Brejen

Ik zou graag office 2010 starten installeren alhoewel ik wil blijven werken met office 2003 (omwille van outlook). soms krijg ik echter files binnen met extenties voor office 2010 en die kan ik niet lezen en/of oopslaan. Wanneer ik office 2010 installeer krijg ik telkens een foutmelding ' there was a problem setting up office 2010 starter' wanneer ik daarna opnieuw installeer met aangepaste instellingen zoals gesuggereerd wordt dan verschijnt dezelfde foutmelding.

die tweede methode werkt! Is me gelukt. Bedankt!!!!!!!!!

ik kreeg die foutmelding wanneer ik in dos de functie mklink .... (zie stap 5) intikte.

Dat klopt inderdaad. op de nas kan ik elke gebruiker rechten geven. Het probleem is echter dat wanneer een willekeurige gebruiker via de startknop naar 'mijn documenten' gaat hij automatisch op de C-schijf terecht komt en niet op de nas. Hierdoor gebeurt het dat sommige gebruikers een aantal documenten op de nas hebben staan en een aantal op de verschillende pc's onder de map c:\users. in mijn vorig bericht had ik een doc gepost met een foutmelding ivm de procedure die u hoger op beschreven had. Wat doe ik daar fout?

[ATTACH]27504[/ATTACH]Ik heb gedaan wat je bovenaan voorstelde. ik krijg echter een syntax foutmelding: wat doe ik verkeerd? zie bestandje in bijlage. Doc1.doc

kan dit ook met meerdere pc's tegelijk? stel : ik log op pc 1 in als gebruiker A en op pc 2 ook als gebruiker A. Kan ik dan via beide pc's door 'mijn documenten' te openen aan mijn (en dus dezelfde) documenten op de netwerkschijf?

Bedankt. ik heb works suite gevonden.

weet iemand hoe ik aan het programma Picture it! kan geraken? kan je dat ergens downloaden?

ik zou 'mijn documenten' van de verschillende gebruikers op mijn pc willen verplaatsen naar mijn netwerkschijf. wanneer ik dat doe krijg ik een foutmelding met de mededeling dat mijn netwerkschijf niet geindexeerd is. Wanneer ik de netwerkschijf dan wil indexeren komt de boodschap dat een schijf die offline kan zijn niet kan geindexeerd worden. op welke manier kan ik dan de mappen 'mijn documenten' van de verschillende gebruikers verplaatsen naar de netwerkschijf?

ik heb die lacie netwerkschijf inderdaad niet via de bijgeleverde software geinstalleerd maar via een vast ip adres (192.168.1.99). tot hiertoe heeft dit altijd perfect gefunctioneerd.

Ik heb via mijn router een netwerkschijf aangesloten. wanneer ik mijn pc opstart krijg ik geen verbinding meer met de netwerkschijf. Ook via Netwerk zie ik de schijf niet meer. Via een andere pc lukt het wel nog, dus het lijkt een probleem op deze pc te zijn. wanneer ik via 'mijn computer' de schijf aanklik krijg ik de foutmelding dat er geen verbinding kan gemaakt worden. Ik heb systeemherstel geprobeerd maar dit geeft de melding 'systeem herstel wordt voorbereid'. dit blijft echter eindeloos staan en er gebeurt verder niet. hoe kan ik dit oplossen?

ik heb een nieuwe netwerkkaart gestoken. de oude bleek defect

Het probleem is niet de laptop maar de desktop (zie hoger). zoals ik ook hoger al had gemeld: ik zie geen lan-netwerkkaart staan. (ook niet wanneer ik verborgen kaarten weergeef). er verschijnen enkel 3 bluetoothkaarten. Het lijkt er dus op dat mijn netwerkkaart niet (meer) herkent wordt. Zou het kunnen dat die netwerkkaart defect geraakt is? Firewall afzetten en via beveiligde omgeving lukt ook niet. Ook via veilige modus kan ik niet op het net.

het enige wat ik daar zie staan is 'bluetooth netwerkverbinding3 (niet verbonden). een lankaart zie ik niet. hoe kan ikdie daar laten verschijnen?

nee, ik kan helemaal niet meer op het netwerk. wanneer ik op het icoontje rts onder in de taakbalk klik dan zie ik volgende boodschap : 'Niet verbonden. Er zijn geen verbindingen beschikbaar.'

sinds gisteren kan ik op mijn desktop niet meer op internet. wanneer ik mijn laptop gebruik (wifi uitgeschakeld) en ik plug de kabel van de desktop in de laptop dan werkt het internet wel. het probleem ligt dus volgens mijn bij de pc zelf. ik probeer een systeemherstel te starten maar dat lukt niet (time out bij het maken van schaduwkopie verschijnt als foutmelding). ik heb via apparaatbeheer de modem verwijderd en opnieuw geinstalleerd. ook dit lost het probleem niet op. Wat kan in verder nog doen?

ik heb dat geprobeerd maar ook dat lukt niet. het start wel maar het venster 'systeemherstel wordt voorbereid' blijft staan. er gebeurt nadien niets meer.

kunnen jullie me verder helpen om taakbeheer terug aan het werk te krijgen?

sinds kort werkt mijn taakbeheer niet meer. er verschijnt een venster met de melding dat er een probleem is met taakbeheer. daarna sluit het gewoon af. hoe kan ik dit oplossen? ik heb dit probleem voor een maand nog gehad.

het probleem was opgelost en is nu terug opgetreden.

bedankt

Zoek.exe Version 4.0.0.2 Updated 06-May-2013 Tool run by Erik on di 07/05/2013 at 14:55:17,02. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1568704870-3063847901-3261062621-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully Taakbeheer doet het ondertussen weer!

ik krijg de melding 'er zijn geen schendingen van de integriteit gevonden'. moet er verder nog iets gebeuren?

Zoek.exe Version 4.0.0.2 Updated 06-May-2013 Tool run by Erik on ma 06/05/2013 at 15:03:38,82. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully ==== HijackThis Entries ====================== R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Free YouTube Download - C:\Users\Erik\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Erik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Zoek.exe Version 4.0.0.2 Updated 03-May-2013 Tool run by Erik on zo 05/05/2013 at 18:10:48,25. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\dgdersvc.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\OEM\USBDECTION\USBS3S4Detection.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe C:\Program Files (x86)\WinZip\WZQKPICK.EXE C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Windows\sysWow64\SearchProtocolHost.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Users\Erik\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== Creating Sample_20130505_1813.zip ====================== Process iexplore.exe killed C:\Users\Public\Desktop\sample_20130505_1813.zip created successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== ???? ??? Windows Live ???? Windows Live ????? Windows Live ?????? ??????? ?? Windows Live ???????? ?????????? Windows Live ??????????? ?? Windows Live æTorrent 4Media MP4 to MP3 Converter 6 Acer eRecovery Management Acer GameZone Console Acer Registration Acer ScreenSaver Acer Updater Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.6) - Nederlands Apple Application Support Apple Mobile Device Support Apple Software Update avast Free Antivirus Belgium e-ID middleware 4.0.0 (build 7094) Bonjour CDex extraction audio clear.fi clear.fi Client Compatibiliteitspakket voor het 2007 Microsoft Office system D3DX10 DVD Shrink 3.2 Easy Computing - Foto's op TV 3 op cd-dvd Fotogalerija Windows Live Free Picture Resize Starter 4.5 Free YouTube Download version 3.1.39.1015 Free YouTube to MP3 Converter version 3.11.26.706 Galeria de Fotografias do Windows Live Galer¡a fotogr fica de Windows Live Galeria fotogr…fica del Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galerie foto Windows Live Google Earth Google SketchUp 8 Google Update Helper HiJackThis honestech VHS to DVD 2.0 SE Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) Hotkey Utility Identity Card Intel® Management Engine Components Intel® Rapid Storage Technology iTunes Java Auto Updater Java 6 Update 37 Junk Mail filter update Kies LaCie Network Assistant 1.4.0.30 MAGIX Foto's op CD & DVD 9 deluxe MAGIX Online Print Service MAGIX Screenshare MAGIX Speed 2 (MSI) MAGIX Xtreme Photo Designer 6 Malwarebytes Anti-Malware versie 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft Application Error Reporting Microsoft Digital Image Library 9 - Blocker Microsoft Mathematics (64-bit) Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2010 Microsoft Office File Validation Add-In Microsoft Office Klik-en-Klaar 2010 Microsoft Office Professional Editie 2003 Microsoft Office Starter 2010 - Nederlands Microsoft Photo Premium 10 Microsoft Picture It Library 10 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Mipony Download Accelerator Packages MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Express 10 Nero Express 10 Help (CHM) Nero Multimedia Suite 10 Essentials Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Update NVIDIA Control Panel 267.33 NVIDIA Graphics Driver 267.33 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.10.0514 NVIDIA Stereoscopic 3D Driver OutlookAddInNet3Setup PDFCreator Picasa 3 Poczta uslugi Windows Live Podstawowe programy Windows Live Posta Windows Live Raccolta foto di Windows Live Realtek Ethernet Controller Driver Realtek High Definition Audio Driver ROUTE 66 Sync S?????? f?t???af??? t?? Windows Live SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) Skype Click to Call SkypeT 5.10 Stuurprogrammapakket voor Windows - Fedict SmartCard (10/04/2011 4.0.0.5) Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD TeamViewer 7 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Visual Studio 2010 x64 Redistributables VLC media player 1.1.11 Welcome Center Windows Live ??? Windows Live ???? Windows Live Argazki Galeria Windows Live Communications Platform Windows Live Essentials Windows Live Fotogal‚ria Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotograf Galerisi Windows Live Fot¢t r Windows Live Galeria de Fotos Windows Live Galerija fotografija Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Par‡alar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennusty”kalu Windows Liven s„hk”posti Windows Liven valokuvavalikoima WinRAR 4.11 (32-bit) WinZip ==== Deleting Files \ Folders ====================== ==== System Specs ====================== Windows: Windows XP Home Edition Service Pack 2 (Build 2600) Internet Explorer: 9.0.8112.16421 Memory (RAM): 8175 MB CPU Info: Intel® Core i7-2600 CPU @ 3.40GHz CPU Speed: 3491.5 MHz Sound Card: Luidsprekers (2- Realtek High D | Display Adapters: NVIDIA GeForce GT 530 | NVIDIA GeForce GT 530 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 1024 - 32 bit Network: Network Present Network Adapters: Bluetooth-apparaat (Personal Area Network) #3 | Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (E: | ) E: ATAPI DVD A DH16ABSH Ports: COM28 | COM27 | COM29 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 457.5GB | D: 458.0GB Hard Disks - Free: C: 365.9GB | D: 429.0GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 04/19/11 | ACRSYS - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Acer Aspire M3970 Sun Java version: 1.6.0_37 Country: Belgi‰ Language: NLB ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Erik\AppData\Local\Temp ==== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2013-05-03 09:44:39 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2013-04-24 03:34:03 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys 2013-04-11 04:44:23 8F6322049018354F45F05A2FD2D4E5E0 223752 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\Program Files (x86) ===== 2013-04-13 15:23:45 -------- d-----w- C:\Program Files (x86)\4Media ======= C: ===== 2013-05-04 10:59:44 AFE54BDB0CE419DDAF806442364A7DBA 13033 ----a-w- C:\AdwCleaner[s1].txt 2013-05-04 10:58:40 901F5A994821D466231807271EFD0A5B 12917 ----a-w- C:\AdwCleaner[R1].txt ====== C:\Users\Erik\AppData\Roaming ====== 2013-05-05 09:42:06 -------- d-----w- C:\users\Erik\AppData\Local\Temp 2013-05-03 09:44:29 -------- d-----w- C:\users\Erik\AppData\Local\Programs 2013-04-13 15:24:13 -------- d-----w- C:\users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\4Media 2013-04-13 15:23:45 -------- d-----w- C:\users\Erik\AppData\Roaming\4Media 2013-04-10 10:38:38 -------- d-----w- C:\users\Brecht Vanhoof\AppData\Locallow\Google 2013-04-07 15:27:57 -------- d-----w- C:\users\Jens Vanhoof\AppData\Local\Apple ====== C:\Users\Erik ====== ====== C: exe-files == 2013-05-05 09:46:14 816B45CBFD4229B64EC4D2C63D96CB83 120192 ----a-w- C:\Users\Erik\AppData\Local\Temp\clear.fiClient\cabarc.exe 2013-05-04 10:57:51 A95866BA166A09E360BB88DA72D4531D 628743 ----a-w- C:\Users\Erik\Desktop\adwcleaner.exe 2013-05-01 05:50:10 835F89BA2AF2012370EB9015DFACB1BD 1040720 ----a-w- C:\Windows\Temp\avast_ash\uTorrent\uTorrent.exe === C: other files == 2013-05-05 16:13:09 C6234BA6C4EF722277F63ABDEC1952A2 490 ----a-w- C:\Users\Public\Desktop\sample_20130505_1813.zip 2013-05-05 09:32:20 0FC20FB859F249A7CA7C7E5A2821F323 804 ----a-w- C:\Users\Public\Desktop\sample_20130505_1132.zip 2013-05-03 09:44:39 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1568704870-3063847901-3261062621-1001\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" "ArcadeMovieService"="C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" "Hotkey Utility"="C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Startup Folders ====================== 2012-03-01 15:49:47 1845 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13/03/2013 12:52] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/04/2012 12:37] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/04/2012 12:37] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Undetermined - %AppDir%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} ==== Firefox Plugins ====================== ==== Chrome Look ====================== Gmail - Erik - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== HijackThis Entries ====================== R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file) O3 - Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O3 - Toolbar: (no name) - !{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Free YouTube Download - C:\Users\Erik\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Erik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, Silent Runners - Adware? Disinfect, don't reformat! Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} GoogleDriveSync = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [file not found] KiesTrayAgent = C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [samsung Electronics Co., Ltd.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} IAStorIcon = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [null data] ArcadeMovieService = "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [CyberLink Corp.] Hotkey Utility = C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [null data] Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated] SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [sun Microsystems, Inc.] avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software] APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.] iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\(Default) = (no title provided) -> {HKLM...CLSID} = avast! WebRep \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [AVAST Software] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Aanmeldhulp voor Windows Live ID \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub -> {HKLM...Wow...CLSID} = Adobe PDF Link Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre6\bin\ssv.dll [sun Microsystems, Inc.] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = avast! WebRep \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Aanmeldhulp voor Windows Live ID \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM...Wow...CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [sun Microsystems, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class -> {HKLM...CLSID} = DesktopContext Class \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation] {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] {A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} = NvAppShExt extension -> {HKLM...CLSID} = NvAppShExt Class \InProcServer32\(Default) = C:\Windows\system32\nv3dappshext.dll [NVIDIA Corporation] {E97DEC16-A50D-49bb-AE24-CF682282E08D} = OpenGLShExt extension -> {HKLM...CLSID} = OpenGLShExt Class \InProcServer32\(Default) = C:\Windows\system32\nv3dappshext.dll [NVIDIA Corporation] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {472083B0-C522-11CF-8763-00608CC02F24} = avast -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes -> {HKLM...CLSID} = iTunes \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {F764812A-132C-4013-9960-5CBBEB408A0E} = Nero Shell Extension -> {HKLM...Wow...CLSID} = NeroShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG] {00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided) -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler -> {HKLM...Wow...CLSID} = Microsoft Office Outlook \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\OFFICE11\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler -> {HKLM...Wow...CLSID} = Outlook-extensie voor bestandspictogrammen \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\OFFICE11\OLKFSTUB.DLL [MS] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\OFFICE11\msohev.dll [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS] {E0D79304-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLSTB.DLL [WinZip Computing LP] {E0D79305-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLSTB.DLL [WinZip Computing LP] {E0D79306-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLSTB.DLL [WinZip Computing LP] {E0D79307-84BE-11CE-9641-444553540000} = WinZip -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLSTB.DLL [WinZip Computing LP] {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal] {472083B0-C522-11CF-8763-00608CC02F24} = avast -> {HKLM...Wow...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software] -> {HKLM...Wow...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLSTB.DLL [WinZip Computing LP] {F764812A-132C-4013-9960-5CBBEB408A0E}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = NeroShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ 00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software] -> {HKLM...Wow...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLSTB.DLL [WinZip Computing LP] {F764812A-132C-4013-9960-5CBBEB408A0E}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = NeroShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000} -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLSTB.DLL [WinZip Computing LP] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24} -> {HKLM...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software] -> {HKLM...Wow...CLSID} = avast \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79304-84BE-11CE-9641-444553540000} -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLSTB.DLL [WinZip Computing LP] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext64.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files (x86)\WinRAR\rarext.dll [Alexander Roshal] WinZip\(Default) = {E0D79305-84BE-11CE-9641-444553540000} -> {HKLM...Wow...CLSID} = WinZip \InProcServer32\(Default) = C:\PROGRA~2\WINZIP\WZSHLSTB.DLL [WinZip Computing LP] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\system32\Bubbles.scr [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AcerArcadeDeluxeMixedArrival\ Provider = clear.fi InvokeProgID = AcerArcadeDeluxeAutoPlayHandler InvokeVerb = MixedArrival HKLM\SOFTWARE\Classes\AcerArcadeDeluxeAutoPlayHandler\shell\MixedArrival\Command\(Default) = "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe" AUTOPLAY MixedArrival "%L" [Acer Incorporated] AcerArcadeDeluxeMusicArrival\ Provider = clear.fi InvokeProgID = AcerArcadeDeluxeAutoPlayHandler InvokeVerb = MusicArrival HKLM\SOFTWARE\Classes\AcerArcadeDeluxeAutoPlayHandler\shell\MusicArrival\Command\(Default) = "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe" AUTOPLAY MusicArrival "%L" [Acer Incorporated] AcerArcadeDeluxePhotoArrival\ Provider = clear.fi InvokeProgID = AcerArcadeDeluxeAutoPlayHandler InvokeVerb = PhotoArrival HKLM\SOFTWARE\Classes\AcerArcadeDeluxeAutoPlayHandler\shell\PhotoArrival\Command\(Default) = "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe" AUTOPLAY PhotoArrival "%L" [Acer Incorporated] AcerArcadeDeluxeVideoArrival\ Provider = clear.fi InvokeProgID = AcerArcadeDeluxeAutoPlayHandler InvokeVerb = VideoArrival HKLM\SOFTWARE\Classes\AcerArcadeDeluxeAutoPlayHandler\shell\VideoArrival\Command\(Default) = "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe" AUTOPLAY VideoArrival "%L" [Acer Incorporated] ATMoviePlayDVDMovieOnArrival\ Provider = clear.fi InvokeProgID = DVD InvokeVerb = PlayWithATMovie HKLM\SOFTWARE\Classes\DVD\shell\PlayWithATMovie\Command\(Default) = "C:\Program Files (x86)\Acer\clear.fi\Movie\discautorun.exe" AUTOPLAY DVD "%L" [CyberLink Corp.] ATMoviePlaySVCDOnArrival\ Provider = clear.fi InvokeProgID = SVCD InvokeVerb = PlayWithATMovie HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithATMovie\Command\(Default) = "C:\Program Files (x86)\Acer\clear.fi\Movie\discautorun.exe" AUTOPLAY VCD "%L" [CyberLink Corp.] ATMoviePlayVCDMovieOnArrival\ Provider = clear.fi InvokeProgID = VCD InvokeVerb = PlayWithATMovie HKLM\SOFTWARE\Classes\VCD\shell\PlayWithATMovie\Command\(Default) = "C:\Program Files (x86)\Acer\clear.fi\Movie\discautorun.exe" AUTOPLAY VCD "%L" [CyberLink Corp.] iTunesBurnCDOnArrival\ Provider = iTunes InvokeProgID = iTunes.BurnCD InvokeVerb = burn HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.] iTunesImportSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ImportSongsOnCD InvokeVerb = import HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.] iTunesPlaySongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.PlaySongsOnCD InvokeVerb = play HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.] iTunesShowSongsOnArrival\ Provider = iTunes InvokeProgID = iTunes.ShowSongsOnCD InvokeVerb = showsongs HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.] KiesCDOnArrival\ Provider = Kies InvokeProgID = Samsung.KiesCD InvokeVerb = Play HKLM\SOFTWARE\Classes\Samsung.KiesCD\shell\Play\Command\(Default) = C:\Program Files (x86)\Samsung\Kies\Kies.exe [null data] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] NeroExpress10CopyCD\ Provider = Nero Express 10 InvokeProgID = Nero.Express.10.AutoPlay InvokeVerb = CopyCD HKLM\SOFTWARE\Classes\Nero.Express.10.AutoPlay\shell\CopyCD\command\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy [Nero AG] NeroExpress10LaunchNE\ Provider = Nero Express 10 InvokeProgID = Nero.Express.10.AutoPlay InvokeVerb = LanchNE HKLM\SOFTWARE\Classes\Nero.Express.10.AutoPlay\shell\LanchNE\command\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero Express\NeroExpress.exe /Media:AUTO /Drive:%L [Nero AG] PCinemaPlayCDAudioOnArrival\ Provider = clear.fi InvokeProgID = AudioCD InvokeVerb = PlayWithPowerCinema HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\Command\(Default) = "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe" AUTOPLAY CD "%L" [Acer Incorporated] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1" [Google Inc.] VLCPlayCDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.CDAudio InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1 [the VideoLAN Team] VLCPlayDVDAudioOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team] VLCPlayDVDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.DVDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1 [the VideoLAN Team] VLCPlayMusicFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team] VLCPlaySVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.SVCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1 [the VideoLAN Team] VLCPlayVCDMovieOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.VCDMovie InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1 [the VideoLAN Team] VLCPlayVideoFilesOnArrival\ Provider = VideoLAN VLC media player InvokeProgID = VLC.OPENFolder InvokeVerb = Open HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team] WIA_{72C95D05-93D2-4B2B-A59A-6BCB85E555E7}\ Provider = WinZip CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\WinZip\WINZIP32.EXE /wia; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] Startup items in "Erik" & "All Users" startup folders: ------------------------------------------------------ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++} WinZip Quick Pick -> shortcut to: C:\Program Files (x86)\WinZip\WZQKPICK.EXE [WinZip Computing LP] Windows Sidebar Gadgets: {++} ------------------------ C:\Users\Erik\AppData\Local\Microsoft\Windows Sidebar\Settings.ini "C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget" Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks 0 -> launches: c:\program files (x86)\internet explorer\iexplore.exe [MS] 4576 -> launches: wscript.exe C:\Users\Erik\AppData\Local\Temp\launchie.vbs //B [MS] Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software] clear.fi -> (HIDDEN!) launches: "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe" PreLaunch [Acer Incorporated] clear.fiAgent -> (HIDDEN!) launches: "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe" [CyberLink Corp.] CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS] DealPly -> launches: C:\Users\Erik\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE /Check [file not found] DMREngine -> (HIDDEN!) launches: "C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe" [CyberLink] DSite -> launches: C:\Users\Erik\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE /Check [file not found] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe /addGadget [MS] {40B1A0AE-BB2B-44FA-BA81-EA9C7272315A} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KG3T8YIK\Vuze_Installer.exe" -d C:\Users\Erik\Desktop [MS] {58B33981-BAE9-45CD-9DD9-7B624C4DCB83} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Erik\Desktop\zoek.exe -d C:\Users\Erik\Desktop [MS] {B7C557ED-AEF9-4B49-ADEA-77FE455B1B02} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Hijack this\Trend Micro\HiJackThis\HiJackThis.exe" -d "C:\Hijack this\Trend Micro\HiJackThis\" [MS] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS] LPRemove -> launches: %windir%\system32\lpremove.exe [MS] Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.] 000000000010\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.] 000000000010\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {318A227B-5E9F-45BD-8999-7F8F10CA4CF5} = (no title provided) -> {HKLM...CLSID} = avast! WebRep \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [AVAST Software] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided) -> {HKLM...Wow...CLSID} = avast! WebRep \InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software] Explorer Bars HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoek Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call MenuText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...Wow...CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Onderzoek BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...Wow...CLSID} = &Onderzoek \InProcServer32\(Default) = C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.] Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS] avast! Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [AVAST Software] Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.] Device Error Recovery Service, dgdersvc, C:\Windows\system32\dgdersvc.exe [Devguru Co., Ltd.] GREGService, GREGService, C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [Acer Incorporated] Intel® Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [intel Corporation] Intel® Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [intel Corporation] Intel® Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data] iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.] Live Updater Service, Live Updater Service, C:\Program Files\Acer\Acer Updater\UpdaterService.exe [Acer Incorporated] MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [Malwarebytes Corporation] MBAMService, MBAMService, "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [Malwarebytes Corporation] Nero Update, NAUpdate, "C:\Program Files (x86)\Nero\Update\NASvc.exe" [Nero AG] NVIDIA Driver Helper Service, NVSvc, C:\Windows\system32\nvvsvc.exe [NVIDIA Corporation] NVIDIA Stereoscopic 3D Driver Service, Stereo Service, C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [NVIDIA Corporation] TeamViewer 7, TeamViewer7, C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [TeamViewer GmbH] USBS3S4Detection, USBS3S4Detection, C:\OEM\USBDECTION\USBS3S4Detection.exe [null data] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <<!>> MCODS, HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> MCODS, Keyboard Driver Filters: ------------------------ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ <<!>> UpperFilters = <<!>> aswKbd [AVAST Software],kbdclass [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ LIDIL hpzlllhn\Driver = hpzlllhn.dll [Hewlett-Packard Company] PCL hpz3lwn7\Driver = hpz3lwn7.dll [Hewlett-Packard Company] PDFCreator\Driver = pdfcmnnt.dll [null data] ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brecht Vanhoof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brecht Vanhoof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Brecht Vanhoof\AppData\Local\temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Brecht Vanhoof\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Jens Vanhoof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jens Vanhoof\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Jens Vanhoof\AppData\Local\temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jens Vanhoof\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patricia Corstjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Patricia Corstjens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Patricia Corstjens\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\users\Erik\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Erik\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Erik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found