j\\bar\\1.bin\\8jbrmon64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NextLive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NextLive" "hkey"="HKCU" "command"="C:\\Windows\\SysWOW64\\rundll32.exe \"C:\\Users\\Patrick\\AppData\\Roaming\\newnext.me\\nengine.dll\",EntryPoint -m l" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Nikon Message Center 2" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvBackend" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PaperPort PTD] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PaperPort PTD" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Nuance\\PaperPort\\pptd40nt.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\setup.exe -start] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="setup.exe -start" "hkey"="HKLM" "command"="C:\\Users\\Patrick\\AppData\\Local\\Temp\\setup.exe -start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ShadowPlay" "hkey"="HKLM" "command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap64.dll,ShadowPlayOnSystemStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SohuVA] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SohuVA" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\????\\SHPlayer.exe\" /auto" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SpybotSD TeaTimer" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SwitchBoard" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USB3MON] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="USB3MON" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Intel\\Intel(R) USB 3.0 eXtensible Host Controller Driver\\Application\\iusb3mon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="vProt" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\AVG SafeGuard toolbar\\vprot.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wondershare Helper Compact.exe] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Wondershare Helper Compact.exe" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YTDownloader] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YTDownloader" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\YTDownloader\\YTDownloader.exe\" /boot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackTrayMenu.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\CodecPackTrayMenu.lnk" "backup"="C:\\Windows\\pss\\CodecPackTrayMenu.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Windows\\SysWOW64\\Codecs\\TrayMenu.exe " "item"="CodecPackTrayMenu" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^EIZO ScreenSlicer.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\EIZO ScreenSlicer.lnk" "backup"="C:\\Windows\\pss\\EIZO ScreenSlicer.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Windows\\Installer\\{292A177D-723F-4537-9985-BC8BFCD8B63D}\\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe " "item"="EIZO ScreenSlicer" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\HP\\DIGITA~1\\bin\\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA1100 Genie.lnk] "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\NETGEAR WNA1100 Genie.lnk" "backup"="C:\\Windows\\pss\\NETGEAR WNA1100 Genie.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\NETGEAR\\WNA1100\\WNA1100.exe " "item"="NETGEAR WNA1100 Genie" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Patrick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ColorNavigator 6.lnk] "path"="C:\\Users\\Patrick\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ColorNavigator 6.lnk" "backup"="C:\\Windows\\pss\\ColorNavigator 6.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\EIZO\\COLORN~1\\COLORN~1.EXE " "item"="ColorNavigator 6" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Patrick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Download.lnk] "path"="C:\\Users\\Patrick\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Download.lnk" "backup"="C:\\Windows\\pss\\Download.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~3\\{5FBD5~1\\Download.exe --startup=1" "item"="Download" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Patrick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sapsalo.jar] "path"="C:\\Users\\Patrick\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\sapsalo.jar" "backup"="C:\\Windows\\pss\\sapsalo.jar.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Patrick\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\sapsalo.jar" "item"="sapsalo" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/07/2016 13:12] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2015 08:37] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/09/2015 08:37] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1415373688-2220585366-3697811681-1000Core.job --a------ C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [01/09/2015 08:43] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1415373688-2220585366-3697811681-1000UA.job --a------ C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [01/09/2015 08:43] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Patrick-PC-Patrick" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DivXUpdate" [C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1415373688-2220585366-3697811681-1000Core" [C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1415373688-2220585366-3697811681-1000UA" [C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Windows Updater" [C:\Users\Patrick\AppData\Roaming\Updater\winupd.exe] "C:\Windows\SysNative\tasks\{04A66B7E-E930-4E05-94FD-1D0455516D6C}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{68463090-674C-4E09-820B-97433D84DE5A}" [C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe] "C:\Windows\SysNative\tasks\{68E90974-5189-4109-906A-EB7FDBFFDC45}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{F1B35509-80D1-4B4D-A268-CF13E5975319}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "web2pdfextension.15@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn" [27/06/2016 12:01] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions efaidnbmnnnibpcajpcglclefindmkaj - No path found[] Google Slides - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Belfius Smart Card Reader Chrome Extension - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\agicnfmechmlphpjmeefookfjhifbmhi Google Docs - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Image Downloader - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj Google Search - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Adobe Acrobat - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj Video Downloader professional - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil Google Sheets - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Analytics Opt-out Add-on by Google - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh Google Docs Offline - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Pinterest Save Button - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic Chrome Web Store Payments - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pos.baidu.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pos.baidu.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hp.myway.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hp.myway.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_embassy-finder.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_embassy-finder.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adpost.pk_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adpost.pk_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.horyzon-media.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.horyzon-media.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.himediads.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.foodity.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.foodity.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.tacdn.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.tacdn.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.twinkledeals.com_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.twinkledeals.com_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage-journal deleted successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1415373688-2220585366-3697811681-1000\Software\Mozilla\Firefox\Extensions\smartwebprinting@hp.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\smartwebprinting@hp.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLSService deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyImageConverter_8j Browser Plugin Loader 64 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup.exe -start deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SohuVA deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YTDownloader deleted successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130850593794728098&GUID=68AE84E7-185C-4677-BC81-E4172CA9C3B5 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;*.local F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe" O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_133FC10A42EC311A0885C7B36F719938] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O8 - Extra context menu item: &Webpagina converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIECapture.html O8 - Extra context menu item: Doel van &koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Webpagina toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll/AcroIEAppend.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (file missing) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: devolo Network Service (DevoloNetworkService) - devolo AG - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Paramount Software UK Ltd - C:\Program Files\Macrium\Reflect\ReflectService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ScannerStatusMonitorService - Brother Industries, Ltd. - C:\Program Files (x86)\BrownyScn\ScannerStatusMonitorService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UsbClientService - Unknown owner - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Patrick\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1071 folders=356 125427732 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Patrick\AppData\Local\Temp will be emptied at reboot C:\Users\Public\AppData\Local\temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Patrick\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on di 23/08/2016 at 14:52:35,97 ======================