
Zoek.exe v5.0.0.0 Updated 28-10-2014
Tool run by Hp on wo 29/10/2014 at 14:24:08,32.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Hp\Downloads\zoek.exe    [Scan all users] [Script inserted] 

==== System Restore Info ======================

29/10/2014 15:56:05 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Arduino2 deleted successfully
C:\PROGRA~2\Bel2011 deleted successfully
C:\PROGRA~2\Mozilla Firefox.bak deleted successfully
C:\PROGRA~2\PassGuide deleted successfully
C:\Program Files\log deleted successfully
C:\Program Files\Symantec deleted successfully
C:\Users\Gast\AppData\Roaming\Apple Computer deleted successfully
C:\Users\Gast\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Hp\AppData\Roaming\Download Manager deleted successfully
C:\Users\Hp\AppData\Roaming\iolo deleted successfully
C:\Users\Hp\AppData\Roaming\Snapfish deleted successfully
C:\Users\Hp\AppData\Roaming\WinRAR deleted successfully
C:\Users\Gast\AppData\Local\VirtualStore deleted successfully
C:\Users\Hp\AppData\Local\CRE deleted successfully
C:\Users\Hp\AppData\Local\HP MediaSmart Video deleted successfully
C:\Users\Hp\AppData\Local\LogMeIn Rescue Applet deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1240993424-3555931370-692324636-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411391106} deleted successfully
HKEY_USERS\S-1-5-21-1240993424-3555931370-692324636-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411391106} deleted successfully
HKEY_USERS\S-1-5-21-1240993424-3555931370-692324636-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0A96E18B-72D5-4C85-9F0B-EA5EB0D1BE81} deleted successfully
HKEY_USERS\S-1-5-21-1240993424-3555931370-692324636-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F483E6C-89F4-468A-967F-E00A9B4BFC0F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411391106} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411391106} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411391106} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1240993424-3555931370-692324636-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{1631550F-191D-4826-B069-D9439253D926} deleted successfully
HKEY_USERS\S-1-5-21-1240993424-3555931370-692324636-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully
HKEY_USERS\S-1-5-21-1240993424-3555931370-692324636-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\esgiguard deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\esgiguard deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\eq21ypc6.default

user.js not found
---- Lines BabylonToolbar removed from prefs.js ----
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "orgnl");
user_pref("extensions.BabylonToolbar.bbDpng", 7);
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", false);
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.lastDP", 7);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
user_pref("extensions.BabylonToolbar.newTab", false);
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.propectorlck", 93428619);
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.BabylonToolbar.smplGrp", "azb");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://isearch.babylon.com/?babsrc=NT_ss&mntrId=2029109f000000000000ac8112431763");
---- FireFox user.js and prefs.js backups ---- 

prefs_20142910_1621_.backup

ProfilePath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\i6eorxni.default

user.js not found
---- Lines certified-toolbar removed from prefs.js ----
user_pref("browser.newtab.url", "http://newtab.certified-toolbar.com/nff?si=41460&tid=592&new=true");
user_pref("browser.startup.homepage", "http://search.certified-toolbar.com?si=41460&home=true&tid=592");
user_pref("keyword.URL", "http://search.certified-toolbar.com?si=41460&tid=592&bs=true&q=");
---- Lines Web Search removed from prefs.js ----
user_pref("browser.search.defaultengine", "Web Search");
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.order.1", "Web Search");
user_pref("browser.search.selectedEngine", "Web Search");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ---- 

prefs_20142910_1621_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] 
"Application Restart #8"=- 
"Application Restart #7"=- 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] 
"My Web Search Bar Search Scope Monitor"=- 

==== Deleting Files \ Folders ======================

C:\PROGRA~2\MYWEBS~1 not found
C:\Program Files (x86)\LyricsSay-15 not found
C:\Users\Hp\AppData\Local\Pokki deleted
C:\Program Files\Enigma Software Group deleted
C:\Windows\syswow64\appdata deleted
C:\Users\Hp\.android deleted
C:\PROGRA~2\GUTC986.tmp deleted
C:\PROGRA~2\GUMC985.tmp deleted
C:\PROGRA~2\SaveShare deleted
C:\PROGRA~2\Pearson IT Certification Practice Test deleted
C:\Users\Hp\AppData\Roaming\burnaware.ini deleted
C:\Users\Hp\AppData\Roaming\gns3.ini deleted
C:\Users\Hp\AppData\Local\Wondershare deleted
C:\Users\Hp\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 deleted
C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\Hp\AppData\LocalLow\store-pp.jbs deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\BabylonToolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\searchqutoolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\searchquband deleted
C:\Windows\wininit.ini deleted
C:\windows\SysNative\tasks\ProtectedSearch deleted
C:\windows\SysNative\tasks\LyricsSay-15-chromeinstaller deleted
C:\windows\SysNative\tasks\LyricsSay-15-firefoxinstaller deleted
C:\Windows\tasks\LyricsSay-15-chromeinstaller.job deleted
C:\Windows\tasks\LyricsSay-15-firefoxinstaller.job deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Hp\unpacksdc.exe deleted
C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\eq21ypc6.default\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com deleted
C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\eq21ypc6.default\extensions\{FF4F914F-10C9-41AA-86F7-BC795E6E31D7} deleted
C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\eq21ypc6.default\extensions\pluswinks@PlusWinks.xpi deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Hp\AppData\Local\Temp ====
2014-10-27 14:02:49	A2B0924D50F4435FD389499047CE553A	1292192	----a-w-	C:\Users\Hp\AppData\Local\Temp\dllnt_dump.dll
2014-10-19 20:58:16	5C73E64374D9BA37AC5569D1F7DE5C9B	665682	----a-w-	C:\Users\Hp\AppData\Local\Temp\sqlite3.dll
2014-10-18 06:32:34	EE407C5F74D8B35793B1FB3527520F15	3637824	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\HPDiagnosticCore.dll
2014-10-18 06:32:34	D199B1ADFFB14070E8C4DA9E879EDBEE	309760	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\DIFxAPI.dll
2014-10-18 06:32:34	ADE6AA45B8E9DDD5528A8FCB5C8145DD	4944392	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\HPDiagnosticCoreUI.exe
2014-10-18 06:32:34	A8CCE8212C38B19FB32450FA84F3EF66	511296	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\CoreUtils.dll
2014-10-18 06:32:34	9D00F1AB38581BF88B14FE2D252A146A	59200	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\OESISCore.dll
2014-10-18 06:32:34	98ABCBD70CDA02B76E1A1E46C16192FA	35176	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\hpodss01.dll
2014-10-18 06:32:34	799F1ECF072DDFB8832B47579192566F	2139144	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\FileExtractor.exe
2014-10-18 06:32:34	67EC459E42D3081DD8FD34356F7CAFC1	770384	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\msvcr100.dll
2014-10-18 06:32:34	62B3ECAC5E2832CDD7C29CC711C4ABB6	219968	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\FWManager.dll
2014-10-18 06:32:34	585D2EB9FBED6B7B9D0107BFB5C94043	531512	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\DeviceManager\DIFxAPI.dll
2014-10-18 06:32:34	40765220E2EA5CEBD2423D89A033FEC7	2278920	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\DeviceManager\DeviceManager.exe
2014-10-18 06:32:34	3B69E2DC4064DC69C5DAC34EDE63BCDD	62272	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\Impl_FirewallLib.dll
2014-10-18 06:32:34	176B8323665484EA625FB3C693EF1AE2	81728	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\Impl_SoftwareProductLib.dll
2014-10-18 06:32:34	03E9314004F504A14A61C3D364B62F66	421200	----a-w-	C:\Users\Hp\AppData\Local\Temp\7zS2A69\msvcp100.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-16 09:38:23	A139A5E6B34F136405B030EA04595A20	156824	----a-w-	C:\Windows\SysWOW64\mscorier.dll
2014-10-16 09:38:23	8580484193CE0A0788830FBAB97CF13B	1131664	----a-w-	C:\Windows\SysWOW64\dfshim.dll
2014-10-16 09:38:22	D5D5BBF6AA45D820BAA0BD1303B8AAF6	81560	----a-w-	C:\Windows\SysWOW64\mscories.dll
2014-10-16 09:37:59	DF59F2510EDABBF216FA837D5D964106	51200	----a-w-	C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 09:37:59	BD66BA5A924DCC8392CFAEB67131A246	597504	----a-w-	C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 09:37:59	604C67F58747D6A333EA641BCCC2C842	32768	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2014-10-16 09:37:59	201EAFA3F17BE4990999C28657212D8E	69632	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 09:37:58	F91E55DA404B834648A3B0A2477C10DB	17484800	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2014-10-16 09:37:58	D78C4DB153874DB7AC6AA6A03BE38B66	331448	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 09:37:58	B89F5D2B3D3BC730FAB93CFCD931742F	607744	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 09:37:58	B5B1C277E46A5B0E2FC63E5FC5624CE5	365056	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 09:37:58	97F2F82BF0B4AF86A85FFDD78DFDC87D	60416	----a-w-	C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 09:37:58	3065FF6794A7FDC882F0DA8B6230AB6E	1190400	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2014-10-16 09:37:57	8FAA1E45198C4ECEC691326B7F5E71C5	61952	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2014-10-16 09:37:57	835807E2AC0A8FA15B9A2EA80E2D5169	2017280	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 09:37:57	58EC068116BCE16A94B1B2C429A35E41	2724864	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 09:37:56	B74B348D13134D67B4F68ADDDC76A447	43008	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 09:37:56	55A400FDB21D157E947A0EE65AEDB1B3	2187264	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2014-10-16 09:37:55	EF94FA1F3D90520CCA4AE65D639A9E62	11807232	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2014-10-16 09:37:55	410BECCA3354D471E45344F0754CC0E4	243200	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 09:37:55	158690737381C49120165A7F3F5D13EB	440320	----a-w-	C:\Windows\SysWOW64\ieui.dll
2014-10-16 09:37:52	FBE852643EDEB9D6D6502AFE6017CD64	678400	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 09:37:52	DF4BA130BD41F29A894E026E456B8481	454656	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2014-10-16 09:37:52	D03EB7605435FE24ADE670661A932651	4201472	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2014-10-16 09:37:52	AA103FEAD721863B86A1B1260948E662	112128	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 09:37:52	8E8E6E7B4CC27B92F40F74E29C1F6290	1068032	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 09:37:52	7AE80F921027CF88CB9D0433088A3E55	1810944	----a-w-	C:\Windows\SysWOW64\wininet.dll
2014-10-16 09:37:52	6D4DD5706C297234F457B9D9018C493F	61952	----a-w-	C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 09:37:52	2409C41081D657A3FABE3659BB989AFB	164864	----a-w-	C:\Windows\SysWOW64\msrating.dll
2014-10-16 09:37:10	3888D02CE6413C2A06D903DE1C778BF5	2363904	----a-w-	C:\Windows\SysWOW64\msi.dll
2014-10-16 09:36:20	37C395C075E6FA66623C82DE50A8FAED	372736	----a-w-	C:\Windows\SysWOW64\rastls.dll
2014-10-16 09:36:08	3ABACF6D4EBEA5EF3014FEFA1D8FF5F8	3221504	----a-w-	C:\Windows\SysWOW64\mstscax.dll
2014-10-16 09:36:06	0DBD0B4D4766CADEB8C30242A0611395	1051136	----a-w-	C:\Windows\SysWOW64\mstsc.exe
2014-10-16 09:36:05	FD67683FBA9B2C4BB551780BD8846F64	157696	----a-w-	C:\Windows\SysWOW64\winsta.dll
2014-10-16 09:36:04	97896EE4254176CFDD9010B5B243B89F	131584	----a-w-	C:\Windows\SysWOW64\aaclient.dll
2014-10-16 09:36:04	13829161C1297F4170A5546430147BBD	65536	----a-w-	C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 09:36:03	DB1D6751689B4A7EE2439C64F2ADF1C9	17408	----a-w-	C:\Windows\SysWOW64\credssp.dll
2014-10-16 09:33:43	C120855C1133DF8FFD5E0C04A7E70B67	67072	----a-w-	C:\Windows\SysWOW64\packager.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-16 09:38:24	5602D4C331FD7938ADE06D9242138922	3198976	----a-w-	C:\Windows\Sysnative\win32k.sys
2014-10-16 09:38:23	5083CC5456FE8A5D21ECF9E32ACC779F	1943696	----a-w-	C:\Windows\Sysnative\dfshim.dll
2014-10-16 09:38:23	2D6C77A3DB3D8EE00FB55834A67E4073	156312	----a-w-	C:\Windows\Sysnative\mscorier.dll
2014-10-16 09:38:22	50EC828370CB5F5E9FF08B10F1B701C8	73880	----a-w-	C:\Windows\Sysnative\mscories.dll
2014-10-16 09:38:04	974F83636F841739FEA5CC6219BFB241	276480	----a-w-	C:\Windows\Sysnative\generaltel.dll
2014-10-16 09:38:03	510D5492BCA9E63E10E3CE0285965722	507392	----a-w-	C:\Windows\Sysnative\aepdu.dll
2014-10-16 09:38:02	767D478BB4B2F84B47B3C0956E6A5A05	424448	----a-w-	C:\Windows\Sysnative\aeinv.dll
2014-10-16 09:37:58	DD8E9C85F9F428859713055183661956	48640	----a-w-	C:\Windows\Sysnative\ieetwproxystub.dll
2014-10-16 09:37:58	C109D5136DF0A6CA668C7AD888AA125F	2724864	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2014-10-16 09:37:58	739D9C9F220CCEDAFD8212C6B976B60D	33792	----a-w-	C:\Windows\Sysnative\iernonce.dll
2014-10-16 09:37:58	4D21F4FDF57DF86FAD9149ED1C071D15	72704	----a-w-	C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-10-16 09:37:58	29C0530E0F120AC3E583889DCD6A63DD	710656	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2014-10-16 09:37:57	87D14AF9A2C3F3D5233B613CFA9C321D	378552	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2014-10-16 09:37:56	E9109E91BB8366759822DC2FC9B5DA8B	111616	----a-w-	C:\Windows\Sysnative\ieetwcollector.exe
2014-10-16 09:37:56	B07E9AFF50DC007E7D5AC54736AA5A25	4096	----a-w-	C:\Windows\Sysnative\ieetwcollectorres.dll
2014-10-16 09:37:56	0F5A279522FA6A30C9C5A297A1064933	1447936	----a-w-	C:\Windows\Sysnative\urlmon.dll
2014-10-16 09:37:55	DAF317E9F4CEC206D0D443014A427341	446464	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2014-10-16 09:37:55	45B736E3184B68515FDB71D4083A9BCF	731136	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2014-10-16 09:37:54	646C004F58AA4762F92BF7C595216C37	2108416	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2014-10-16 09:37:54	0467A4DDA6B2CE8E27A8178BF035BA18	66048	----a-w-	C:\Windows\Sysnative\iesetup.dll
2014-10-16 09:37:53	050FD78BA4EFA62417F61F4C098B5B25	2796032	----a-w-	C:\Windows\Sysnative\iertutil.dll
2014-10-16 09:37:52	BE37AA454460539877420951EEA16EF0	51200	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2014-10-16 09:37:51	98241BE7EB26C41562D33393DD12608F	289280	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2014-10-16 09:37:51	88D2165E07CEDC3F34CBE1A5A807673D	595968	----a-w-	C:\Windows\Sysnative\ieui.dll
2014-10-16 09:37:51	7E60EE8A68F7270D1E1662CBA275D4FA	13619200	----a-w-	C:\Windows\Sysnative\ieframe.dll
2014-10-16 09:37:50	F9FA80C1CB6EAC55A7F534937F6AC4E4	139264	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2014-10-16 09:37:50	DB101A62F9BF8E7765685950169EF52B	758272	----a-w-	C:\Windows\Sysnative\jscript9diag.dll
2014-10-16 09:37:50	D3B07C2FABEAE749E4E51F1E93CABA23	5829632	----a-w-	C:\Windows\Sysnative\jscript9.dll
2014-10-16 09:37:50	A2105E46DC9CE38A1D57FB124436E1BC	85504	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2014-10-16 09:37:50	70527367E5779C3537992F0768D9C59A	1249280	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2014-10-16 09:37:49	EB710A3AF29BEC4EE7475A1ED5C575DE	195584	----a-w-	C:\Windows\Sysnative\msrating.dll
2014-10-16 09:37:49	9D98D4F390F0B14A782F3B931E613A1A	2309632	----a-w-	C:\Windows\Sysnative\wininet.dll
2014-10-16 09:37:49	328143D6BC5951E1797BD524C4E98CDC	547328	----a-w-	C:\Windows\Sysnative\vbscript.dll
2014-10-16 09:37:49	30FB9ABB6C45C3299CFA5F556904DD5F	83968	----a-w-	C:\Windows\Sysnative\MshtmlDac.dll
2014-10-16 09:37:49	2E5AF1507CBE735B4D7EBFF1908EA0E1	775168	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2014-10-16 09:37:48	7415B29AFE2E4494A57358B8C7E78600	23631360	----a-w-	C:\Windows\Sysnative\mshtml.dll
2014-10-16 09:37:48	15847E14811FEDDF77E934AF4F0BEF45	940032	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-10-16 09:37:10	ADD3F2C3E6B89BD16D4BFC61B3658DD9	3241472	----a-w-	C:\Windows\Sysnative\msi.dll
2014-10-16 09:36:20	DD7C31F12936795C0516BB6C59CBCCD8	424448	----a-w-	C:\Windows\Sysnative\rastls.dll
2014-10-16 09:36:07	467D0E831D6DF8DA16BF856D0537A153	3722240	----a-w-	C:\Windows\Sysnative\mstscax.dll
2014-10-16 09:36:06	8516703179C3BDE90A3ED31B9EC16F8D	1118720	----a-w-	C:\Windows\Sysnative\mstsc.exe
2014-10-16 09:36:06	4FC4C50985E5B840F4D72E57286887B8	681984	----a-w-	C:\Windows\Sysnative\termsrv.dll
2014-10-16 09:36:05	C23B6D9D16FD86F446BE607CA18389D9	235520	----a-w-	C:\Windows\Sysnative\winsta.dll
2014-10-16 09:36:05	0374D83D003043E7DE33036294A2EFAE	150528	----a-w-	C:\Windows\Sysnative\rdpcorekmts.dll
2014-10-16 09:36:04	85E03B6E05939845BC924C91AEDE0E24	86528	----a-w-	C:\Windows\Sysnative\TSpkg.dll
2014-10-16 09:36:03	560CF90C026C0FE51CC6820302FF94FE	22016	----a-w-	C:\Windows\Sysnative\credssp.dll
2014-10-16 09:33:43	1DB68B8A1E3BDE3C19F1D3612CE436CA	77312	----a-w-	C:\Windows\Sysnative\packager.dll
====== C:\Windows\Sysnative\drivers =====
2014-10-27 14:02:49	A1965DFC0CD91E7CFC42925F8F597274	34808	----a-w-	C:\Windows\Sysnative\drivers\TrueSight.sys
2014-10-16 09:36:05	FE571E088C2D83619D2D48D4E961BF41	212480	----a-w-	C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-16 09:36:03	E232A3B43A894BB327FC161529BD9ED1	39936	----a-w-	C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
2014-10-19 17:16:07	A91F4487BE483CB766132E64CEDA16A7	3824	----a-w-	C:\Windows\Sysnative\Tasks\Opera scheduled Autoupdate 1384514592
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-10-27 09:41:34	--------	d-----w-	C:\Program Files\trend micro
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Hp\AppData\Roaming ======
2014-10-19 17:18:27	--------	d-----w-	C:\Users\Hp\AppData\Local\NPE
2014-10-11 01:57:29	--------	d-----w-	C:\Users\Hp\AppData\Roaming\Macrovision
====== C:\Users\Hp ======
2014-10-29 02:26:38	--------	d-----w-	C:\ProgramData\Recovery
2014-10-27 14:02:46	--------	d-----w-	C:\ProgramData\RogueKiller
2014-10-27 14:02:19	DEB8E35002DAE76ED0A8512889539A7A	16281688	----a-w-	C:\Users\Hp\Downloads\RogueKiller.exe
2014-10-27 13:37:36	D40E7B5FBB8E0EAA7C5C294389AF95AB	4181856	----a-w-	C:\Users\Hp\Downloads\tdsskiller.exe
2014-10-27 09:40:57	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Hp\Downloads\RSITx64.exe
2014-10-19 17:18:16	035E8BC9483AE4186CBEECFCA76B0032	3078800	------w-	C:\Users\Hp\Downloads\NPE (1).exe
2014-10-19 17:16:01	035E8BC9483AE4186CBEECFCA76B0032	3078800	------w-	C:\Users\Hp\Downloads\NPE.exe
2014-10-18 06:32:57	--------	d-----w-	C:\ProgramData\HP
2014-10-18 06:31:27	E968720958F87CF02556D28A7A31A8EC	6689776	----a-w-	C:\Users\Hp\Downloads\HPPSdr.exe

====== C: exe-files ==
2014-10-29 02:46:18	DCC534F22A5A4B43E5123A772D3ECF5A	895568	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.111\38.0.2125.111_38.0.2125.104_chrome_updater.exe
2014-10-27 18:36:42	7020603F39764805714124CD1C73BBBB	73336	----a-w-	C:\Program Files (x86)\Opera\25.0.1614.63\wow_helper.exe
2014-10-27 18:36:41	C0F602BA79DA7737FCB637D362C1F39E	500344	----a-w-	C:\Program Files (x86)\Opera\25.0.1614.63\opera_crashreporter.exe
2014-10-27 18:36:41	00047DC0EC19F01629B719A670E366BF	3190392	----a-w-	C:\Program Files (x86)\Opera\25.0.1614.63\opera_autoupdate.exe
2014-10-27 18:36:40	C31E9D1B03ECE0B680516FB5C9D24EDE	50073208	----a-w-	C:\Program Files (x86)\Opera\25.0.1614.63\opera.exe
2014-10-27 18:36:37	6AFE2C5C5B2D9EA3B069ABD478E19DF5	1118328	----a-w-	C:\Program Files (x86)\Opera\25.0.1614.63\installer.exe
2014-10-27 14:02:19	DEB8E35002DAE76ED0A8512889539A7A	16281688	----a-w-	C:\Users\Hp\Downloads\RogueKiller.exe
2014-10-27 13:37:36	D40E7B5FBB8E0EAA7C5C294389AF95AB	4181856	----a-w-	C:\Users\Hp\Downloads\tdsskiller.exe
2014-10-27 09:41:35	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Hp.exe
2014-10-27 09:40:57	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Hp\Downloads\RSITx64.exe
=== C: other files ==
2014-10-27 14:02:49	A1965DFC0CD91E7CFC42925F8F597274	34808	----a-w-	C:\Windows\System32\drivers\TrueSight.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1240993424-3555931370-692324636-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe"
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"PhotoShow Deluxe Media Manager"="C:\PROGRA~2\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Tonido"="C:\Users\Hp\AppData\Roaming\Tonido\launcher.exe /nobrowser"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"NBJ"="C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe"
"Akamai NetSession Interface"="C:\Users\Hp\AppData\Local\Akamai\netsession_win.exe"
"Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean"
"SkyDrive"="C:\Users\Hp\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe -launchedbylogin"
"PDFHook"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe"
"PDF5 Registry Controller"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe"
"ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun"
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"
"vmware-tray.exe"="C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"Wondershare Helper Compact.exe"="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\qttask.exe -atboottime"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe"
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"PhotoShow Deluxe Media Manager"="C:\PROGRA~2\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Tonido"="C:\Users\Hp\AppData\Roaming\Tonido\launcher.exe /nobrowser"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"NBJ"="C:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe"
"Akamai NetSession Interface"="C:\Users\Hp\AppData\Local\Akamai\netsession_win.exe"
"Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean"
"SkyDrive"="C:\Users\Hp\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background"
"HPWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="   "

==== Startup Folders ======================

2012-06-19 17:06:44	989	----a-w-	C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
2014-08-21 13:03:29	834	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2014-03-14 10:48:05	2086	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MioSync.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [24/09/2014 11:25]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/10/2014 21:13]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20/10/2014 21:13]
C:\Windows\tasks\HPCeeScheduleForHp.job --a------ C:\Program Files (x86)\Hewlett-PaC:kard\HP C:eement\HPC:EE.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Hp-HP-Hp" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\Express Files Updater" [C:\Program Files (x86)\ExpressFiles\EFupdater.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForHp" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe"]
"C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1384514592" [C:\Program Files (x86)\Opera\launcher.exe]
"C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{97F4ECA8-A9FE-416E-A591-65D830A9AB23}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{0D3D2583-1B83-4B7A-9A20-282736198E6E}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/4.2.0.166.321/nl/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Norton Anti-Theft\Norton Error Analyzer" [C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Anti-Theft\Norton Error Processor" [C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\eq21ypc6.default
- QuickShare Widget - %ProfilePath%\extensions\{2327d711-3f88-4ce6-a8a9-9c3cf00c8f42}
- Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi

ProfilePath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\i6eorxni.default
- Free Download Manager plugin - %ProfilePath%\extensions\fdm_ffext@freedownloadmanager.org
- DownTango Launcher - %ProfilePath%\extensions\{890a3e16-521d-4d00-bdf9-e07218d09c8d}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\eq21ypc6.default
DFC9460CC37E5C414DC4680B10C19E7A	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll -	Shockwave Flash
5DD9F33FBBCDED9A297CA244A7982D7B	- C:\Users\Hp\AppData\Local\TNT2\2.0.0.1534\npTNT2Ghost.dll -	npAPI Ghost Plugin
D6B24174CC26EB0AC7F169485528E248	- C:\Users\Hp\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll -	npAPI Plugin
ED3D850C960401B9CBF0AFC3A066073D	- C:\Windows\SysWOW64\npdeployJava1.dll -	Java Deployment Toolkit 6.0.330.3
31DA97B4682187C6639BBE2215814FDA	- C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft� Windows� Operating System

Profilepath: C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\i6eorxni.default
B2D76B8CC7BAFBFDDDB69459847F0159	- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll -	Java(TM) Platform SE 6 U20


==== Deleted Firefox Extensions ======================

C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\eq21ypc6.default\extensions\{2327d711-3f88-4ce6-a8a9-9c3cf00c8f42} deleted
C:\Users\Hp\AppData\Roaming\Mozilla\Firefox\Profiles\i6eorxni.default\extensions\{890a3e16-521d-4d00-bdf9-e07218d09c8d} deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ejdabpabkmacjiiooccecnpakonoibah - C:\Program Files (x86)\DownTangoLauncherToolbar\chrome\DownTangoLauncherToolbar.crx[]
iikflkcanblccfahdhdonehdalibjnif - No path found[]

DownTango Launcher - Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdabpabkmacjiiooccecnpakonoibah
Norton Identity Safe - Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

==== Chromium Startpages ======================

C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://websearch.simplesearches.info/?pid=714&r=2013/08/18&hid=2122663564&lg=EN&cc=BE&unqvl=31",


==== Chromium Fix ======================

C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.shared.certified-toolbar.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.shared.certified-toolbar.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ciuvo.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.ciuvo.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.good-results.info_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.good-results.info_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.simplesearches.info_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.simplesearches.info_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.simplespeedy.info_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.simplespeedy.info_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultfriendfinder.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_geobanner.adultfriendfinder.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_geobanner.adultfriendfinder.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.sureonlinefind.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.sureonlinefind.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_servedby.dealply.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_servedby.dealply.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_eservices.minfin.fgov.be_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_eservices.minfin.fgov.be_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.speedanalysis.net_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.speedanalysis.net_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_secure.tlbsearch.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_secure.tlbsearch.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.stansberryresearch.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.stansberryresearch.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tlbsearch.com_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tlbsearch.com_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdabpabkmacjiiooccecnpakonoibah deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejdabpabkmacjiiooccecnpakonoibah_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejdabpabkmacjiiooccecnpakonoibah_0.localstorage-journal deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage deleted successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NIS&pvid=21.4.0.13"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=nl&pid=NIS&pvid=21.4.0.13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"=""
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{5D3D18CF-279B-46F5-8075-380E6604046B} Wikipedia  Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}"
{97038AEE-C0D8-41A7-AC90-DB3D66190004} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E7B3F08F-ACA4-F205-426E-48D9D4AF08B8} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6FACF45-65F5-5CCC-9B81-91CABD94DFB2} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{632DC7A8-1547-10D5-E509-425BFA141E7F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7EEDE454-7CA0-37C4-887C-5B5852737CDC} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95E540DB-87D1-24CB-FC78-0E31310A06E5} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DED9D3FA-E327-A003-8EF8-FD0A546D19D7} deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ejdabpabkmacjiiooccecnpakonoibah deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Hp\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hp\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hp\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hp\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Hp\AppData\Local\Mozilla\Firefox\Profiles\eq21ypc6.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Hp\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Hp\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2764 folders=168 110253888 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gast\AppData\Local\Temp emptied successfully
C:\Users\Hp\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Hp\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on wo 29/10/2014 at 16:47:19,22 ======================