Zoek.exe Version 4.0.0.5 Updated 24-November-2013 Tool run by User on zo 24/11/2013 at 13:58:08,52. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\Desktop\zoek.exe [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\PROGRA~2\AVG\AVG2014\avgrsa.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\Hpservice.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Windows\SysWOW64\UAService7.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe C:\Windows\system32\taskeng.exe C:\Users\User\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== System Restore Info ====================== 24/11/2013 14:00:00 Zoek.exe System Restore Point Created Succesfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\AVS4YOU deleted successfully C:\PROGRA~2\Codemasters deleted successfully C:\PROGRA~2\EA GAMES deleted successfully C:\PROGRA~2\KULeuven-Kulak deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Users deleted successfully C:\PROGRA~2\WildTangent Games deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\log deleted successfully C:\ProgramData\Oracle deleted successfully C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} deleted successfully C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\User\AppData\Roaming\HpUpdate deleted successfully C:\Users\User\AppData\Roaming\IrfanView deleted successfully C:\Users\User\AppData\Roaming\Opera deleted successfully C:\Users\User\AppData\Local\CrashDumps deleted successfully C:\Users\User\AppData\Local\Downloaded Installations deleted successfully C:\Users\User\AppData\Local\Intel WiDi deleted successfully C:\Users\User\AppData\Local\Lollipop deleted successfully C:\Users\User\AppData\Local\MigWiz deleted successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully ==== Creating Sample_20132411_1406.zip ====================== Copied file C:\Users\User\Maple1602aWindowsUpgrade.exe to sample\Maple1602aWindowsUpgrade.exe Copied file C:\Users\User\Maple1602WindowsUpgrade.exe to sample\Maple1602WindowsUpgrade.exe sample\Maple1602aWindowsUpgrade.exe renamed to BA12819C98DF25FC023E8E9C37954259 sample\Maple1602WindowsUpgrade.exe renamed to 433A20EF23B8E32FB3FB750D56780D37 C:\Users\Public\Desktop\sample_20132411_1406.zip created successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\belgiumeid@eid.belgium.be deleted successfully ==== Installed Programs ====================== 4500_G510nz_Help 4500G510nz 4500G510nz_Software_Min 64 Bit HP CIO Components Installer Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop CS6 Adobe Reader XI (11.0.05) - Nederlands Adobe Shockwave Player 11.5 Albelli.be Fotoboeken Any Video Converter Professional 2.7.3 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Panorama Maker 6 AuthenTec TrueAPI AVG 2014 AXIS Camera Control 2.40 Belgium e-ID middleware 4.0.5 (build 7363) BitTorrent Bonjour BS.Player FREE BufferChm Catalyst Control Center - Branding Catalyst Control Center Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catalyst Control Center Profiles Mobile ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CrystalDiskInfo 6.0.1 CyberLink YouCam D3DX10 DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery DocMgr DocProc Dropbox Energy Star Digital Logo ESU for Microsoft Windows 7 Fax Free YouTube to MP3 Converter version 3.12.2.430 Freemake Video Converter versie 3.2.1 Galerie de photos Windows Live Google Chrome Google Earth GPBaseService2 HD Tune 2.55 Hewlett-Packard ACLM.NET v1.2.1.1 HP 3D DriveGuard HP Auto HP Client Services HP Connection Manager HP Customer Experience Enhancements HP Customer Participation Program 13.0 HP Document Manager 2.0 HP Documentation HP DVB-T TV Tuner 8.0.64.43 HP Imaging Device Functions 13.0 HP Officejet 4500 G510n-z HP On Screen Display HP Power Manager HP Product Detection HP Setup HP Setup Manager HP SimplePass 2011 HP Smart Web Printing 4.5 HP Software Framework HP Solution Center 13.0 HP Support Assistant HP Update HPDiagnosticAlert HPProductAssistant HPSSupply iClone v5.1 PRO iCloud IDT Audio Intel PROSet Wireless Intel(R) C++ Redistributables on IA-32 Intel(R) C++ Redistributables on Intel(R) 64 Intel(R) Control Center Intel(R) Display Audio Driver Intel(R) Management Engine Components Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology Intel(R) Rapid Storage Technology Intel(R) WiDi Intel© PROSet/Wireless WiFi Software iTunes Java 7 Update 45 Java Auto Updater JavaFX 2.1.1 Joystick Plug-in Junk Mail filter update LaCie Desktop Manager 1.4.1.84 LightScribe System Software Logitech Gaming Software 5.10 Magic Desktop Maple 17 MarketResearch Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft Application Error Reporting Microsoft Flight Microsoft Flight Simulator X Microsoft Flight Simulator X Service Pack 1 Microsoft Flight Simulator X: Acceleration Microsoft Games for Windows Marketplace Microsoft IntelliPoint 8.0 Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 64-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP1 English Microsoft SQL Server Compact 3.5 SP1 x64 English Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC100_CRT_SP1_x64 Microsoft_VC100_CRT_SP1_x86 Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 21.0 (x86 nl) Mozilla Maintenance Service MSVC80_x64_v2 MSVC80_x86_v2 MSVC90_x64 MSVC90_x86 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MusicStation Nero 12 Nero Audio Pack 1 Nero BackItUp Nero BackItUp Help (CHM) Nero Blu-ray Player Nero Blu-ray Player Help (CHM) Nero Burning ROM Nero Burning ROM Help (CHM) Nero ControlCenter Nero ControlCenter Help (CHM) Nero Core Components Nero Disc Menus Basic Nero Effects Basic Nero Express Nero Express Help (CHM) Nero Kwik Media Nero Kwik Media Help (CHM) Nero Kwik Themes Basic Nero PiP Effects Basic Nero Recode Nero Recode Help (CHM) Nero RescueAgent Nero RescueAgent Help (CHM) Nero SharedVideoCodecs Nero Update Nero Video Nero Video Help (CHM) Network64 Nokia Connectivity Cable Driver Nokia Suite NVIDIA PhysX OCR Software by I.R.I.S. 13.0 PandoraRecovery (Remove Only) PC Connectivity Solution PDF Settings CS6 Picasa 3 Prerequisite installer PX Profile Update QuickTime R for Windows 2.15.2 Realtek Ethernet Controller Driver Realtek PCIE Card Reader Recovery Manager RemoteComms driver Renesas Electronics USB 3.0 Host Controller Driver RStudio Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) Shop for HP Supplies Skype Click to Call SkypeT 6.9 SmartWebPrinting SolutionCenter Spotify Status Stuurprogrammapakket voor Windows - Fedict SmartCard (10/04/2011 4.0.0.5) Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD Tetris (remove only) TomTom HOME TomTom HOME Visual Studio Merge Modules Toolbox TrayApp Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition Validity WBF DDK Visual Studio 2012 x86 Redistributables VLC media player 2.0.8 VobSub v2.23 (Remove Only) WavePad Sound Editor WebReg Welcome App (Start-up experience) Wi-Fi MediaConnect WinAVI All in One Converter Windows-stuurprogrammapakket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Mesh ActiveX control for remote connections Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinRAR 4.10 (64-bit) Wuala Wuala CBFS Wuala OverlayIcons ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f53n8y7f.default ---- Lines CT1750559 removed from prefs.js ---- user_pref("CT1750559.FF19Solved", "true"); user_pref("CT1750559.UserID", "UN35452741282640343"); user_pref("CT1750559.fullUserID", "UN35452741282640343.IN.20131025184351"); user_pref("CT1750559.installDate", "25/10/2013 18:43:53"); user_pref("CT1750559.installSessionId", "c428acbc-ec6b-46c7-aeb1-efed7f8ffa3b"); user_pref("CT1750559.installSp", "FALSE"); user_pref("CT1750559.installerVersion", "1.8.0.14"); user_pref("CT1750559.keyword", "true"); user_pref("CT1750559.originalSearchAddressUrl", ""); user_pref("CT1750559.searchRevert", "false"); user_pref("CT1750559.searchUserMode", "1"); user_pref("CT1750559.toolbarInstallDate", "25-10-2013 18:43:52"); user_pref("CT1750559.versionFromInstaller", "10.21.1.7"); user_pref("CT1750559.xpeMode", "0"); user_pref("smartbar.addressBarOwnerCTID", "CT1750559"); user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN35452741282640343&UM= ---- Lines OneClickDownload removed from prefs.js ---- user_pref("extensions.bootstrappedAddons", "{\"OneClickDownload@OneClickDownload.com\":{\"version\":\"1.3\",\"type\":\"extension\",\"descriptor\":\"C: user_pref("extensions.OneClickDownload.filter", "1,2"); user_pref("extensions.OneClickDownload.lastUpdate", "{\"hours\":20,\"min\":22}"); ---- Lines OneClickDownload modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"smartwebprinting@hp.com\":{\"descriptor\":\"C:\\\\Program Files ( ---- Lines smartbar removed from prefs.js ---- user_pref("smartbar.machineId", "FMW2UUZTQPCMNGW7R4SVHAE+OH5D2ZEAQFT/NC070FT6/7MOHVDOO1PFWXAHISTWKF0D0MLAUWYBOHVSDN87GW"); user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); ---- FireFox user.js and prefs.js backups ---- user_20132411_1407_.backup prefs_20132411_1407_.backup ==== Batch Command(s) Run By Tool====================== C:\Windows\system32\appdata deleted ==== Deleting Files \ Folders ====================== C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} not found C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\Windows\syswow64\appdata deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\Users\User\update.bat deleted C:\Users\User\Downloads\avg_free_stb_all_2014_4158_cnet.exe deleted C:\Users\User\AppData\LocalLow\LyricsSay-16 deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\user.js deleted C:\END deleted C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f53n8y7f.default\CT1750559 deleted C:\Users\User\Maple1602aWindowsUpgrade.exe deleted C:\Users\User\Maple1602WindowsUpgrade.exe deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-11-18 20:58:17 E185BDA84E5F03F4E1D8DCA30E209277 1912 ----a-w- C:\Windows\epplauncher.mif ====== C:\Users\User\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2013-11-18 19:26:34 AD27563BC16AB1EAACAE3033E99C2F78 194048 ----a-w- C:\Windows\SysWOW64\elshyph.dll 2013-11-18 19:26:24 FB0D1CC2911A0645DDA6C0608473EB55 34816 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2013-11-18 19:26:24 F9F114B2A6F876C92D317A755494F233 17142784 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-11-18 19:26:24 F8DE2F74CD4323BABBDACAADD9A39254 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2013-11-18 19:26:24 F862CD08F1AD4EE39BD506853F3C6103 16284 ----a-w- C:\Windows\SysWOW64\ieuinit.inf 2013-11-18 19:26:24 F7B6E341F4B1947BEC0E14EEBE3C627E 111616 ----a-w- C:\Windows\SysWOW64\IEAdvpack.dll 2013-11-18 19:26:24 F705F52FC41577641E82B9934728B02C 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-11-18 19:26:24 EC7038154490E50ACD405A022F51B204 83456 ----a-w- C:\Windows\SysWOW64\inseng.dll 2013-11-18 19:26:24 D9F12F54E3B5A092F1D5F191F5286E53 337408 ----a-w- C:\Windows\SysWOW64\html.iec 2013-11-18 19:26:24 CFCE4EFF1D6D909EE2EA3AFCB8F1E677 233472 ----a-w- C:\Windows\SysWOW64\url.dll 2013-11-18 19:26:24 C3B0DBD04CC18574B0706CA119902474 367104 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2013-11-18 19:26:24 C1A6E565B2782C09BC40AD749B46D9ED 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-18 19:26:24 C17139EAF939964142C7A1AEEE02DC81 616104 ----a-w- C:\Windows\SysWOW64\ieapfltr.dat 2013-11-18 19:26:24 BE8B10D84DDD8F43A32EE013B54F5287 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-11-18 19:26:24 BC2C13A3B664B686DA52D558FE5502FC 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-11-18 19:26:24 B68750104FBA545C633B7E9AEA660208 2166272 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-11-18 19:26:24 B5EB5BD3066959611E1F7A80FD6CC172 1818112 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-11-18 19:26:24 AE6A2C5ECD3E96556E22F12816842F60 48640 ----a-w- C:\Windows\SysWOW64\mshtmler.dll 2013-11-18 19:26:24 AE254DBF16E3E3D7C35ED017B4B55EC6 4240384 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-11-18 19:26:24 ABDFC692D9FE43E2BA8FE6CB5A8CB95A 13312 ----a-w- C:\Windows\SysWOW64\mshta.exe 2013-11-18 19:26:24 AB3B2CA52AFB695AFCDD2620A21E5B21 24576 ----a-w- C:\Windows\SysWOW64\licmgr10.dll 2013-11-18 19:26:24 9E170B0AF156B478BD2B1FD6A2250C9E 62464 ----a-w- C:\Windows\SysWOW64\tdc.ocx 2013-11-18 19:26:24 9B8701A380CEE1B05D651B4ED4048C8F 645120 ----a-w- C:\Windows\SysWOW64\jsIntl.dll 2013-11-18 19:26:24 9A33FDDD687A836A1FD478B43C5A95FD 151552 ----a-w- C:\Windows\SysWOW64\iexpress.exe 2013-11-18 19:26:24 887055A3C8DD6C87D200D11EAFDBD45B 74240 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-11-18 19:26:24 83F49FD1BC0A999B006D564C540C7258 86016 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-11-18 19:26:24 81A605B0F3A29A117AB83A08D40F772F 1926656 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2013-11-18 19:26:24 809804D8AED97AEA96B3D4B66A4C5C70 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2013-11-18 19:26:24 779E142FE2159935E78C0FA2E190FF1E 610304 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-11-18 19:26:24 71144A47CD02FDDC77DDF5EB5315767F 523776 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-11-18 19:26:24 6EB0B7301E00F717BD68A742D1391FAF 36352 ----a-w- C:\Windows\SysWOW64\imgutil.dll 2013-11-18 19:26:24 6A92CEC8532056791C6832B2725D170D 139264 ----a-w- C:\Windows\SysWOW64\wextract.exe 2013-11-18 19:26:24 6A794439B6612E43FEDE0217C919B652 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2013-11-18 19:26:24 6922D7ED84AE102504174922D5D42F49 238288 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2013-11-18 19:26:24 64831CAD496A073398853A34A5813675 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2013-11-18 19:26:24 5EC13202430A3EB68DFF44CF1FEEA2BE 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2013-11-18 19:26:24 5DFE55E0221F0C5FA4D6CECFA72B1D78 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-11-18 19:26:24 55969AADF0210A614700F89B48976F68 43008 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll 2013-11-18 19:26:24 53FC62C51CB18C9100A7DFAF2D2A6C47 12800 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe 2013-11-18 19:26:24 4F032F1FDEFEA5EC8EEA3562643B5EE8 69120 ----a-w- C:\Windows\SysWOW64\icardie.dll 2013-11-18 19:26:24 4D4726D1AD5ED1590A62685F92900594 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2013-11-18 19:26:24 4BCC7EB5F20840DA67943BD86AE95735 56832 ----a-w- C:\Windows\SysWOW64\pngfilt.dll 2013-11-18 19:26:24 4A7956EE34BE56D20C54CF6A47693C25 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-11-18 19:26:24 44D5C650C971910827EA65B4D989ED94 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll 2013-11-18 19:26:24 433161597584186EF806EFC8EA530433 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2013-11-18 19:26:24 2EE1E467D73642AFDDB03019F58C252B 1156608 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-11-18 19:26:24 2AF48780D879AFC43733159CB29CD8BD 1051136 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2013-11-18 19:26:24 298FDE634538B62CEEEC266D8773B21A 182272 ----a-w- C:\Windows\SysWOW64\msls31.dll 2013-11-18 19:26:24 22868FAAF9C851BFA924B8D7EDB6CBC1 11220992 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-11-18 19:26:24 1AFBAA54BDF637F69B8E02A5578286B0 116736 ----a-w- C:\Windows\SysWOW64\iepeers.dll 2013-11-18 19:26:24 1200D9C7DB0ADC1B8143A0A9921BF7DA 127488 ----a-w- C:\Windows\SysWOW64\occache.dll 2013-11-18 19:26:24 08B56CF57B7CE44315034247CC76D0F1 244736 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2013-11-18 19:26:24 03B3541AE6986602CF9CB5B3AD169C33 208384 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2013-11-13 08:38:30 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2013-11-13 08:38:24 EE7CB55F77465CDAC4C80F587FF7C278 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll 2013-11-13 08:38:24 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\SysWOW64\credui.dll 2013-11-13 08:38:24 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 08:38:13 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 08:38:13 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2013-11-13 08:38:13 42B924C5F3924C1EB2539F22C10D7DF1 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2013-11-13 08:38:13 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2013-11-13 08:38:10 56E3313690866F99CD17AA1342F64AE1 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2013-11-13 08:38:09 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 08:38:09 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-11-18 19:53:41 DD85F00EC31F77315AE992B7B0411D65 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll 2013-11-18 19:35:55 2D01F001F8E45924E57B7BB77CF96BC2 28368 ----a-w- C:\Windows\Sysnative\IEUDINIT.EXE 2013-11-18 19:26:34 344DA9D196C0D98A738289BB09CE4CF6 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2013-11-18 19:26:24 8F7FBD0177F79727CF945ABDA657A0AC 235008 ----a-w- C:\Windows\Sysnative\elshyph.dll 2013-11-18 19:26:23 FD61D51199F3FC9EB0023FBF405EAAD0 147968 ----a-w- C:\Windows\Sysnative\occache.dll 2013-11-18 19:26:23 FB9459892AF2AD60BDA98F820C1A28C3 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2013-11-18 19:26:23 F862CD08F1AD4EE39BD506853F3C6103 16284 ----a-w- C:\Windows\Sysnative\ieuinit.inf 2013-11-18 19:26:23 F34C20D099CF94A606A2B5B0C668B570 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2013-11-18 19:26:23 F00AE7B953ABEF1B53FBBA187DFC8238 243200 ----a-w- C:\Windows\Sysnative\webcheck.dll 2013-11-18 19:26:23 EE10AB99A480875E012CA339EC48F02B 1228800 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2013-11-18 19:26:23 E949B344680691F255C0E662D4B5BFF1 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2013-11-18 19:26:23 E70D4270C43CE6C46841B684315B9EFF 62464 ----a-w- C:\Windows\Sysnative\pngfilt.dll 2013-11-18 19:26:23 E6CB36B85BE59095337427E853A5B65A 2332160 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-11-18 19:26:23 E4A6577D74B2439974C8018AB5F1BFEA 13312 ----a-w- C:\Windows\Sysnative\msfeedssync.exe 2013-11-18 19:26:23 E36FDC470352C8F351F31959619CADD8 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-11-18 19:26:23 D6C88A6094D1FDAC56A186BBD7F06357 40448 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2013-11-18 19:26:23 D36A88D22B843C3812B501434E5A67A0 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2013-11-18 19:26:23 D31AE751B6DACAFD0D7CC99EAE9606C2 131072 ----a-w- C:\Windows\Sysnative\IEAdvpack.dll 2013-11-18 19:26:23 D233E1A32CE6AF918C9DE1BC44AFEB2A 23212032 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-11-18 19:26:23 CE8831D2DCB5803A4CBC8EDCCBBC2A05 77312 ----a-w- C:\Windows\Sysnative\tdc.ocx 2013-11-18 19:26:23 CC84F4E36AA96810AD766C88DD657ADB 626176 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-11-18 19:26:23 C92173481A58935BE15172079CF122B8 235520 ----a-w- C:\Windows\Sysnative\url.dll 2013-11-18 19:26:23 C70F72684CDCF9BB142F50F98BB1DD9C 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-11-18 19:26:23 C6ECA2F7A1B189025171E6A29F2605AA 453120 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2013-11-18 19:26:23 C17139EAF939964142C7A1AEEE02DC81 616104 ----a-w- C:\Windows\Sysnative\ieapfltr.dat 2013-11-18 19:26:23 BB6DEAFAC5F0AAEC37FEAF3F3AA48347 774144 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-11-18 19:26:23 B99C7CC6ED6917E3035A12171F40D240 5765120 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-11-18 19:26:23 ADA5C3D49A12CED9F07913DC00E547A8 48128 ----a-w- C:\Windows\Sysnative\imgutil.dll 2013-11-18 19:26:23 A8C830CABD7640EE8E6F0F1019F91E83 548352 ----a-w- C:\Windows\Sysnative\vbscript.dll 2013-11-18 19:26:23 9870EC900829595D191BB03C6C48B479 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2013-11-18 19:26:23 9675B272086CF5D22B83B541FAA8D4EA 30208 ----a-w- C:\Windows\Sysnative\licmgr10.dll 2013-11-18 19:26:23 95951E6A277F78FA13A85F2F408F4C0B 12995584 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-11-18 19:26:23 95828D670CFD3B16EE188168E083C3C5 13824 ----a-w- C:\Windows\Sysnative\mshta.exe 2013-11-18 19:26:23 77FBE2E014EFB93FD037FA33AB8C7D6E 263376 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2013-11-18 19:26:23 6F1AF8E1206E92256459E3012C20472A 942592 ----a-w- C:\Windows\Sysnative\jsIntl.dll 2013-11-18 19:26:23 68899208A26E4522D25DBA87FF2E98D1 84992 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2013-11-18 19:26:23 612DC699EBF0AA1AAA065898D33B553A 1993728 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2013-11-18 19:26:23 5FAC15F872026BBC31C11D3A32B84624 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-11-18 19:26:23 5BECC17076F1806F60BB259B654FAC5C 195584 ----a-w- C:\Windows\Sysnative\msrating.dll 2013-11-18 19:26:23 5BBDBE5EBB49EA7C76A2EE7490A45D68 101376 ----a-w- C:\Windows\Sysnative\inseng.dll 2013-11-18 19:26:23 5A54ED24D5D42102A64904809215E0DC 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-11-18 19:26:23 5141B67F14E2B6CBB6ADF851ABE364A5 90112 ----a-w- C:\Windows\Sysnative\SetIEInstalledDate.exe 2013-11-18 19:26:23 46FD16F9B1924A2EA8CD5C6716CC654F 167424 ----a-w- C:\Windows\Sysnative\iexpress.exe 2013-11-18 19:26:23 45152BA21450811F4619C9C1790E7353 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2013-11-18 19:26:23 43D9CE875F8FC8370C6BA2F74D50D01C 1394176 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-11-18 19:26:23 4399857346DD183683332921500046B1 86016 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-11-18 19:26:23 3AFA03119583647136C49B80DAD38F19 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2013-11-18 19:26:23 3A4FD19F13F8809BA08E9F76C0E38832 413696 ----a-w- C:\Windows\Sysnative\html.iec 2013-11-18 19:26:23 3168FA85740503BAE77DB821CB3EE4FB 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-11-18 19:26:23 2EBD0C5B090125AECF017C57344C45AB 247808 ----a-w- C:\Windows\Sysnative\msls31.dll 2013-11-18 19:26:23 2405D24AA28CCC4CC7E0CC0AE008746F 48640 ----a-w- C:\Windows\Sysnative\mshtmler.dll 2013-11-18 19:26:23 1FCBE949A67939ADEAE7279E423AA684 135680 ----a-w- C:\Windows\Sysnative\iepeers.dll 2013-11-18 19:26:23 1EA6500C25A80E8BDB65099C509AF993 143872 ----a-w- C:\Windows\Sysnative\wextract.exe 2013-11-18 19:26:23 0FBEBD36FEFFEE5AF25FDAEE5E35EE99 105984 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-11-18 19:26:23 0A9D5716CB1F3AFA73703F39647BB8C2 81408 ----a-w- C:\Windows\Sysnative\icardie.dll 2013-11-18 19:26:23 092F3E7D054FDF779054E29A0A0D4267 2764288 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-11-18 19:26:23 05018A4E76F1636EFBB7DCB76900872A 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-11-18 19:26:23 038ABC9BCC86DFF9E181D44E43E2CEBA 52224 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll 2013-11-18 19:26:23 0134898497B6C6CD50F7FC5DE85712A6 296960 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2013-11-18 19:25:01 FB4045578F5180BDB1963AB352B78548 5632 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-11-18 19:25:01 F5CEF064C7E6D95DA86B9D064A56A969 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-11-18 19:25:01 F49E92B50CED5C9F1725D3C0329FD933 10752 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-11-18 19:25:01 E8EEA503870CB6A6DC4E09A2433DF33E 2776576 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll 2013-11-18 19:25:01 C4C183E6551084039EC862DA1C945E3D 1175552 ----a-w- C:\Windows\Sysnative\FntCache.dll 2013-11-18 19:25:01 C498EF41B93986BCBD483597573EB96D 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll 2013-11-18 19:25:01 B2CA1AC17E78D986B22FD6C2261CD84F 1238528 ----a-w- C:\Windows\Sysnative\d3d10.dll 2013-11-18 19:25:01 AFC3DB5C6EB8CA8017DDB81D6C0AD02A 9728 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-11-18 19:25:01 AFB73882AE41E1629A63E6713FE30FB9 296960 ----a-w- C:\Windows\Sysnative\d3d10core.dll 2013-11-18 19:25:01 9AE80F6A66B30E3ED8CDF858CF28B11B 194560 ----a-w- C:\Windows\Sysnative\d3d10_1.dll 2013-11-18 19:25:01 9108540E866F75C7AF2B91DD921A8091 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-11-18 19:25:01 9094039A00485F71C4DE64BF51F64C46 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-version-l1-1-0.dll 2013-11-18 19:25:01 8DFB5752FCE145A6B295093C0A8BE131 363008 ----a-w- C:\Windows\Sysnative\dxgi.dll 2013-11-18 19:25:01 7E8A672B7B06A6EB11960C22E0360C59 3928064 ----a-w- C:\Windows\Sysnative\d2d1.dll 2013-11-18 19:25:01 72723D3E4781BADC62C3180C137E7B23 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-user32-l1-1-0.dll 2013-11-18 19:25:01 6F623BD09CBB4C3F97374F12976E5EA5 522752 ----a-w- C:\Windows\Sysnative\XpsGdiConverter.dll 2013-11-18 19:25:01 64A4AB126E24FD3F58EBE64852773DB5 2560 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-11-18 19:25:01 63F72417CA38D8FC8F53709649B589E3 333312 ----a-w- C:\Windows\Sysnative\d3d10_1core.dll 2013-11-18 19:25:01 3834316FE8A653227282196525E07DFE 648192 ----a-w- C:\Windows\Sysnative\d3d10level9.dll 2013-11-18 19:25:01 0E6FBF19D9DFBB77316C23DF91F8A101 5632 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-11-13 08:38:31 780F6ECC4F55D76C9730E6B6C9B31913 1474048 ----a-w- C:\Windows\Sysnative\crypt32.dll 2013-11-13 08:38:24 8563BA40DF4F1E93A61B70E2C8B60CF8 190464 ----a-w- C:\Windows\Sysnative\SmartcardCredentialProvider.dll 2013-11-13 08:38:24 4403D5ECE7D8323CAF1207D1AA38FA01 197120 ----a-w- C:\Windows\Sysnative\credui.dll 2013-11-13 08:38:24 34152997FB906895290E0199AC94B85F 1930752 ----a-w- C:\Windows\Sysnative\authui.dll 2013-11-13 08:38:13 B08EA91C774AA734E0B9881F85CD9F42 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll 2013-11-13 08:38:13 7C46EC9CCDE6E793713FA01DB2EB918E 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2013-11-13 08:38:13 747B9BA5412422F27934CB21131F0A3E 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2013-11-13 08:38:13 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\Sysnative\lsass.exe 2013-11-13 08:38:13 31FFED18C7B836CEC1B559347E32E151 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2013-11-13 08:38:13 208EAAFF40DA400190AA0605C797BEA2 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2013-11-13 08:38:13 086F906B1D30C0A5D35FE0F6362DAB21 1447936 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2013-11-13 08:38:10 56325BB1FF19F2A5AC8713756AC41140 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll 2013-11-13 08:38:10 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL 2013-11-13 08:38:09 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL 2013-11-13 08:38:09 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll ====== C:\Windows\Sysnative\drivers ===== 2013-11-17 12:18:34 E73A7A04FDAC9DD46EE2A4257F09E91C 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys 2013-11-17 12:18:34 ACCEA6BC68D0C9A78EB97EE159028B4E 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys 2013-11-17 12:18:34 A83D0EC9AE4C31704442099D40BA2471 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys 2013-11-17 12:18:34 9406D801042FAF859CF81B2C886413DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys 2013-11-17 12:18:34 861C197502A5057E68F0AC75D9EFCDD7 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys 2013-11-17 12:18:34 311C1DD1088E55BEAE15954D17F50646 52736 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2013-11-17 12:18:34 280E90CBF4B2DDD169F0728CB44D726F 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2013-11-13 08:38:25 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2013-11-13 08:38:13 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2013-11-13 08:38:13 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2013-11-13 08:38:13 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== 2013-11-21 09:03:56 772096B1533565D97B73C65131B7AA23 3694 ----a-w- C:\Windows\Sysnative\Tasks\Adobe-online actualiseringsprogramma 2013-11-21 09:03:55 8D6D39AF2CCF53221A1D113A06C5B773 3676 ----a-w- C:\Windows\Sysnative\Tasks\HP-Online updateprogramma 2013-11-21 08:45:03 9B7DD89F133CA1BD9830886D99F9EC12 3230 ----a-w- C:\Windows\Sysnative\Tasks\SidebarExecute ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2013-11-21 08:43:09 -------- d-----w- C:\PROGRA~2\AVG 2013-11-19 20:34:47 -------- d-----w- C:\PROGRA~2\HD Tune 2013-10-25 16:44:14 -------- d-----w- C:\PROGRA~2\Webteh ======= C: ===== ====== C:\Users\User\AppData\Roaming ====== 2013-11-21 08:57:08 -------- d-----w- C:\Users\User\AppData\Roaming\AVG 2013-11-21 08:45:22 -------- d-----w- C:\Users\User\AppData\Roaming\AVG2014 2013-11-21 08:45:02 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2014 2013-11-21 08:44:40 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2014 2013-11-21 08:43:10 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2014 2013-11-21 08:41:21 -------- d-----w- C:\Users\User\AppData\Local\Avg2014 2013-11-17 19:27:25 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Sun 2013-10-25 16:44:14 -------- d-----w- C:\Users\User\AppData\Roaming\BSplayer Pro 2013-10-25 16:44:14 -------- d-----w- C:\Users\User\AppData\Roaming\BSplayer 2013-10-25 16:41:21 -------- d-----w- C:\Users\User\AppData\Local\Spotify 2013-10-25 16:40:58 -------- d-----w- C:\Users\User\AppData\Roaming\Spotify ====== C:\Users\User ====== 2013-11-24 10:03:42 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\User\Downloads\RSITx64 (1).exe 2013-11-24 09:58:49 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\User\Downloads\RSITx64.exe 2013-11-23 17:37:00 13C1570C7CE1208F0F754D5BE15E79CE 24576 ----a-w- C:\Users\User\Desktop\memtest.exe 2013-11-21 08:56:27 -------- d-----w- C:\ProgramData\AVG 2013-11-21 08:44:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2013-11-21 08:44:03 -------- d-----w- C:\ProgramData\AVG2014 2013-11-19 20:34:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune 2013-11-19 20:34:22 088812A121E0A9CEB40CE9C808C8A90C 642632 ----a-w- C:\Users\User\Downloads\hdtune_255.exe 2013-11-19 10:41:07 AD12A5B98B8CF688DC356B60A355FD39 2761680 ----a-w- C:\Users\User\Downloads\CrystalDiskInfo6_0_1-en.exe 2013-11-18 20:56:16 0E4CC70A7AA9894BE24B8B4AF7C30043 13693112 ----a-w- C:\Users\User\Downloads\mseinstall.exe 2013-11-18 20:38:10 B0374EF227F086A483324E350787E8A3 146528 ----a-w- C:\Users\User\Desktop\BlueScreenView.exe 2013-11-17 19:38:36 CA1DC7625ACF85D3A52AF3A8D4F02451 203862608 ------w- C:\Users\User\Downloads\NIS-TW-21.1.0-NL.exe 2013-11-17 19:07:52 C4ACBA1923CDD3E13DC82CFCE8B78595 3059176 ------w- C:\Users\User\Downloads\NPE.exe 2013-10-25 16:45:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player ====== C: exe-files == 2013-11-20 06:43:59 E4F8F4F057E3164A52D9D206D1F99193 31544 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_SmartFriendAwareness.exe 2013-11-20 06:43:59 99450E601834605668AE9E13BB26F09B 33264 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_CoolSense.exe 2013-11-19 20:34:47 F8FC2D14DF813CC920A39B3CB7E59CBC 401408 ----a-w- C:\Program Files (x86)\HD Tune\HDTune.exe 2013-11-19 20:34:47 CEFC20D14D9940D53505E9B9769139E7 682266 ----a-w- C:\Program Files (x86)\HD Tune\unins000.exe 2013-11-19 20:27:51 AE8E8AD9C3405DA46653A792EEDF4868 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-978257931-2792700483-2985541856-1000\$I56XAN2.exe 2013-11-19 10:41:52 4A0D4AA7AF4DDFF5916A366041F78E30 1269491 ----a-w- C:\Program Files (x86)\CrystalDiskInfo\unins000.exe 2013-11-19 09:15:19 E714A26715478EAC94DEB4514BF68EA2 35300192 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.57\31.0.1650.57_chrome_installer.exe 2013-11-18 19:26:24 ED45D1C3FDA215374FBCFC161A57AA80 467456 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2013-11-18 19:26:24 CC02FE4520CA886508069245D9A6962F 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2013-11-18 19:26:24 C8A8321292A459B0A17FB39A782A5C74 806096 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2013-11-18 19:26:24 7F7F391491C315A4A72EFCAC0D34FA93 25600 ----a-w- C:\Program Files (x86)\Internet Explorer\ExtExport.exe 2013-11-18 19:26:23 D68007F924B9F387AA7C76F48D0A260A 223232 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2013-11-18 19:26:23 70D721CC971A9EFFCF7845CEFBB02704 480256 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2013-11-18 19:26:23 41F922D6A794C0F8425C8436D7077C84 359632 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe 2013-11-18 19:26:23 0685765C0CBE095BA0C6C8790BAE21EF 804560 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2013-11-18 19:08:56 1A7C91AC6F14EBB22688704A13DC8D17 12598112 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.57\31.0.1650.57_30.0.1599.101_chrome_updater.exe === C: other files == 2013-11-24 13:06:44 FC83B0DF70D517DB62A9ABBC04AD503D 60577000 ----a-w- C:\Users\Public\Desktop\sample_20132411_1406.zip 2013-11-23 17:36:50 BB3955C60B9AFC3DE1990026964D15AC 13507 ----a-w- C:\Users\User\Downloads\MemTest.zip 2013-11-19 20:38:45 84F545B40A251CA60A93D87B332BA757 121069 ----a-w- C:\Users\User\Downloads\memtest86+-5.01.usb.installer.zip 2013-11-19 20:36:46 72244604A881112D7AB47139AD0C7323 59435 ----a-w- C:\Users\User\Downloads\memtest86+-5.01.iso.zip 2013-11-18 20:37:01 36B61EF01992B7F17257607C3E455E1C 1573 ----a-w- C:\Users\User\Downloads\bluescreenview_dutch.zip 2013-11-18 20:34:43 6069027ED1F638027CE11223AD991A29 84917 ----a-w- C:\Users\User\Downloads\bluescreenview-x64.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\Software\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "HPConnectionManager"="C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" "HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp" "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "HP Software Update"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\(default)] "command"="" "hkey"="HKLM" "item"="(default)" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" "hkey"="HKLM" "item"="AdobeAAMUpdater-1.0" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS6ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DAEMON Tools Lite" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DNS7reminder] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DNS7reminder" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Nuance\\NaturallySpeaking11\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\Nuance\\NaturallySpeaking11\\Ereg.ini\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easybits Recovery] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Easybits Recovery" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\EasyBits For Kids\\ezRecover.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Facebook Update" "hkey"="HKCU" "command"="\"C:\\Users\\User\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LaCie Desktop Manager Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LaCie Desktop Manager Startup" "hkey"="HKCU" "command"="\"C:\\Program Files\\LaCie\\Desktop Manager\\LaCieDesktopManagerStatusItem.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Start WingMan Profiler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Start WingMan Profiler" "hkey"="HKLM" "command"="C:\\Program Files\\Logitech\\Gaming Software\\LWEMon.exe /noui" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TomTomHOME.exe" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\" -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqtra08.exe" "item"="HP Digital Imaging Monitor" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wi-Fi MediaConnect.lnk] "item"="Wi-Fi MediaConnect" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Wi-Fi MediaConnect.lnk" "backup"="C:\\Windows\\pss\\Wi-Fi MediaConnect.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\Philips\\WI-FIM~1\\WI-FIM~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "item"="Dropbox" "path"="C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\User\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:@C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15/02/2012 20:42] C:\Windows\tasks\HPCeeScheduleForUSER-HP$.job --a------ [Undetermined Task] C:\Windows\tasks\HPCeeScheduleForUser.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13/09/2010 21:15] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-User-HP-User" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HP-Online updateprogramma" [C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForUser" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForUSER-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{0D8F6337-6B95-4168-8520-367ADEE657A6}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{10FC14E5-C21C-48AF-BD68-A0A3934EE9B1}" ["c:\users\user\appdata\local\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{44BC57C6-383F-45C6-867E-1E0546EAD0EA}" ["c:\users\user\appdata\local\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\{6DEFA008-AEC8-466D-9CBB-DB94FF459703}" ["c:\users\user\appdata\local\google\chrome\application\chrome.exe"] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "fmconverter@gmail.com"="C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" [08/03/2013 14:45] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [14/02/2012 18:09] ==== Firefox Extensions ====================== ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f53n8y7f.default - Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox - BS Player ControlBar - %ProfilePath%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - TrueSuite Website Logon - %AppDir%\extensions\websitelogon@truesuite.com - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\f53n8y7f.default 855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dfaldikcoaplhepekpbngkepfcoiihef - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[22/08/2011 04:50] jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[11/09/2012 13:45] ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\User\AppData\Local\Temp\ccex.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[] Google Docs - User - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - User - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - User - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - User - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Website Logon - User - Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef AdBlock - User - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Google Wallet - User - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - User - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{AD2EFB87-C4AD-40F7-89A7-89FEB8405C4D}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {AD2EFB87-C4AD-40F7-89A7-89FEB8405C4D} Google Url="http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" {D944BB61-2E34-4DBF-A683-47E505C587DC} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-978257931-2792700483-2985541856-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{60302595-BDA0-466F-BE18-CC528AC8B4C4}: NameServer = 8.8.8.8,8.8.8.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{7D98AD8F-223C-41E8-AFC9-6F55F6CFB9DF}: NameServer = 0.0.0.0 O17 - HKLM\System\CS1\Services\Tcpip\..\{60302595-BDA0-466F-BE18-CC528AC8B4C4}: NameServer = 8.8.8.8,8.8.8.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{60302595-BDA0-466F-BE18-CC528AC8B4C4}: NameServer = 8.8.8.8,8.8.8.4 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LaCieDesktopManagerService - Unknown owner - C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\User\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on zo 24/11/2013 at 14:26:29,55 ======================