Laptop traag

Notroch · 4 november 2014

Laptop werkt traag en gaat snel in overdrive. Alvast bedankt voor de hulp!

Logfile of random's system information tool 1.10 (written by random/random)

Run by Yasser at 2014-11-04 21:32:17

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 203 GB (30%) free of 686 GB

Total RAM: 7658 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:32:20, on 4/11/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17344)

Boot mode: Normal

Running processes:

C:\Windows\SysWOW64\regsvr32.exe

C:\Users\Yasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG Web TuneUp\vprot.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe

C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe

C:\Program Files\trend micro\Yasser.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O1 - Hosts: 193.107.16.144 Google Analytics Official Website ? Web Analytics & Reporting.

O1 - Hosts: 193.107.16.144 google-analytics.com.

O1 - Hosts: 193.107.16.144 connect.facebook.net.

O1 - Hosts: 85.25.79.123 Google Analytics Official Website ? Web Analytics & Reporting.

O1 - Hosts: 85.25.79.123 google-analytics.com.

O1 - Hosts: 85.25.79.123 connect.facebook.net.

O1 - Hosts: 198.100.156.140 Google Analytics Official Website ? Web Analytics & Reporting.

O1 - Hosts: 198.100.156.140 google-analytics.com.

O1 - Hosts: 198.100.156.140 connect.facebook.net.

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll

O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

O4 - HKCU\..\Run: [LaCie Desktop Manager Startup] "C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Yasser\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Anworks] C:\Windows\SysWOW64\regsvr32.exe C:\Users\Yasser\AppData\Local\AVworks\firefox.dll

O4 - HKCU\..\Run: [Ertion] regsvr32.exe C:\Users\Yasser\AppData\Local\Ertion\CNHMWL.dll

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: hpqtra08.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.line6.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{2513A2C7-1B96-47A4-A4AB-84888DE040F2}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\..\{6F0AAF4C-7CC8-4DCB-A974-317DD5592029}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8F86CB3-0265-4ED7-95DC-FDA91028DE28}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\..\{B0833E06-D174-4DC7-812B-6EEA9F9E1AF5}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\..\{EA064087-7215-4BC6-A4D8-030EC90A85FE}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O17 - HKLM\System\CS1\Services\Tcpip\..\{2513A2C7-1B96-47A4-A4AB-84888DE040F2}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O17 - HKLM\System\CS2\Services\Tcpip\..\{2513A2C7-1B96-47A4-A4AB-84888DE040F2}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

O23 - Service: Abrosoft: Abrosoft FantaMorph update permissions manager. 12810. - Unknown owner - C:\Program Files (x86)\Abrosoft\FantaMorph5\FantaUp.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Genie Timeline Service (GenieTimelineService) - Genie9 - C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LaCieDesktopManagerService - Unknown owner - C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Update service - Company - C:\Program Files (x86)\Popcorn Time\Updater.exe

O23 - Service: USB MIDI Series Audio Device Monitor (USBMIDIAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater3.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 18183 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

"C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe"

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

winlogon.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files\IDT\WDM\STacSV64.exe"

C:\Windows\system32\Hpservice.exe

atieclxx

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c400b8f8-5084-40c8-8555-57fa72c8b7b7 -SystemEventPortName:HostProcess-5bd81d98-d312-4abd-ba61-d0d1ec031727 -IoCancelEventPortName:HostProcess-6db2f3b6-b822-460c-9810-100ca3aa6616 -NonStateChangingEventPortName:HostProcess-63142bb4-fd70-4f65-8a3d-99ee08c585d4 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7e2ae0ed-f311-4bbf-9d83-036117b2e737 -DeviceGroupId:

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe 25997152

\??\C:\Windows\system32\conhost.exe "89537329516625701420680548121313848712-14763178621368624193-11209414281331496124

C:\Windows\System32\spoolsv.exe

"taskhost.exe"

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Abrosoft\FantaMorph5\FantaUp.exe" -PermissionManagerRun

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files\IDT\WDM\AESTSr64.exe"

"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService

"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"

"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"

C:\Windows\SysWOW64\ezSharedSvcHost.exe

"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\VideoCnv\Zet.dll",serv

"C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe"

"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"

"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"

"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"

"C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe"

"C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe"

C:\Windows\SysWOW64\PnkBstrA.exe

"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\Popcorn Time\Updater.exe"

"C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe"

"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe" 72648 "C:\ProgramData\AVG Secure Search\Logger\logger.properties"

\??\C:\Windows\system32\conhost.exe "150418043-439113535-2384690221388078294548281411-15663065621424725647-2109079641

"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"

WLIDSvcM.exe 3596

"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files\Genie9\Genie Timeline\GenieTimelineAgent.exe"

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"C:\Program Files\IDT\WDM\sttray64.exe"

"C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe"

"C:\Windows\SysWOW64\regsvr32.exe" C:\Users\Yasser\AppData\Local\AVworks\firefox.dll

"C:\Users\Yasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe"

"C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

"C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"

"C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" -byrunkey

"C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"

ctfmon.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7024 CREDAT:267521 /prefetch:2

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart 3300 series#1381079781" -Startup

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

"C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe"

"C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe" -Embedding

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\wbem\unsecapp.exe -Embedding

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=7980.14c045e0.1427035608 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 7980 "\\.\pipe\gecko-crash-server-pipe.7980" plugin

"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --proxy-stub-channel=Flash2204.67FDAAA0.19443 --host-broker-channel=Flash2204.67FDAAA0.30192 --host-pid=2204 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll"

"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --channel=9656.003DF280.327371699 --proxy-stub-channel=Flash2204.67FDAAA0.19443 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" --host-npapi-version=27 --type=renderer

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524

"C:\Users\Yasser\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2615218092-1894063395-1112891428-1001Core.job - C:\Users\Yasser\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2615218092-1894063395-1112891428-1001UA.job - C:\Users\Yasser\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2615218092-1894063395-1112891428-1001Core.job - C:\Users\Yasser\AppData\Local\Google\Update\GoogleUpdate.exe /c

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2615218092-1894063395-1112891428-1001UA.job - C:\Users\Yasser\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

C:\Windows\tasks\HPCeeScheduleForYasser.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForYasser (null)

C:\Windows\tasks\Security Center Update - 2280770166.job - C:\Users\Yasser\AppData\Roaming\Wapyiw\udagat.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "browser.startup.homepage" - "google.be"

prefs.js - "keyword.URL" - ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 15.0.0.152 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]

"Description"=

"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]

"Description"=Picasa3 plugin

"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]

"Description"=WildTangent Games App Presence Detector Plugin

"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 15.0.0.152 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\

websitelogon@truesuite.com

C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default\extensions\

2020Player_IKEA@2020Technologies.com

avg@toolbar

C6q@C.edu

C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default\searchplugins\

avg-secure-search.xml

search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}]

Virtual Storage Mount Notification - C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02 191504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]

SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]

TrueSuite Website Log On - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll [2011-08-26 1763656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]

HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF49FE8-B332-4CB9-B102-FB6951629E55}]

Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02 158224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]

SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-17 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}]

TrueSuite Website Log On - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll [2011-08-26 1613640]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-17 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]

HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-06-10 2799912]

"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2013-05-29 1425408]

"LaCie Desktop Manager Launcher"=C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-10-21 21720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LaCie Desktop Manager Startup"=C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe [2012-10-10 3460608]

"AdobeBridge"= []

"Google Update"=C:\Users\Yasser\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-11 116648]

"Anworks"=C:\Windows\SysWOW64\regsvr32.exe [2009-07-14 14848]

"Ertion"=regsvr32.exe C:\Users\Yasser\AppData\Local\Ertion\CNHMWL.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery]

C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]

C:\Users\Yasser\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-11 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google+ Auto Backup]

C:\Users\Yasser\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [2014-08-12 3746120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2012-02-15 577408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]

C:\Program Files (x86)\Samsung\Kies\Kies.exe [2014-07-25 1562264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2014-07-25 311616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSIDLL]

C:\Windows\SysWOW64\rundll32.exe [2009-07-14 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefault]

C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [2011-09-30 43320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2011-09-20 1338144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2009-09-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

C:\PROGRA~2\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Yasser^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

C:\Users\Yasser\AppData\Roaming\Dropbox\bin\Dropbox.exe [2014-09-13 36414624]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-09-28 343168]

"HPQuickWebProxy"=C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [2011-10-08 169528]

"HPOSD"=C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-08-19 379960]

"HP CoolSense"=C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05 1343904]

"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-08-25 5188112]

"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

"vProt"=C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2014-10-08 2662424]

C:\Users\Yasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02 191504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02 191504]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableLockWorkstation"=0

"DisableTaskMgr"=0

"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"HideFastUserSwitching"=0

"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux1"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"wave7"=wdmaud.drv

"midi6"=wdmaud.drv

"mixer6"=wdmaud.drv

"aux4"=wdmaud.drv

"wave8"=wdmaud.drv

"midi7"=wdmaud.drv

"mixer7"=wdmaud.drv

"wave9"=wdmaud.drv

"midi8"=wdmaud.drv

"mixer8"=wdmaud.drv

"midi9"=wdmaud.drv

"mixer9"=wdmaud.drv

"wave4"=wdmaud.drv

"aux5"=wdmaud.drv

"wave5"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux2"=wdmaud.drv

"wave6"=wdmaud.drv

"midi5"=wdmaud.drv

"mixer5"=wdmaud.drv

"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-04 21:22:11 ----A---- C:\Users\Yasser\AppData\Roaming\ScanDisc.exe

2014-11-02 09:30:37 ----D---- C:\ProgramData\gimmishop

2014-11-02 09:30:28 ----D---- C:\ProgramData\cheapncheap

2014-11-02 09:30:23 ----D---- C:\ProgramData\72a6d98baabad2db

2014-10-30 22:20:39 ----D---- C:\Users\Yasser\AppData\Roaming\Wapyiw

2014-10-30 22:18:41 ----D---- C:\Program Files (x86)\Mozilla Firefox

2014-10-30 11:02:25 ----A---- C:\Windows\system32\drivers\hitmanpro37.sys

2014-10-30 09:03:10 ----D---- C:\Program Files\HitmanPro

2014-10-29 12:51:14 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys

2014-10-29 12:50:55 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-29 12:50:55 ----A---- C:\Windows\system32\drivers\mwac.sys

2014-10-29 12:50:55 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys

2014-10-27 15:06:07 ----D---- C:\Program Files (x86)\VideoCnv

2014-10-23 20:31:59 ----HDC---- C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}

2014-10-23 20:27:59 ----HDC---- C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}

2014-10-23 20:20:47 ----HDC---- C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}

2014-10-23 20:19:00 ----HDC---- C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}

2014-10-23 20:18:39 ----HDC---- C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}

2014-10-23 20:18:01 ----HDC---- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}

2014-10-23 20:17:58 ----D---- C:\Program Files\Common Files\Native Instruments

2014-10-15 12:53:50 ----A---- C:\Windows\system32\win32k.sys

2014-10-15 12:53:48 ----A---- C:\Windows\SYSWOW64\mscories.dll

2014-10-15 12:53:48 ----A---- C:\Windows\SYSWOW64\mscorier.dll

2014-10-15 12:53:48 ----A---- C:\Windows\SYSWOW64\dfshim.dll

2014-10-15 12:53:48 ----A---- C:\Windows\system32\mscories.dll

2014-10-15 12:53:48 ----A---- C:\Windows\system32\mscorier.dll

2014-10-15 12:53:48 ----A---- C:\Windows\system32\dfshim.dll

2014-10-15 12:53:33 ----A---- C:\Windows\SYSWOW64\blackbox.dll

2014-10-15 12:53:33 ----A---- C:\Windows\system32\drmv2clt.dll

2014-10-15 12:53:33 ----A---- C:\Windows\system32\blackbox.dll

2014-10-15 12:53:32 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll

2014-10-15 12:53:31 ----A---- C:\Windows\system32\wmp.dll

2014-10-15 12:53:29 ----A---- C:\Windows\system32\mf.dll

2014-10-15 12:53:28 ----A---- C:\Windows\system32\wmdrmsdk.dll

2014-10-15 12:53:27 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll

2014-10-15 12:53:26 ----A---- C:\Windows\system32\AUDIOKSE.dll

2014-10-15 12:53:25 ----A---- C:\Windows\SYSWOW64\wmp.dll

2014-10-15 12:53:21 ----A---- C:\Windows\SYSWOW64\mf.dll

2014-10-15 12:53:21 ----A---- C:\Windows\system32\drmmgrtn.dll

2014-10-15 12:53:20 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll

2014-10-15 12:53:20 ----A---- C:\Windows\system32\ci.dll

2014-10-15 12:53:19 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll

2014-10-15 12:53:19 ----A---- C:\Windows\system32\drivers\PEAuth.sys

2014-10-15 12:53:17 ----A---- C:\Windows\system32\AudioEng.dll

2014-10-15 12:53:16 ----A---- C:\Windows\system32\winload.exe

2014-10-15 12:53:16 ----A---- C:\Windows\system32\quartz.dll

2014-10-15 12:53:15 ----A---- C:\Windows\SYSWOW64\AudioSes.dll

2014-10-15 12:53:15 ----A---- C:\Windows\system32\winresume.exe

2014-10-15 12:53:15 ----A---- C:\Windows\system32\cryptsvc.dll

2014-10-15 12:53:14 ----A---- C:\Windows\system32\wintrust.dll

2014-10-15 12:53:14 ----A---- C:\Windows\system32\ntoskrnl.exe

2014-10-15 12:53:13 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2014-10-15 12:53:13 ----A---- C:\Windows\system32\evr.dll

2014-10-15 12:53:13 ----A---- C:\Windows\system32\EncDump.dll

2014-10-15 12:53:12 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll

2014-10-15 12:53:12 ----A---- C:\Windows\system32\crypt32.dll

2014-10-15 12:53:11 ----A---- C:\Windows\SYSWOW64\wintrust.dll

2014-10-15 12:53:11 ----A---- C:\Windows\system32\cryptui.dll

2014-10-15 12:53:11 ----A---- C:\Windows\system32\AudioSes.dll

2014-10-15 12:53:10 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2014-10-15 12:53:10 ----A---- C:\Windows\SYSWOW64\evr.dll

2014-10-15 12:53:10 ----A---- C:\Windows\system32\audiosrv.dll

2014-10-15 12:53:09 ----A---- C:\Windows\SYSWOW64\quartz.dll

2014-10-15 12:53:09 ----A---- C:\Windows\system32\mfplat.dll

2014-10-15 12:53:08 ----A---- C:\Windows\SYSWOW64\crypt32.dll

2014-10-15 12:53:07 ----A---- C:\Windows\SYSWOW64\mfplat.dll

2014-10-15 12:53:07 ----A---- C:\Windows\SYSWOW64\cryptui.dll

2014-10-15 12:53:07 ----A---- C:\Windows\system32\srcore.dll

2014-10-15 12:53:07 ----A---- C:\Windows\system32\pcasvc.dll

2014-10-15 12:53:06 ----A---- C:\Windows\SYSWOW64\msscp.dll

2014-10-15 12:53:06 ----A---- C:\Windows\SYSWOW64\cryptsp.dll

2014-10-15 12:53:06 ----A---- C:\Windows\SYSWOW64\AudioEng.dll

2014-10-15 12:53:06 ----A---- C:\Windows\system32\rstrui.exe

2014-10-15 12:53:06 ----A---- C:\Windows\system32\msscp.dll

2014-10-15 12:53:06 ----A---- C:\Windows\system32\msnetobj.dll

2014-10-15 12:53:06 ----A---- C:\Windows\system32\cryptsp.dll

2014-10-15 12:53:06 ----A---- C:\Windows\system32\audiodg.exe

2014-10-15 12:53:06 ----A---- C:\Windows\system32\appidsvc.dll

2014-10-15 12:53:06 ----A---- C:\Windows\system32\appidapi.dll

2014-10-15 12:53:05 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe

2014-10-15 12:53:05 ----A---- C:\Windows\SYSWOW64\msnetobj.dll

2014-10-15 12:53:05 ----A---- C:\Windows\SYSWOW64\mfps.dll

2014-10-15 12:53:05 ----A---- C:\Windows\system32\rrinstaller.exe

2014-10-15 12:53:05 ----A---- C:\Windows\system32\mfps.dll

2014-10-15 12:53:05 ----A---- C:\Windows\system32\drivers\appid.sys

2014-10-15 12:53:02 ----A---- C:\Windows\SYSWOW64\srclient.dll

2014-10-15 12:53:02 ----A---- C:\Windows\SYSWOW64\mfpmp.exe

2014-10-15 12:53:02 ----A---- C:\Windows\SYSWOW64\appidapi.dll

2014-10-15 12:53:02 ----A---- C:\Windows\system32\srclient.dll

2014-10-15 12:53:02 ----A---- C:\Windows\system32\setbcdlocale.dll

2014-10-15 12:53:02 ----A---- C:\Windows\system32\mfpmp.exe

2014-10-15 12:53:02 ----A---- C:\Windows\system32\appidpolicyconverter.exe

2014-10-15 12:53:02 ----A---- C:\Windows\system32\appidcertstorecheck.exe

2014-10-15 12:53:01 ----A---- C:\Windows\SYSWOW64\wmploc.DLL

2014-10-15 12:53:01 ----A---- C:\Windows\SYSWOW64\spwmp.dll

2014-10-15 12:53:01 ----A---- C:\Windows\SYSWOW64\mferror.dll

2014-10-15 12:53:01 ----A---- C:\Windows\SYSWOW64\dxmasf.dll

2014-10-15 12:53:01 ----A---- C:\Windows\system32\spwmp.dll

2014-10-15 12:53:01 ----A---- C:\Windows\system32\mferror.dll

2014-10-15 12:53:01 ----A---- C:\Windows\system32\dxmasf.dll

2014-10-15 12:53:00 ----A---- C:\Windows\system32\wmploc.DLL

2014-10-15 12:52:52 ----A---- C:\Windows\system32\generaltel.dll

2014-10-15 12:52:50 ----A---- C:\Windows\system32\aepdu.dll

2014-10-15 12:52:48 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2014-10-15 12:52:48 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll

2014-10-15 12:52:48 ----A---- C:\Windows\system32\aeinv.dll

2014-10-15 12:52:47 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2014-10-15 12:52:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2014-10-15 12:52:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2014-10-15 12:52:46 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll

2014-10-15 12:52:46 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll

2014-10-15 12:52:46 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll

2014-10-15 12:52:46 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll

2014-10-15 12:52:46 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-15 12:52:46 ----A---- C:\Windows\system32\iernonce.dll

2014-10-15 12:52:46 ----A---- C:\Windows\system32\ieetwproxystub.dll

2014-10-15 12:52:46 ----A---- C:\Windows\system32\ie4uinit.exe

2014-10-15 12:52:45 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2014-10-15 12:52:44 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2014-10-15 12:52:44 ----A---- C:\Windows\system32\iedkcs32.dll

2014-10-15 12:52:43 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2014-10-15 12:52:43 ----A---- C:\Windows\system32\urlmon.dll

2014-10-15 12:52:42 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2014-10-15 12:52:42 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2014-10-15 12:52:41 ----A---- C:\Windows\SYSWOW64\ieui.dll

2014-10-15 12:52:41 ----A---- C:\Windows\SYSWOW64\dxtrans.dll

2014-10-15 12:52:41 ----A---- C:\Windows\system32\msfeeds.dll

2014-10-15 12:52:41 ----A---- C:\Windows\system32\ieetwcollector.exe

2014-10-15 12:52:41 ----A---- C:\Windows\system32\dxtmsft.dll

2014-10-15 12:52:40 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2014-10-15 12:52:40 ----A---- C:\Windows\system32\iesetup.dll

2014-10-15 12:52:39 ----A---- C:\Windows\system32\iertutil.dll

2014-10-15 12:52:38 ----A---- C:\Windows\SYSWOW64\wininet.dll

2014-10-15 12:52:38 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2014-10-15 12:52:38 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll

2014-10-15 12:52:38 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2014-10-15 12:52:38 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2014-10-15 12:52:38 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2014-10-15 12:52:37 ----A---- C:\Windows\SYSWOW64\msrating.dll

2014-10-15 12:52:37 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll

2014-10-15 12:52:37 ----A---- C:\Windows\system32\jsproxy.dll

2014-10-15 12:52:37 ----A---- C:\Windows\system32\dxtrans.dll

2014-10-15 12:52:36 ----A---- C:\Windows\system32\mshtmled.dll

2014-10-15 12:52:36 ----A---- C:\Windows\system32\ieui.dll

2014-10-15 12:52:36 ----A---- C:\Windows\system32\ieframe.dll

2014-10-15 12:52:35 ----A---- C:\Windows\system32\vbscript.dll

2014-10-15 12:52:35 ----A---- C:\Windows\system32\mshtmlmedia.dll

2014-10-15 12:52:35 ----A---- C:\Windows\system32\jscript9diag.dll

2014-10-15 12:52:35 ----A---- C:\Windows\system32\jscript9.dll

2014-10-15 12:52:35 ----A---- C:\Windows\system32\ieUnatt.exe

2014-10-15 12:52:34 ----A---- C:\Windows\system32\wininet.dll

2014-10-15 12:52:34 ----A---- C:\Windows\system32\msrating.dll

2014-10-15 12:52:34 ----A---- C:\Windows\system32\MshtmlDac.dll

2014-10-15 12:52:34 ----A---- C:\Windows\system32\ieapfltr.dll

2014-10-15 12:52:33 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-15 12:52:33 ----A---- C:\Windows\system32\mshtml.dll

2014-10-15 12:52:05 ----A---- C:\Windows\system32\msi.dll

2014-10-15 12:52:04 ----A---- C:\Windows\SYSWOW64\msi.dll

2014-10-15 12:51:54 ----A---- C:\Windows\system32\rastls.dll

2014-10-15 12:51:53 ----A---- C:\Windows\SYSWOW64\rastls.dll

2014-10-15 12:51:45 ----A---- C:\Windows\SYSWOW64\mstscax.dll

2014-10-15 12:51:45 ----A---- C:\Windows\system32\mstscax.dll

2014-10-15 12:51:44 ----A---- C:\Windows\system32\termsrv.dll

2014-10-15 12:51:44 ----A---- C:\Windows\system32\mstsc.exe

2014-10-15 12:51:43 ----A---- C:\Windows\SYSWOW64\winsta.dll

2014-10-15 12:51:43 ----A---- C:\Windows\SYSWOW64\TSpkg.dll

2014-10-15 12:51:43 ----A---- C:\Windows\SYSWOW64\mstsc.exe

2014-10-15 12:51:43 ----A---- C:\Windows\SYSWOW64\credssp.dll

2014-10-15 12:51:43 ----A---- C:\Windows\SYSWOW64\aaclient.dll

2014-10-15 12:51:43 ----A---- C:\Windows\system32\winsta.dll

2014-10-15 12:51:43 ----A---- C:\Windows\system32\winlogon.exe

2014-10-15 12:51:43 ----A---- C:\Windows\system32\TSpkg.dll

2014-10-15 12:51:43 ----A---- C:\Windows\system32\rdpcorekmts.dll

2014-10-15 12:51:43 ----A---- C:\Windows\system32\drivers\rdpwd.sys

2014-10-15 12:51:43 ----A---- C:\Windows\system32\credssp.dll

2014-10-15 12:51:42 ----A---- C:\Windows\system32\drivers\tssecsrv.sys

2014-10-15 12:51:34 ----A---- C:\Windows\SYSWOW64\packager.dll

2014-10-15 12:51:34 ----A---- C:\Windows\system32\packager.dll

======List of files/folders modified in the last 1 month======

2014-11-04 21:32:18 ----D---- C:\Program Files\trend micro

2014-11-04 21:30:11 ----D---- C:\Windows\Prefetch

2014-11-04 21:28:58 ----D---- C:\Windows\Temp

2014-11-04 19:39:25 ----D---- C:\ProgramData\MFAData

2014-11-04 14:19:23 ----D---- C:\Windows\system32\config

2014-11-04 14:08:20 ----D---- C:\Windows\System32

2014-11-04 14:08:20 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-11-04 14:02:49 ----A---- C:\Windows\system32\deviceAppeared.txt

2014-11-02 22:47:46 ----D---- C:\Windows

2014-11-02 22:46:19 ----D---- C:\Users\Yasser\AppData\Roaming\uTorrent

2014-11-02 21:10:29 ----D---- C:\Windows\system32\drivers\etc

2014-11-02 19:34:54 ----D---- C:\Windows\inf

2014-11-02 09:30:37 ----HD---- C:\ProgramData

2014-11-02 09:15:30 ----SHD---- C:\System Volume Information

2014-11-01 19:59:37 ----D---- C:\Users\Yasser\AppData\Roaming\Dropbox

2014-11-01 19:44:54 ----D---- C:\Users\Yasser\AppData\Roaming\vlc

2014-11-01 04:01:51 ----D---- C:\Windows\system32\LogFiles

2014-10-31 19:26:58 ----RD---- C:\Program Files (x86)

2014-10-30 22:48:48 ----D---- C:\Windows\SysWOW64

2014-10-30 22:20:39 ----D---- C:\Windows\Tasks

2014-10-30 22:20:39 ----D---- C:\Windows\system32\Tasks

2014-10-30 11:19:39 ----D---- C:\Windows\Minidump

2014-10-30 11:08:39 ----D---- C:\Windows\pss

2014-10-30 11:02:25 ----D---- C:\Windows\system32\drivers

2014-10-30 09:14:00 ----SHD---- C:\Windows\Installer

2014-10-30 09:14:00 ----HD---- C:\Config.Msi

2014-10-30 09:03:10 ----RD---- C:\Program Files

2014-10-29 21:42:50 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-10-29 20:45:43 ----A---- C:\Windows\system32\devicelist.txt

2014-10-29 20:45:43 ----A---- C:\Windows\system32\devicealertlist.txt

2014-10-29 12:51:04 ----D---- C:\Users\Yasser\AppData\Roaming\Malwarebytes

2014-10-29 12:50:55 ----D---- C:\ProgramData\Malwarebytes

2014-10-29 12:50:55 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-10-27 20:11:59 ----SD---- C:\ProgramData\Microsoft

2014-10-26 10:30:04 ----D---- C:\Users\Yasser\AppData\Roaming\DAEMON Tools Lite

2014-10-23 20:54:18 ----D---- C:\Program Files (x86)\Popcorn Time

2014-10-23 20:41:10 ----D---- C:\Program Files (x86)\K-Lite Codec Pack

2014-10-23 20:38:19 ----D---- C:\Users\Yasser\AppData\Roaming\Skype

2014-10-23 20:30:22 ----D---- C:\Program Files\Native Instruments

2014-10-23 20:30:22 ----D---- C:\Program Files (x86)\Common Files

2014-10-23 20:30:02 ----D---- C:\Windows\system32\DriverStore

2014-10-23 20:18:39 ----D---- C:\ProgramData\Native Instruments

2014-10-23 20:17:58 ----D---- C:\Program Files\Common Files

2014-10-23 20:05:03 ----D---- C:\Windows\debug

2014-10-23 18:54:22 ----D---- C:\ProgramData\Skype

2014-10-23 18:54:18 ----RD---- C:\Program Files (x86)\Skype

2014-10-23 07:44:32 ----D---- C:\Windows\system32\NDF

2014-10-20 20:02:10 ----A---- C:\Windows\SYSWOW64\msvcsv60.dll

2014-10-19 07:45:06 ----D---- C:\ProgramData\AVG2014

2014-10-18 08:19:46 ----D---- C:\Windows\rescache

2014-10-17 20:30:31 ----D---- C:\Windows\Microsoft.NET

2014-10-17 19:43:41 ----RSD---- C:\Windows\assembly

2014-10-17 18:35:17 ----D---- C:\Windows\system32\catroot2

2014-10-16 19:33:34 ----D---- C:\Windows\winsxs

2014-10-16 19:26:39 ----D---- C:\Program Files\Windows Media Player

2014-10-16 19:26:38 ----D---- C:\Windows\SYSWOW64\nl-NL

2014-10-16 19:26:38 ----D---- C:\Windows\SYSWOW64\Dism

2014-10-16 19:26:38 ----D---- C:\Program Files (x86)\Windows Media Player

2014-10-16 19:26:34 ----D---- C:\Windows\system32\nl-NL

2014-10-16 19:26:34 ----D---- C:\Windows\system32\Dism

2014-10-16 19:26:27 ----D---- C:\Windows\system32\CodeIntegrity

2014-10-16 19:26:27 ----D---- C:\Windows\system32\Boot

2014-10-16 19:26:26 ----SD---- C:\Windows\system32\CompatTel

2014-10-16 19:26:23 ----D---- C:\Program Files\Internet Explorer

2014-10-16 19:26:20 ----D---- C:\Windows\SYSWOW64\en-US

2014-10-16 19:26:18 ----D---- C:\Windows\system32\en-US

2014-10-16 19:26:14 ----D---- C:\Program Files (x86)\Internet Explorer

2014-10-16 18:46:19 ----D---- C:\Windows\system32\MRT

2014-10-16 18:35:09 ----A---- C:\Windows\system32\MRT.exe

2014-10-15 12:51:27 ----D---- C:\Windows\system32\catroot

2014-10-08 19:55:34 ----D---- C:\Program Files (x86)\AVG Web TuneUp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]

R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-06-17 190744]

R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-06-17 328984]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-08-06 123672]

R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-06-17 31512]

R0 gfibto;gfibto; C:\Windows\system32\drivers\gfibto.sys [2013-09-22 14456]

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-27 30008]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]

R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-06-30 152344]

R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-07-21 244504]

R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-06-17 235800]

R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-06-17 269080]

R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2014-08-29 50976]

R1 cbfs3;cbfs3; \??\C:\Windows\system32\drivers\cbfs3.sys [2011-12-02 348560]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-09-24 283064]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-27 43320]

R3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\amdhub30.sys [2011-07-16 96896]

R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-09-29 10210304]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-09-29 317952]

R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\amdxhc.sys [2011-07-16 214144]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]

R3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2011-09-21 133672]

R3 BCM43XX;Stuurprogramma voor de Broadcom 802.11-netwerkadapter; C:\Windows\system32\DRIVERS\bcmwl664.sys [2013-05-29 4747840]

R3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]

R3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-11-11 80384]

R3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2011-09-21 620584]

R3 btwaudio;Bluetooth-audioapparaat; C:\Windows\system32\drivers\btwaudio.sys [2011-09-21 167976]

R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2011-09-21 178728]

R3 BTWDPAN;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\btwdpan.sys [2011-09-21 89640]

R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-09-21 39976]

R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-09-21 21544]

R3 L6TPortA;Service - Line 6 TonePort UX1; C:\Windows\System32\Drivers\L6TPortA64.sys [2013-07-11 772864]

R3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]

R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]

R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]

R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]

R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]

R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10305; C:\Windows\system32\DRIVERS\stwrt64.sys [2013-05-29 535552]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-06-10 1451056]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 a2djavs;Audio 2 DJ WDM Audio; C:\Windows\System32\Drivers\a2djavs.sys [2012-12-18 359784]

S3 a2djusb_svc;Audio 2 DJ; C:\Windows\System32\Drivers\a2djusb.sys [2012-12-18 98664]

S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]

S3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys []

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-06-16 110336]

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-21 19968]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]

S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-07-28 57280]

S3 hitmanpro37;HitmanPro 3.7 Support Driver; \??\C:\Windows\system32\drivers\hitmanpro37.sys [2014-10-30 32512]

S3 L6PODLV;PODxt Live Service; C:\Windows\System32\Drivers\L6PODLV64.sys [2013-06-26 772864]

S3 MAUSBMIDI;Service for M-Audio USB MIDI Series; C:\Windows\system32\DRIVERS\MAudioUSBMIDI.sys [2010-04-13 200200]

S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]

S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]

S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-06-16 206080]

S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2014-06-16 206080]

S3 StillCam;Stuurprogramma voor seriële digitale fotocamera; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.;Abrosoft: Abrosoft FantaMorph update permissions manager. 12810.; C:\Program Files (x86)\Abrosoft\FantaMorph5\FantaUp.exe [2010-11-18 224176]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2013-05-29 89600]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-09-29 204288]

R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984]

R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-08-25 289328]

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-09-20 1085216]

R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]

R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]

R2 FPLService;TrueSuiteService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]

R2 GenieTimelineService;Genie Timeline Service; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [2012-09-16 662104]

R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]

R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-05-13 270624]

R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe [2009-07-14 27136]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]

R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-27 30520]

R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]

R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]

R2 LaCieDesktopManagerService;LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [2012-10-10 1379840]

R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2012-09-05 6364024]

R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-10-30 75136]

R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]

R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2013-05-29 311808]

R2 Update service;Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [2014-10-09 179200]

R2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-04-13 1636872]

R2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [2014-08-29 1843736]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]

R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]

R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]

S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-08-25 3242000]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]

S2 fa6789c5;VideoCnv; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-11 116648]

S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24 267440]

S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-07-28 1511872]

S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-11 116648]

S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-09-19 111616]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 114144]

S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]

S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

kape · 4 november 2014

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Dubbelklik op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  vProt;s
 C:\Program Files (x86)\AVG Web TuneUp\vprot.exe;f
 Resethosts;
 vToolbarUpdater3.2.0;s
 C:\Windows\tasks\Security Center Update - 2280770166.job;f
 C:\Users\Yasser\AppData\Roaming\Wapyiw;fs
 C:\Program Files (x86)\Mozilla Firefox\extensions\[email="websitelogon@truesuite.com"]websitelogon@truesuite.com[/email];fs
 C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default\extensions\avg@toolbar;fs
 C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default\extensions\[email="C6q@C.edu"]C6q@C.edu[/email];fs
 C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default\searchplugins\search.xml;f
 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64
 "vProt"=-;r64
 C:\ProgramData\gimmishop;fs
C:\ProgramData\cheapncheap;fs
C:\ProgramData\72a6d98baabad2db;fs
C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418};fs
C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D};fs
C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9};fs
C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325};fs
C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704};fs
C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14};fs
 emptyfolderscheck;delete 
startupall; 
filesrcm;

Klik op de knop "More options" en vink nu de onderstaande opties aan.
Do a Quick Scan
Auto Clean
De optie "Scan All Users" staat standaard aangevinkt.
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Notroch · 5 november 2014

Zoek.exe v5.0.0.0 Updated 04-November-2014

Tool run by Yasser on wo 05/11/2014 at 19:50:25,52.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Yasser\Desktop\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-04-10-112126.log 24645 bytes

==== Reset Hosts File ======================

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.

127.0.0.1 localhost

::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully

C:\PROGRA~3\Ableton deleted successfully

C:\Users\Yasser\AppData\Roaming\Malwarebytes deleted successfully

C:\Users\Yasser\AppData\Roaming\Publish Providers deleted successfully

C:\Users\Yasser\AppData\Roaming\Wapyiw deleted successfully

C:\Users\Yasser\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater3.2.0 deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater3.2.0 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default

user.js not found

---- Lines BrowseFox removed from prefs.js ----

user_pref("extensions.BrowseFox.aul", 1687764190);

user_pref("extensions.BrowseFox.irl", true);

user_pref("extensions.BrowseFox.is", "grbbfbe");

user_pref("extensions.BrowseFox.ug", "19F5BEE4-8A07-48CC-ADB3-36EEA93C50BF");

---- Lines PacFunction removed from prefs.js ----

user_pref("extensions.PacFunction.asul", "1397111692664");

user_pref("extensions.PacFunction.aul", "1397111680765");

user_pref("extensions.PacFunction.irl", true);

user_pref("extensions.PacFunction.is", "fmxqtbe");

user_pref("extensions.PacFunction.ug", "A95D8C99-EE52-4FC6-8C0F-DA483F61058E");

---- Lines ask.com removed from prefs.js ----

user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"http://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"htt

---- Lines mysearch removed from prefs.js ----

user_pref("avg.wtu.ext.extHomepage", "https://mysearch.avg.com?pid=wtu&sg=&cid=%7B1b32e2e4-098e-4167-a6df-77ee9794d68b%7D&mid=1d8ba2e51a9d47d3b3f1ada0

---- FireFox user.js and prefs.js backups ----

prefs_20140511_2008_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"vProt"=-

==== Deleting Files \ Folders ======================

C:\Users\Yasser\AppData\Roaming\Wapyiw not found

C:\ProgramData\gimmishop deleted

C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com deleted

C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default\extensions\avg@toolbar deleted

C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default\extensions\C6q@C.edu deleted

C:\ProgramData\cheapncheap deleted

C:\ProgramData\72a6d98baabad2db deleted

C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418} deleted

C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D} deleted

C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9} deleted

C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325} deleted

C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704} deleted

C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14} deleted

C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted

C:\PROGRA~2\MyFree Codec deleted

C:\User Data deleted

C:\Users\Yasser\AppData\Roaming\mcp.ico deleted

C:\PROGRA~3\Avg_Update_0414b deleted

C:\PROGRA~3\AVG Security Toolbar deleted

C:\PROGRA~3\AVG Secure Search deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted

C:\Windows\wininit.ini deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default\searchplugins\avg-secure-search.xml deleted

C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default\searchplugins\search.xml deleted

C:\Users\Yasser\AppData\Roaming\ScanDisc.exe deleted

"C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" deleted

"C:\Windows\tasks\Security Center Update - 2280770166.job" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\3.2.0\log4cplusU.dll" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted

"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\3.2.0" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Yasser\AppData\Local\Temp ====

2014-11-01 18:59:32 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Yasser\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqbizmk.dll

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

2014-10-30 10:02:25 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\Windows\Sysnative\drivers\hitmanpro37.sys

2014-10-29 11:51:14 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys

2014-10-29 11:50:55 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys

2014-10-29 11:50:55 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys

2014-10-15 11:53:19 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys

2014-10-15 11:53:05 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys

2014-10-15 11:51:43 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys

2014-10-15 11:51:42 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-10-30 08:03:10 -------- d-----w- C:\Program Files\HitmanPro

2014-10-23 19:17:58 -------- d-----w- C:\Program Files\Common Files\Native Instruments

======= C:\PROGRA~2 =====

2014-10-27 14:06:07 -------- d-----w- C:\PROGRA~2\VideoCnv

2014-10-23 19:30:22 -------- d-----w- C:\PROGRA~2\COMMON~1\Avid

2014-10-23 17:54:18 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype

======= C: =====

====== C:\Users\Yasser\AppData\Roaming ======

2014-10-29 19:57:22 865B79F4151F94DB85ADEDB17B1A9588 288 ----a-w- C:\Users\Yasser\AppData\Roaming\76590E8A.reg

2014-10-27 19:12:39 -------- d-----w- C:\Users\Yasser\AppData\Local\Ertion

2014-10-27 19:12:39 -------- d-----w- C:\Users\Yasser\AppData\Local\AVworks

2014-10-23 19:39:21 -------- d-----w- C:\Users\Yasser\AppData\Local\Native Instruments

2014-10-23 17:54:26 -------- d-----w- C:\Users\Yasser\AppData\Local\Skype

2014-10-21 18:28:14 -------- d-----w- C:\Users\Yasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-apparaten

2014-10-17 17:27:37 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Clip Converter

====== C:\Users\Yasser ======

2014-11-04 20:29:21 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Yasser\Desktop\RSITx64.exe

2014-10-23 17:54:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-10-23 17:53:28 FEC17D5FB09A03376D3AA204C65562A7 362029 ----a-w- C:\Users\Yasser\Downloads\sqlite3.dll

2014-10-23 17:53:20 08FF6B68896417CD6511354A3E75EBA4 1677920 ----a-w- C:\Users\Yasser\Downloads\SkypeSetup.exe

====== C: exe-files ==

2014-11-04 20:29:21 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Documents and Settings\Yasser\Desktop\RSITx64.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2615218092-1894063395-1112891428-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"LaCie Desktop Manager Startup"="C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe"

"Google Update"="C:\Users\Yasser\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Anworks"="C:\Windows\SysWOW64\regsvr32.exe C:\Users\Yasser\AppData\Local\AVworks\firefox.dll"

"Ertion"="regsvr32.exe C:\Users\Yasser\AppData\Local\Ertion\CNHMWL.dll"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"HPQuickWebProxy"="C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

"HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"

"HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey"

"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"

"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LaCie Desktop Manager Startup"="C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe"

"Google Update"="C:\Users\Yasser\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Anworks"="C:\Windows\SysWOW64\regsvr32.exe C:\Users\Yasser\AppData\Local\AVworks\firefox.dll"

"Ertion"="regsvr32.exe C:\Users\Yasser\AppData\Local\Ertion\CNHMWL.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaCie Desktop Manager Launcher"="C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeAAMUpdater-1.0"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5ServiceManager]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeCS5ServiceManager"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5ServiceManager\\CS5ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DAEMON Tools Lite"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Pro Agent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DAEMON Tools Pro Agent"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\DAEMON Tools Pro\\DTAgent.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easybits Recovery]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Easybits Recovery"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Facebook Update"

"hkey"="HKCU"

"command"="\"C:\\Users\\Yasser\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google+ Auto Backup]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Google+ Auto Backup"

"hkey"="HKCU"

"command"="\"C:\\Users\\Yasser\\AppData\\Local\\Programs\\Google\\Google+ Auto Backup\\Google+ Auto Backup.exe\" /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Quick Launch]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP Quick Launch"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Quick Launch\\HPMSGSVC.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP Software Update"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KiesPreload"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KiesTrayAgent"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSIDLL]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MSIDLL"

"hkey"="HKCU"

"command"="C:\\Windows\\SysWOW64\\rundll32.exe msiudp32.dll,zOazLyEf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SetDefault]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SetDefault"

"hkey"="HKLM"

"command"="C:\\Program Files\\Hewlett-Packard\\HP LaunchBox\\SetDefault.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk"

"backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe "

"item"="Bluetooth"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"

"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\HP\\DIGITA~1\\bin\\hpqtra08.exe "

"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"

"backup"="C:\\Windows\\pss\\Microsoft Office.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\MICROS~1\\Office10\\OSA.EXE -b -l"

"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Yasser^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]

"item"="Dropbox"

"path"="C:\\Users\\Yasser\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"

"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\Users\\Yasser\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"

==== Startup Folders ======================

2014-07-24 08:55:58 270336 ----a-w- C:\Users\Yasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [24/09/2014 15:17]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2615218092-1894063395-1112891428-1001Core.job --a------ C:\Users\Yasser\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/04/2014 18:36]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2615218092-1894063395-1112891428-1001UA.job --a------ C:\Users\Yasser\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/04/2014 18:36]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2615218092-1894063395-1112891428-1001Core.job --a------ C:\Users\Yasser\AppData\Local\Google\Update\GoogleUpdate.exe [11/08/2014 21:52]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2615218092-1894063395-1112891428-1001UA.job --a------ C:\Users\Yasser\AppData\Local\Google\Update\GoogleUpdate.exe [11/08/2014 21:52]

C:\Windows\tasks\HPCeeScheduleForYasser.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 04:43]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Yasser-HP-Yasser" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2615218092-1894063395-1112891428-1001Core" [C:\Users\Yasser\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2615218092-1894063395-1112891428-1001UA" [C:\Users\Yasser\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2615218092-1894063395-1112891428-1001Core" [C:\Users\Yasser\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2615218092-1894063395-1112891428-1001UA" [C:\Users\Yasser\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\HPCeeScheduleForYasser" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{F7BE2FF6-EA48-4207-8E52-5C2588BAADA7}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [06/10/2013 18:14]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [06/10/2013 18:14]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default

- Undetermined - 2020Player_IKEA@2020Technologies.com

- Undetermined - optout@google.com

- Undetermined - avg@toolbar

- Visualisateur 3D de 20-20 - %ProfilePath%\extensions\2020Player_IKEA@2020Technologies.com

- Afmelden voor advertentiecookie - %ProfilePath%\extensions\optout@google.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default

40AAE0A1A4F664828DF5A95875AEA1C8 - C:\Users\Yasser\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll - Google Update

DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash

3CD19649B2C3023D65E67C056457A2BC - C:\Users\Yasser\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

2EE9DCAE1D70ABF4D058688DE35F8221 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.16

6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director

1BB1021A875B010EE26D539053B0F894 - C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll - 20-20 3D Viewer for IKEA

F556A64AB2DB1BD834E7C89CE211516B - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted

Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted

Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted

Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted

Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted

Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted

Fake profile C:\Users\Yasser\AppData\Local\Google\Chrome SxS deleted

Fake profile C:\Users\Yasser\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

debkinhcgejcbfgjiaalomcmkedjmiaa - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx[25/08/2011 04:41]

Google Docs - Yasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Yasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - Yasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Cast - Yasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd

Videostream for Google Chromecastâ„¢ - Yasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl

Google Search - Yasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Website Logon - Yasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa

LocalChromecast Player - Yasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp

Google Wallet - Yasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Yasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}"

{07F202EA-A471-44A9-AC55-B3C726D27203} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/1553-111073-34115-5/4?mpre=http://www.benl.ebay.be/sch/i.html?_nkw={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EA2914E-5241-4DFC-341B-727B2080AFE9} deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Yasser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Yasser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Yasser\AppData\Local\Mozilla\Firefox\Profiles\1sxd1l5p.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Yasser\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1672 folders=592 303116697 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Yasser\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Yasser\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on wo 05/11/2014 at 20:46:29,68 ======================

kape · 6 november 2014

Download AdwCleaner by Xplode naar het bureaublad.

Sluit alle openstaande vensters.
Dubbelklik op AdwCleaner om hem te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Klik op Scan.
Klik vervolgens op Clean (Engelse versie)of Verwijderen (Nederlandse versie).
Klik bij Herstarten Noodzakelijk op OK

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\\AdwCleaner\\AdwCleaner[s0].txt.

Logbestand plaatsen

Voeg het logbestand met de naam C:\\AdwCleaner\\AdwCleaner[s0].txt als bijlage toe aan het volgende bericht.
Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Notroch · 6 november 2014

# AdwCleaner v3.023 - Report created 12/04/2014 at 14:59:01

# Updated 01/04/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Yasser - YASSER-HP

# Running from : C:\Users\Yasser\Downloads\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v15.0 (nl)

[ File : C:\Users\Yasser\AppData\Roaming\Mozilla\Firefox\Profiles\1sxd1l5p.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovigo.com/?gd=&ctid=CT3323830&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP85659C56-7006-4F76-BAEF-C162DB22E592");

*************************

AdwCleaner[R0].txt - [1791 octets] - [12/04/2014 14:58:05]

AdwCleaner[s0].txt - [1491 octets] - [12/04/2014 14:59:01]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1551 octets] ##########

kape · 6 november 2014

En hoe staat het nu met de snelheid van de laptop ?

Notroch · 7 november 2014

nog niet te best helaas. Laptop is enkele keren gecrasht tijdens het gebruiken van ADWcleaner en doet dit nu nog steeds.

Logfile of random's system information tool 1.10 (written by random/random)

Run by Yasser at 2014-11-07 19:22:43

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 200 GB (29%) free of 686 GB

Total RAM: 7658 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:22:54, on 7/11/2014