Zoek.exe v5.0.0.0 Updated 21-December-2014 Tool run by Stijn on 22/12/2014 at 16:39:07.14. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Stijn\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 22/12/2014 16:42:52 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\BrowseToSave deleted successfully C:\PROGRA~2\BuyNsave deleted successfully C:\PROGRA~2\MediaFire Desktop deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\WebSearch deleted successfully C:\PROGRA~2\YoutubeAdBlocke deleted successfully C:\PROGRA~3\Guitar Pro 6 deleted successfully C:\PROGRA~3\WinZip deleted successfully C:\Users\Stijn\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Stijn\AppData\Roaming\WinRAR deleted successfully C:\Users\Stijn\AppData\Local\Conduit deleted successfully C:\Users\Stijn\AppData\Local\MediaGet2 deleted successfully C:\Users\Stijn\AppData\Local\PackageAware deleted successfully C:\Users\Stijn\AppData\Local\Unity deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1174939576-1321101383-4010419509-1002\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\S-1-5-21-1174939576-1321101383-4010419509-1002\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully HKEY_USERS\S-1-5-21-1174939576-1321101383-4010419509-1002\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe C:\Users\Stijn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\ProgrammaStijn\scanprint\OpWareSE4.exe C:\ProgrammaStijn\itunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Velocify\dmw.exe D:\ProgrammaStijn\firefox\firefox.exe D:\ProgrammaStijn\firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe C:\Users\Stijn\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update PacFunction deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update PacFunction deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update PacFunction deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update PacFunction deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util PacFunction deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util PacFunction deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util PacFunction deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util PacFunction deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Stijn\AppData\Roaming\AMozilla\AFirefox\Profiles\ff.profile user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_122014_1753_.backup ProfilePath: C:\Users\Stijn\AppData\Roaming\Mozilla\Firefox\Profiles\ldgtfxii.default ---- Lines CT2795644 removed from prefs.js ---- user_pref("CT2795644..clientLogIsEnabled", true); user_pref("CT2795644..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2795644..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2795644.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); user_pref("CT2795644.CTID", "ct2795644"); user_pref("CT2795644.CurrentServerDate", "31-8-2011"); user_pref("CT2795644.DialogsAlignMode", "LTR"); user_pref("CT2795644.DialogsGetterLastCheckTime", "Wed Aug 31 2011 13:13:11 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.DownloadReferralCookieData", ""); user_pref("CT2795644.EMailNotifierPollDate", "Wed Aug 31 2011 13:13:10 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.FeedLastCount129307499184506510", 0); user_pref("CT2795644.FeedPollDate129307499160288190", "Wed Aug 31 2011 13:13:10 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.FeedPollDate129307499184506510", "Wed Aug 31 2011 13:13:10 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.FirstServerDate", "6-6-2011"); user_pref("CT2795644.FirstTime", true); user_pref("CT2795644.FirstTimeFF3", true); user_pref("CT2795644.FixPageNotFoundErrors", true); user_pref("CT2795644.GroupingServerCheckInterval", 1440); user_pref("CT2795644.GroupingServiceUrl", "http://grouping.services.conduit.com/"); user_pref("CT2795644.HasUserGlobalKeys", true); user_pref("CT2795644.Initialize", true); user_pref("CT2795644.InitializeCommonPrefs", true); user_pref("CT2795644.InstallationAndCookieDataSentCount", 3); user_pref("CT2795644.InstallationType", "ConduitIntegration"); user_pref("CT2795644.InstalledDate", "Sun Jun 05 2011 23:26:13 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.IsGrouping", false); user_pref("CT2795644.IsMulticommunity", false); user_pref("CT2795644.IsOpenThankYouPage", false); user_pref("CT2795644.IsOpenUninstallPage", false); user_pref("CT2795644.LanguagePackLastCheckTime", "Sun Jun 05 2011 23:26:14 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.LanguagePackReloadIntervalMM", 1440); user_pref("CT2795644.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); user_pref("CT2795644.LastLogin_3.3.3.2", "Sun Jun 05 2011 23:26:14 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.LastLogin_3.6.0.10", "Wed Aug 31 2011 13:13:11 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.LatestVersion", "3.6.0.10"); user_pref("CT2795644.Locale", "en"); user_pref("CT2795644.MCDetectTooltipHeight", "83"); user_pref("CT2795644.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT2795644.MCDetectTooltipWidth", "295"); user_pref("CT2795644.MyStuffEnabledAtInstallation", true); user_pref("CT2795644.RadioIsPodcast", false); user_pref("CT2795644.RadioMediaID", "21411486"); user_pref("CT2795644.RadioMediaType", "Media Player"); user_pref("CT2795644.RadioMenuSelectedID", "EBRadioMenu_CT279564421411486"); user_pref("CT2795644.RadioShrinkedFromSetup", false); user_pref("CT2795644.RadioStationName", "Radio%20U%20(Alternative%20Xn)"); user_pref("CT2795644.RadioStationURL", "http://boss.streamos.com/wmedia-live/spirit/4418/24_spirit-radioulive_030207.asx"); user_pref("CT2795644.SavedHomepage", "basketsim.com"); user_pref("CT2795644.SearchFromAddressBarIsInit", true); user_pref("CT2795644.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2795644&SearchSource=2&q="); user_pref("CT2795644.SearchInNewTabEnabled", true); user_pref("CT2795644.SearchInNewTabIntervalMM", 1440); user_pref("CT2795644.SearchInNewTabLastCheckTime", "Sun Jun 05 2011 23:26:13 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT2795644.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"); user_pref("CT2795644.ServiceMapLastCheckTime", "Wed Aug 31 2011 13:13:10 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.SettingsLastCheckTime", "Sun Jun 05 2011 23:26:12 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.SettingsLastUpdate", "1306530423"); user_pref("CT2795644.ThirdPartyComponentsInterval", 504); user_pref("CT2795644.ThirdPartyComponentsLastCheck", "Sun Jun 05 2011 23:26:12 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.ThirdPartyComponentsLastUpdate", "1246786978"); user_pref("CT2795644.ToolbarShrinkedFromSetup", false); user_pref("CT2795644.TrusteLinkUrl", "http://trust.conduit.com/CT2795644"); user_pref("CT2795644.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityTool user_pref("CT2795644.Uninstall", true); user_pref("CT2795644.UserID", "UN21460793078514484"); user_pref("CT2795644.alertChannelId", "1187732"); user_pref("CT2795644.ct2795644.DialogsAlignMode", "LTR"); user_pref("CT2795644.ct2795644.FeedLastCount129307499184506510", 20); user_pref("CT2795644.ct2795644.InvalidateCache", false); user_pref("CT2795644.ct2795644.LanguagePackLastCheckTime", "Wed Aug 31 2011 13:13:11 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.ct2795644.Locale", "en"); user_pref("CT2795644.ct2795644.RadioLastCheckTime", "Wed Aug 31 2011 13:13:10 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.ct2795644.RadioLastUpdateIPServer", "3"); user_pref("CT2795644.ct2795644.RadioLastUpdateServer", "129302336714200000"); user_pref("CT2795644.ct2795644.SearchInNewTabLastCheckTime", "Wed Aug 31 2011 13:13:11 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.ct2795644.SettingsLastCheckTime", "Wed Aug 31 2011 13:13:09 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.ct2795644.SettingsLastUpdate", "1314606747"); user_pref("CT2795644.ct2795644.ThirdPartyComponentsLastCheck", "Wed Aug 31 2011 13:13:09 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.ct2795644.ThirdPartyComponentsLastUpdate", "1246786978"); user_pref("CT2795644.ct2795644.globalFirstTimeInfoLastCheckTime", "Wed Aug 31 2011 13:13:11 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.ct2795644.toolbarAppMetaDataLastCheckTime", "Wed Aug 31 2011 13:13:11 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.ct2795644.toolbarContextMenuLastCheckTime", "Wed Aug 31 2011 13:13:11 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit. user_pref("CT2795644.globalFirstTimeInfoLastCheckTime", "Sun Jun 05 2011 23:26:13 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.homepageProtectorEnableByLogin", true); user_pref("CT2795644.initDone", true); user_pref("CT2795644.isAppTrackingManagerOn", true); user_pref("CT2795644.isFirstRadioInstallation", false); user_pref("CT2795644.myStuffEnabled", true); user_pref("CT2795644.myStuffPublihserMinWidth", 400); user_pref("CT2795644.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" user_pref("CT2795644.myStuffServiceIntervalMM", 1440); user_pref("CT2795644.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF user_pref("CT2795644.oldAppsList", "129302227416544137,129302227416544138,111,129305953739669062,129307506352944211,129307482037475258,343689034677749 user_pref("CT2795644.searchProtectorDialogDelayInSec", 10); user_pref("CT2795644.searchProtectorEnableByLogin", true); user_pref("CT2795644.testingCtid", ""); user_pref("CT2795644.toolbarAppMetaDataLastCheckTime", "Sun Jun 05 2011 23:26:13 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.toolbarContextMenuLastCheckTime", "Sun Jun 05 2011 23:26:14 GMT+0200 (Romance (zomertijd))"); user_pref("CT2795644.usagesFlag", 1); user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2795644"); user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2795644", "\"1286271727\""); user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=ct2795644", "\"1286271727\""); user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2795644", "\"634501322816130000\""); user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT2795644/CT2795644", "\"1306530423\""); user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/ct2795644/CT2795644", "\"1314606747\""); user_pref("CommunityToolbar.ToolbarsList", "CT2849859,ConduitEngine,CT2795644"); user_pref("CommunityToolbar.ToolbarsList2", "CT2849859,CT2795644"); ---- Lines CT2849859 removed from prefs.js ---- user_pref("CommunityToolbar.EngineOwner", "CT2849859"); user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849859", "\"0\""); user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849859", "\"634386539058500000\""); user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT2849859/CT2849859", "\"1301829146\""); user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849859"); user_pref("CT2849859..clientLogIsEnabled", false); user_pref("CT2849859..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2849859..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2849859.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); user_pref("CT2849859.alertChannelId", "1241900"); user_pref("CT2849859.CTID", "CT2849859"); user_pref("CT2849859.CurrentServerDate", "23-4-2011"); user_pref("CT2849859.DialogsAlignMode", "LTR"); user_pref("CT2849859.DialogsGetterLastCheckTime", "Sat Apr 23 2011 17:12:31 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.DownloadReferralCookieData", ""); user_pref("CT2849859.EMailNotifierPollDate", "Sat Apr 23 2011 19:38:55 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.FeedLastCount129349798534969678", 359); user_pref("CT2849859.FeedPollDate129313974171006416", "Sat Apr 23 2011 19:12:30 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.FeedPollDate129313975698350231", "Sat Apr 23 2011 19:12:30 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.FeedPollDate129313976370850190", "Sat Apr 23 2011 19:12:31 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.FeedPollDate129313976648818968", "Sat Apr 23 2011 19:12:31 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.FeedPollDate129313977444757117", "Sat Apr 23 2011 19:12:31 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.FeedPollDate129313980389131455", "Sat Apr 23 2011 19:12:31 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.FeedPollDate129313980655381977", "Sat Apr 23 2011 19:12:31 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.FeedPollDate129313980886163259", "Sat Apr 23 2011 19:12:31 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.FeedPollDate129313981234756535", "Sat Apr 23 2011 19:12:55 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.FeedPollDate129313983226631720", "Sat Apr 23 2011 19:12:55 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.FeedPollDate129313983607725691", "Sat Apr 23 2011 19:12:55 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.FeedTTL129313974171006416", 10); user_pref("CT2849859.FeedTTL129313977444757117", 15); user_pref("CT2849859.FeedTTL129313980655381977", 5); user_pref("CT2849859.FeedTTL129313981234756535", 5); user_pref("CT2849859.FirstServerDate", "25-12-2010"); user_pref("CT2849859.FirstTime", true); user_pref("CT2849859.FirstTimeFF3", true); user_pref("CT2849859.FixPageNotFoundErrors", false); user_pref("CT2849859.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrl user_pref("CT2849859.globalFirstTimeInfoLastCheckTime", "Sat Apr 23 2011 17:12:31 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.GroupingServerCheckInterval", 1440); user_pref("CT2849859.GroupingServiceUrl", "http://grouping.services.conduit.com/"); user_pref("CT2849859.HasUserGlobalKeys", true); user_pref("CT2849859.Initialize", true); user_pref("CT2849859.InitializeCommonPrefs", true); user_pref("CT2849859.InstallationAndCookieDataSentCount", 3); user_pref("CT2849859.InstallationType", "UnknownIntegration"); user_pref("CT2849859.InstalledDate", "Sat Dec 25 2010 03:02:47 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2849859.isAppTrackingManagerOn", true); user_pref("CT2849859.IsGrouping", false); user_pref("CT2849859.IsMulticommunity", false); user_pref("CT2849859.IsOpenThankYouPage", true); user_pref("CT2849859.IsOpenUninstallPage", false); user_pref("CT2849859.LanguagePackLastCheckTime", "Sat Apr 23 2011 17:12:31 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.LanguagePackReloadIntervalMM", 1440); user_pref("CT2849859.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); user_pref("CT2849859.LastLogin_3.2.5.2", "Sat Dec 25 2010 13:04:18 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2849859.LastLogin_3.3.3.2", "Sat Apr 23 2011 17:12:31 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.LatestVersion", "3.3.3.2"); user_pref("CT2849859.Locale", "nl"); user_pref("CT2849859.MCDetectTooltipHeight", "83"); user_pref("CT2849859.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT2849859.MCDetectTooltipWidth", "295"); user_pref("CT2849859.myStuffEnabled", true); user_pref("CT2849859.myStuffPublihserMinWidth", 400); user_pref("CT2849859.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" user_pref("CT2849859.myStuffServiceIntervalMM", 1440); user_pref("CT2849859.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF user_pref("CT2849859.oldAppsList", "129349798532782160,129349798533094661,1000234,129349798533250913,1000034,129423804550387821,129349798533563416,129 user_pref("CT2849859.SavedHomepage", "http://search.conduit.com/?ctid=&SearchSource=13"); user_pref("CT2849859.SearchFromAddressBarIsInit", true); user_pref("CT2849859.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849859&q="); user_pref("CT2849859.SearchInNewTabEnabled", true); user_pref("CT2849859.SearchInNewTabIntervalMM", 1440); user_pref("CT2849859.SearchInNewTabLastCheckTime", "Sat Apr 23 2011 17:12:31 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT2849859.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"); user_pref("CT2849859.ServiceMapLastCheckTime", "Sat Apr 23 2011 17:12:30 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.SettingsLastCheckTime", "Sat Apr 23 2011 17:12:30 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.SettingsLastUpdate", "1301829146"); user_pref("CT2849859.testingCtid", ""); user_pref("CT2849859.ThirdPartyComponentsInterval", 504); user_pref("CT2849859.ThirdPartyComponentsLastCheck", "Sat Apr 23 2011 17:12:30 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.ThirdPartyComponentsLastUpdate", "1256029839"); user_pref("CT2849859.toolbarAppMetaDataLastCheckTime", "Sat Apr 23 2011 17:12:31 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.toolbarContextMenuLastCheckTime", "Sat Dec 25 2010 03:02:48 GMT+0100 (Romance (standaardtijd))"); user_pref("CT2849859.TrusteLinkUrl", "http://trust.conduit.com/CT2849859"); user_pref("CT2849859.Uninstall", true); user_pref("CT2849859.usagesFlag", 2); user_pref("CT2849859.UserID", "UN99561678216065297"); user_pref("CT2849859.WeatherNetwork", ""); user_pref("CT2849859.WeatherPollDate", "Sat Apr 23 2011 19:33:55 GMT+0200 (Romance (zomertijd))"); user_pref("CT2849859.WeatherUnit", "C"); ---- Lines conduit removed from prefs.js ---- user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com"); user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com"); user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1187732/1183409/BE", "\"0\""); user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1241900/1237573/BE", "\"0\""); user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/909619/905414/BE", "\"0\""); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=nl", "cFe8XLuYp/lkeLid3DFUTA=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=nl", "WK0kB9I0mEKrgXzRSucZOg=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=nl", "Mt4e1vf8JL+iaP7f+yssxQ=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=nl", "usxMmzQB3nBBrW02oMMibw=="); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"01ffa8b1cc6cb1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\""); user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\""); user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/toolbar/", "\"634285431132430000\""); user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=0", "634285417620000000"); user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2010 3:22:42 PM", "634356118310000000"); user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "\"802b1fef4e19c81:0\""); user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif", "\"802b1fef4e19c81:0\""); user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "\"802b1fef4e19c81:0\""); user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "\"802b1fef4e19c81:0\""); user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\"802b1fef4e19c81:0\""); user_pref("CommunityToolbar.ETag.http://Storage.conduit.com/images/skins/FCbarcelona_separator.gif", "\"8022b8d1c762ca1:0\""); user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"634492029952000000\""); user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=nl", "\"634351849102130000\""); user_pref("ConduitEngine.engineLocale", "nl"); user_pref("ConduitEngine.FirstTimeFF3", true); user_pref("ConduitEngine.HasUserGlobalKeys", true); user_pref("ConduitEngine.initDone", true); user_pref("ConduitEngine.Initialize", true); user_pref("ConduitEngine.InitializeCommonPrefs", true); user_pref("ConduitEngine.IsMulticommunity", false); ---- Lines conduit modified from prefs.js ---- user_pref("extensions.enabledItems", "antiphishing@bullguard:1.0,mravo@email.si:0.5.2,engine@conduit.com:3.2.5.2,{2d8d9acc-f6d7-4362-8876-a275ca929591 ---- Lines WebSearch removed from prefs.js ---- user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.defaulturl", "http://websearch.pu-results.info/?pid=724&r=2013/04/15&hid=3070733914&lg=EN&cc=BE&l=1&q="); user_pref("browser.search.order.1", "WebSearch"); user_pref("browser.search.order.1,S", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch"); user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch"); user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://websearch.pu-results.info/?pid=724&r=2013/04/15&hid=3070733914&lg=EN&cc=BE"); user_pref("sweetim.toolbar.previous.keyword.URL", "http://websearch.pu-results.info/?pid=724&r=2013/04/15&hid=3070733914&lg=EN&cc=BE&l=1&q="); ---- Lines babylon removed from prefs.js ---- user_pref("extensions.BabylonToolbar.prtkDS", 0); user_pref("extensions.BabylonToolbar.prtkHmpg", 0); ---- Lines Web Search removed from prefs.js ---- user_pref("browser.search.defaultthis.engineName", "Sendspace Bar Customized Web Search"); ---- Lines CommunityToolbar removed from prefs.js ---- user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 21 2011 20:20:36 GMT+0100 (Romance (standaardtijd))"); user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jul 18 2011 14:03:45 GMT+0200 (Romance (zomertijd))"); user_pref("CommunityToolbar.alert.locale", "en"); user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jul 17 2011 21:31:13 GMT+0200 (Romance (zomertijd))"); user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); user_pref("CommunityToolbar.alert.showTrayIcon", false); user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); user_pref("CommunityToolbar.alert.userId", "3fcdffdf-54b1-45e8-8c25-55aecab49763"); user_pref("CommunityToolbar.EngineHiddenByUser", true); user_pref("CommunityToolbar.EngineOwnerGuid", "{2d8d9acc-f6d7-4362-8876-a275ca929591}"); user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar_nl"); user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Apr 23 2011 17:12:30 GMT+0200 (Romance (zomertijd))"); user_pref("CommunityToolbar.globalUserId", "52843a44-58af-4736-ab96-12dfe4e06c4a"); user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); user_pref("CommunityToolbar.IsEngineShown", false); user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); user_pref("CommunityToolbar.OriginalEngineOwner", ""); user_pref("CommunityToolbar.OriginalEngineOwnerGuid", ""); user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", ""); user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties"); ---- Lines crossrider modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"crossriderapp1466@crossrider.com\":{\"descriptor\":\"C:\\\\Progra ---- Lines Sweet removed from prefs.js ---- user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); user_pref("sweetim.toolbar.searchguard.enable", ""); user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); ---- Lines extensions.516c764c914fa removed from prefs.js ---- user_pref("extensions.516c764c914fa.epoch", "1369141929"); user_pref("extensions.516c764c914fa.url", "http://getjpit.info/sync/?ext=btos&pid=724&country=BE®d=130415215108&lsd=130520124805&ind=3878738167&ssd ---- Lines extensions.516c7671851c6 removed from prefs.js ---- user_pref("extensions.516c7671851c6.epoch", "1369141929"); user_pref("extensions.516c7671851c6.scode", "(function(){try{if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout( user_pref("extensions.516c7671851c6.url", "http://syncjpi.info/sync/?ext=wbn&pid=724&country=BE®d=130415215145&lsd=130520130826&ind=3878738167&ssd= ---- Lines extensions.6uZocBmdiZHwWm1i removed from prefs.js ---- user_pref("extensions.6uZocBmdiZHwWm1i.epoch", "1419268915"); user_pref("extensions.6uZocBmdiZHwWm1i.url", "http://jpisyncs.info/sync2/?q=hfZ9oetKCGhEAen0qHs9tMqLDe49CNU0nUkMCMlNhd9FqdwFrTCFrdn4rdUMBzqUojw9rjwGqH ---- Lines extensions.OupS8jMiMvyounCn removed from prefs.js ---- user_pref("extensions.OupS8jMiMvyounCn.epoch", "1419338909"); user_pref("extensions.OupS8jMiMvyounCn.url", "http://forallins.com/sync2/?q=hfZ9ofV9CShEAen0qHs9tMqLDe49CNU0nUkMCMlNhd9FqdwFrTCFrdkEqjrMBzqUojw9rjwGqH ---- FireFox user.js and prefs.js backups ---- user_122014_1753_.backup prefs_122014_1753_.backup ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\PacFunction not found C:\PROGRA~3\pghbhehoggpmldidgmhifpanaobcpmjk deleted C:\PROGRA~3\2364745888375911979 deleted C:\PROGRA~3\Premium deleted C:\PROGRA~3\SoftSafe deleted C:\Users\Stijn\AppData\LocalLow\Conduit deleted C:\PROGRA~2\FTDownloader.com deleted C:\PROGRA~2\CrossriderWebApps deleted C:\Users\Stijn\AppData\Roaming\SendSpace deleted C:\Users\Stijn\AppData\Roaming\systweak deleted C:\PROGRA~3\ism_0_llatsni.pad deleted C:\PROGRA~3\dsgsdgdsgdsgw.js deleted C:\PROGRA~3\Browse2seavei deleted C:\PROGRA~3\SearrcaH-iNewTyabb deleted C:\PROGRA~3\InstallMate deleted C:\Users\Stijn\AppData\Local\Media Get LLC deleted C:\Users\Stijn\AppData\Local\cache deleted C:\Users\Stijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\Stijn\AppData\LocalLow\SweetIM deleted C:\Users\Stijn\AppData\LocalLow\boost_interprocess deleted C:\Users\Stijn\AppData\LocalLow\MyWebSearch deleted C:\Users\Stijn\AppData\LocalLow\BittorrentBar_NL deleted C:\Users\Stijn\AppData\LocalLow\PriceGong deleted C:\Users\Stijn\AppData\LocalLow\FunWebProducts deleted C:\END deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\Stijn\AppData\Roaming\Mozilla\Firefox\Profiles\ldgtfxii.default\searchplugins\conduit-search.xml deleted C:\Users\Stijn\AppData\Roaming\Mozilla\Firefox\Profiles\ldgtfxii.default\CT2795644 deleted C:\Users\Stijn\AppData\Roaming\Mozilla\Firefox\Profiles\ldgtfxii.default\CT2849859 deleted C:\Users\Stijn\AppData\Roaming\Mozilla\Firefox\Profiles\ldgtfxii.default\extensions\j@RGG.net deleted C:\Users\Stijn\AppData\Roaming\Mozilla\Firefox\Profiles\ldgtfxii.default\extensions\ND4qvn@E6wP.edu deleted C:\Users\Stijn\AppData\Roaming\Mozilla\Firefox\Profiles\ldgtfxii.default\conduit deleted C:\Users\Stijn\AppData\Roaming\Mozilla\Firefox\Profiles\ldgtfxii.default\conduitCommon deleted C:\Users\Stijn\AppData\Roaming\Mozilla\Firefox\Profiles\ldgtfxii.default\ConduitEngine deleted "C:\Users\Stijn\AppData\Local\martmgqa" deleted "C:\Users\Stijn\AppData\Local\qehfgjgh" deleted "C:\Users\Stijn\AppData\Local\rmuluera" deleted "C:\Users\Stijn\AppData\Local\sbkfbhaf" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 4062 MB CPU Info: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz CPU Speed: 2111.9 MHz Sound Card: Speakers (VIA High Definition A | Display Adapters: Mobile Intel(R) 4 Series Express Chipset Family | Mobile Intel(R) 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller | Atheros AR9285 Wireless Network Adapter CD / DVD Drives: 1x (E: | ) E: MATSHITADVD-RAM UJ862AS Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 74.5GB | D: 208.9GB Hard Disks - Free: C: 2.3GB | D: 161.8GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 09/10/18 | _ASUS_ - 20090909 Time Zone: Romance (standaardtijd) Motherboard *: ASUSTeK Computer Inc. K50IJ Country: Verenigd Koninkrijk Language: ENG ==== System Specs (Software) ====================== Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Firefox 34.0.5 Internet Explorer Version: 11.0.9600.17501 Mozilla Firefox version: 4.0 (x86 nl) Adobe Reader version: 11.0.10.32 Sun Java version: 1.8.0_25 (32-bit) Sun Java version: 1.8.0_25 (64-bit) Flash Player version: 15.0.0.246 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Stijn\AppData\Local\Temp ==== 2014-12-22 14:40:27 97511FE2CA09CC2E06C3CD6519C3494E 43008 ----a-w- C:\Users\Stijn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc1yfbo.dll 2014-12-22 14:08:32 A210F1AC135E5331C314CE5F394FB5A5 413276 ----a-w- C:\Users\Stijn\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-12-22 14:20:31 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-12-18 20:49:46 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-12-18 00:10:57 FF0A6E76FAE624AC74780AB008752F98 3209728 ----a-w- C:\Windows\SysWOW64\mf.dll 2014-12-17 22:14:42 E1456E7396022EBE4E5434188D1AC8B0 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-17 22:14:32 F25284C763E728E4DAC248C211D1FC5B 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-12-17 22:14:32 BB25F69463AD8E7E51B5D9D158B5F8DF 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-12-17 22:14:32 2EADED07BDA52C1FC5A6D4E1CC5858F0 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-17 22:14:31 F98B3860BB47089EA8C1504F043E90E9 342200 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-12-17 22:14:31 F34F6DC38A21FCDBB50CDD1EE97B1EA3 1307136 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-12-17 22:14:31 D7A98A4CEA2E89F544065A00BF37FC10 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-12-17 22:14:31 69AC6FD5B0B4DC963723E1EBDEE10A2C 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-12-17 22:14:31 2ABC5587D582ACCEA30B4CF968C2A4A5 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-17 22:14:31 220505B0B3E96C857DD01729AF0CD369 19749376 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-12-17 22:14:30 DEB9476A3CD1A5819DD4504BB7C6BA66 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-12-17 22:14:29 F0BCBD8FCDA145EED53ED66C45CC378B 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-12-17 22:14:29 543ADCEA31CF9C2B4EEB900D4AAFD0F9 2052096 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-12-17 22:14:29 41AFA61E061E98E97272AC02184C8C2C 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-12-17 22:14:29 01777AB557997E98691E322225314E57 2277888 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-12-17 22:14:28 EC5A3E4E21079B9D423AA0760828D678 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-12-17 22:14:28 759E2FAD5371512C6679FA346719493E 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-12-17 22:14:27 CF9D05678B02B44FBC8D8AD8C9F30D58 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-12-17 22:14:27 B59E370277EDB6643083B62297175628 12836864 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-12-17 22:14:27 35BD045804B67E78F4CAB72CB820AF7F 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-12-17 22:14:21 2E9E105037AC1274656C3D1125323352 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-17 22:14:20 F728E7E9937117E0F32F39840EB6D737 4299264 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-12-17 22:14:20 5E4E0E43E0A5BF9F089696DFA7A3D677 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-12-17 22:14:20 37F078B5B435AFC6BF316F2AD14B469A 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-12-17 22:14:19 930F63D6BC43D4BCD937DFCECDA95F82 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-12-17 22:14:19 29CED1A4777A43526A4ED8A7B6936883 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-17 22:12:38 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\SysWOW64\charmap.exe 2014-12-17 22:12:37 1DE9BD23AFA36150586C732D876D9B74 1177088 ----a-w- C:\Windows\SysWOW64\WsmSvc.dll 2014-12-17 22:12:36 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-17 22:12:36 B6AC69FFBAA159DD5CEED814245A286D 214016 ----a-w- C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-17 22:12:36 2C28FEC61C4AC68480A99CB7AA197FA9 248832 ----a-w- C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-17 22:12:35 5D9A1A3E5824CECE65871C60E5A08A1A 145920 ----a-w- C:\Windows\SysWOW64\WsmAuto.dll 2014-12-17 22:12:28 50C73E54062BA252350F3F29580E28DA 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-12-18 20:49:46 5564883BFB523D5078A5B1FE3128FD63 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-12-18 00:10:56 6E1DDE0E72FB8268F42F6777CE4C5036 4121600 ----a-w- C:\Windows\Sysnative\mf.dll 2014-12-17 22:14:45 F0356290BA3940F31AFF5566501495F7 192000 ----a-w- C:\Windows\Sysnative\aepic.dll 2014-12-17 22:14:45 E00981CF227CEEBE7B5A8D99C76D1116 741376 ----a-w- C:\Windows\Sysnative\invagent.dll 2014-12-17 22:14:45 D257AF48934D2167BE15AA4008176381 1083392 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-12-17 22:14:45 985558125FEEC89AB4AD142158B066D7 830976 ----a-w- C:\Windows\Sysnative\appraiser.dll 2014-12-17 22:14:45 8E64BB62AB3810D3C29ED50C405AD3BD 1232040 ----a-w- C:\Windows\Sysnative\aitstatic.exe 2014-12-17 22:14:44 DAF13A81A5FC895D68B1D9A72F65F4CB 413184 ----a-w- C:\Windows\Sysnative\generaltel.dll 2014-12-17 22:14:44 5CD6E919CE938A98AB25A2EA2C8C4EDA 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-12-17 22:14:44 4253086737D81D7C9C160FDE6C037F44 396800 ----a-w- C:\Windows\Sysnative\devinv.dll 2014-12-17 22:14:42 A9A0BFD706B3A24C403EEFEB0790D011 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll 2014-12-17 22:14:32 D471F7A428C21DB04D810445D12D68E0 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-12-17 22:14:32 39B512C643812FC2D4843C0D4206C759 718848 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-12-17 22:14:32 0FABE2AB8CA2D5CC7C95798533B4D057 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-12-17 22:14:32 077AEB068A51B396F25BBCAB0944FC3A 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-12-17 22:14:31 F987718A5CA053DC23E94A531F1754A4 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-12-17 22:14:31 9F07E8FC75C5F98A783ABFD3005EFC22 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-12-17 22:14:29 E7A2061ADF0F4D430FECDA1E8D6B7BA6 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-12-17 22:14:29 5BF0BAA1E5EF724287565E97C9219254 389296 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-12-17 22:14:28 B4E481E9498CE22113628C4E9EA24427 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-12-17 22:14:27 EBC8C9F61F4C148B8C6A28EDE80C51E4 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-12-17 22:14:27 14BA910E7731FC84EB85328BD0F1EE81 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-12-17 22:14:27 0AF0AEF0BA9EF6169E61C78504DCAE55 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-12-17 22:14:24 EFBA893429814EA3244C87C2D1256618 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-12-17 22:14:24 23AE7A3B44D5C550B81347288CE3230E 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-12-17 22:14:22 982B871A25B5078093FAD82D0AB0E3FC 2885120 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-12-17 22:14:22 3FE71E2A5BD3EC652E64FC8BCEFEDD2C 2125312 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-12-17 22:14:20 DFECAE6D925FBC9078870E16F98C471F 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-12-17 22:14:18 F7CCA58B973FB5EAED8D1F12DD3E51F6 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-12-17 22:14:18 8EF01E2EF21D41A23FF70B28179F9ABE 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-12-17 22:14:18 556D271F4243B273EDA353512BF3608A 14412800 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-12-17 22:14:17 DB10D681314714E0D4623E4C0CF6654A 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-12-17 22:14:17 7AC115968B8856004920057B2271224C 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-12-17 22:14:17 021DFF3CB0ADCD19B3AAA00A650FDEE2 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-12-17 22:14:16 8D64466AD12CA5677CD0099C43C58569 6039552 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-12-17 22:14:16 1D294810D3A8A8F722E86AA001F54DCC 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-12-17 22:14:15 4AF089160FE082E5EA5C4AA72782DCA2 2358272 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-12-17 22:14:14 89296EF4A3729A049DA25B7D67A04078 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-12-17 22:14:14 17A157A4225CF562202AC71DB8103177 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-12-17 22:14:08 D478A4CF07FB8ADF72FB16B88E8030B8 25059840 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-12-17 22:12:38 36E5E9D0400475230A7F57F274B88321 165888 ----a-w- C:\Windows\Sysnative\charmap.exe 2014-12-17 22:12:37 FDEB5EE2E4DB9DE9251DDAF6A5BCA070 346624 ----a-w- C:\Windows\Sysnative\WSManMigrationPlugin.dll 2014-12-17 22:12:37 D929ABD465A2DED963DA8B30946A8D5C 2020352 ----a-w- C:\Windows\Sysnative\WsmSvc.dll 2014-12-17 22:12:37 5C642B7B0365305451D579F3EFAD57D4 310272 ----a-w- C:\Windows\Sysnative\WsmWmiPl.dll 2014-12-17 22:12:37 41457C1909F6D1100C0F9B9CFF7960FC 266240 ----a-w- C:\Windows\Sysnative\WSManHTTPConfig.exe 2014-12-17 22:12:36 9B44CABE3536D0E3BF627176318AAFC9 181248 ----a-w- C:\Windows\Sysnative\WsmAuto.dll 2014-12-17 22:12:28 A026998E927FD2095505154CBD72F35B 2048 ----a-w- C:\Windows\Sysnative\tzres.dll ====== C:\Windows\Sysnative\drivers ===== 2014-12-22 15:25:29 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2014-12-22 15:24:58 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2014-12-22 15:24:58 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2014-12-22 15:09:38 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2014-12-17 22:14:39 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-12-19 22:47:16 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-12-22 14:21:09 -------- d-----w- C:\PROGRA~2\COMMON~1\Java ======= C: ===== ====== C:\Users\Stijn\AppData\Roaming ====== ====== C:\Users\Stijn ====== 2014-12-22 14:19:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-22 14:02:51 44933ED144874569EB5A43B613CBE88A 638888 ----a-w- C:\Users\Stijn\Downloads\jxpiinstall.exe ====== C: exe-files == 2014-12-22 14:19:48 691D49FB44EDE9788288CABE4F7E0DAF 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2014-12-22 14:19:47 AA3520FB0133A56BEE1DB34D74DBEF64 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2014-12-22 14:19:47 75D477E868CA51EC1B09D730570F322B 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2014-12-22 14:19:05 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe 2014-12-22 14:19:05 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe 2014-12-22 14:19:05 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe 2014-12-22 14:19:05 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe 2014-12-22 14:19:05 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe 2014-12-22 14:19:05 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe 2014-12-22 14:19:04 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe 2014-12-22 14:19:04 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe 2014-12-22 14:19:04 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe 2014-12-22 14:19:04 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe 2014-12-22 14:19:04 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe 2014-12-22 14:19:04 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe 2014-12-22 14:19:04 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe 2014-12-22 14:19:04 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe 2014-12-22 14:19:03 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe 2014-12-22 14:19:03 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe 2014-12-22 14:19:03 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe 2014-12-22 14:19:03 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe 2014-12-22 14:19:03 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe 2014-12-22 14:19:03 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe 2014-12-22 14:19:03 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe 2014-12-22 14:02:51 44933ED144874569EB5A43B613CBE88A 638888 ----a-w- C:\Users\Stijn\Downloads\jxpiinstall.exe 2014-12-19 22:47:16 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Stijn.exe 2014-12-18 20:49:46 5564883BFB523D5078A5B1FE3128FD63 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-12-18 20:49:46 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-12-17 22:14:45 8E64BB62AB3810D3C29ED50C405AD3BD 1232040 ----a-w- C:\Windows\System32\aitstatic.exe 2014-12-17 22:14:45 65536EB5F53B76562BBE0DE332A8BA3C 66216 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe 2014-12-17 22:14:43 CCEE34CF7D700825AD839FAB298A0129 46760 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe 2014-12-17 22:14:43 A192555B09BD2A45940D7E449F311AF6 161960 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe 2014-12-17 22:14:32 A8A8FD02E3A9264A603892DE1F522166 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2014-12-17 22:14:32 39B512C643812FC2D4843C0D4206C759 718848 ----a-w- C:\Windows\System32\ie4uinit.exe 2014-12-17 22:14:32 0FABE2AB8CA2D5CC7C95798533B4D057 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-12-17 22:14:29 B7BCC767AC0E76384BCDC292184DD8C8 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2014-12-17 22:14:29 43CE0C99DBC0F96DB2B7259B0BE0930E 468992 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2014-12-17 22:14:28 A24BFBAE8B50A6780B68FF3673FAB52F 815280 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2014-12-17 22:14:27 EBC8C9F61F4C148B8C6A28EDE80C51E4 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-12-17 22:14:22 C3D17F3199D39A2AB85956A63731F188 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2014-12-17 22:14:21 2A9DA9E7462EBA3F6D2036E8D18FF773 813744 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2014-12-17 22:12:38 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\Windows\SysWOW64\charmap.exe 2014-12-17 22:12:38 36E5E9D0400475230A7F57F274B88321 165888 ----a-w- C:\Windows\System32\charmap.exe 2014-12-17 22:12:37 41457C1909F6D1100C0F9B9CFF7960FC 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe 2014-12-17 22:12:36 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-17 22:12:29 BE8F985609BE0809B7E29960AC997511 49664 ----a-w- C:\Windows\servicing\GC64\tzupd.exe === C: other files == 2014-12-22 15:25:29 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-12-22 15:24:58 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-12-22 15:24:58 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-12-22 15:09:38 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-12-22 14:19:06 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip 2014-12-17 22:14:39 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1174939576-1321101383-4010419509-1002\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Stijn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\Stijn\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "BitTorrent"="C:\Users\Stijn\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-1174939576-1321101383-4010419509-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0" "HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r" "HControlUser"="C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe" "ATKOSD2"="C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe" "SSBkgdUpdate"="C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot" "OpwareSE4"="C:\ProgrammaStijn\scanprint\OpwareSE4.exe" "AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\ProgrammaStijn\itunes\iTunesHelper.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Velocify"="wscript.exe C:\Program Files (x86)\Common Files\Velocify\data.js" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Stijn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Spotify"="C:\Users\Stijn\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "BitTorrent"="C:\Users\Stijn\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="bggamingmonitor.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EeeStorageBackup"="C:\Program Files (x86)\ASUS\Asus WebStorage\BackupService.exe" "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe" "BullGuard"="C:\ProgrammaStijn\bullguard\bullguard.exe -boot" "CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "hkey"="HKLM" "item"="Adobe Reader Speed Launcher" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Camera ScreenSaver] "command"="C:\\Windows\\AsScrProlog.exe" "hkey"="HKLM" "item"="ASUS Camera ScreenSaver" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector] "command"="C:\\Windows\\AsScrPro.exe" "hkey"="HKLM" "item"="ASUS Screen Saver Protector" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent] "command"="\"C:\\Users\\Stijn\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\" /MINIMIZED" "hkey"="HKCU" "item"="BitTorrent" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\"" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer] "command"="C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe" "hkey"="HKLM" "item"="DivXMediaServer" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate] "command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW" "hkey"="HKLM" "item"="DivXUpdate" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent] "command"="C:\\ProgrammaStijn\\Kies\\KiesTrayAgent.exe" "hkey"="HKLM" "item"="KiesTrayAgent" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MediaFire Tray] "command"="C:\\Users\\Stijn\\AppData\\Local\\MediaFire Desktop\\mf_watch.exe" "hkey"="HKCU" "item"="MediaFire Tray" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Stijn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2 .lnk] "backup"="C:\\Windows\\pss\\OpenOffice.org 3.2 .lnk.Startup" "command"="C:\\PROGRA~2\\OPENOF~1.ORG\\program\\QUICKS~1.EXE " "item"="OpenOffice.org 3.2 " "path"="C:\\Users\\Stijn\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.2 .lnk" "backupExtension"=".Startup" ==== Startup Folders ====================== 2012-05-21 15:35:51 1139 ----a-w- C:\Users\Stijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2009-11-06 07:06:41 1106 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\tmchlang.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [18/12/2014 00:06] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASPG" [C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\ASUSControlDeck" [C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\P4G Sidebar" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\WC3" [C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe] "C:\Windows\SysNative\tasks\{1C678106-26AF-4FB7-AC6E-7143371E4AA8}" [E:\BullGuardInstaller.exe] "C:\Windows\SysNative\tasks\{3C12D615-F2BF-429B-A31D-1FB75040BFD8}" [E:\BullGuardInstaller.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "crossriderapp1466@crossrider.com"="C:\ProgramData\SendSpaceExtention\firefox" [21/11/2011 14:48] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Stijn\AppData\Roaming\Mozilla\Firefox\Profiles\ldgtfxii.default - Undetermined - manos.athanassoulis@gmail.com - <--Block site--> - %ProfilePath%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} - BasketFox by BSGoodies - %ProfilePath%\extensions\manos.athanassoulis@gmail.com.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Stijn\AppData\Roaming\Mozilla\Firefox\Profiles\ldgtfxii.default 9860727E477F17B88E39AF8B69B0407A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Stijn\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dpaeeflekdffkcflihellcgkhgbjgibl - C:\ProgramData\SendSpaceExtention\chrome\sendspace_extension.crx[21/11/2011 14:42] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.conduit.com/?ctid=CT3324758&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPF9800E24-8AA5-4A9D-BAF7-E6D1A14170EB&SSPV=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://websearch.pu-results.info/?pid=724&r=2013/04/15&hid=3070733914&lg=EN&cc=BE" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://websearch.pu-results.info/?pid=724&r=2013/04/15&hid=3070733914&lg=EN&cc=BE" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1174939576-1321101383-4010419509-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC872B94-35E3-4B94-B028-184A2A1C7CCE} deleted successfully HKEY_USERS\S-1-5-21-1174939576-1321101383-4010419509-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC872B94-35E3-4B94-B028-184A2A1C7CCE} deleted successfully HKEY_CLASSES_ROOT\CLSID\{FC872B94-35E3-4B94-B028-184A2A1C7CCE} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FC872B94-35E3-4B94-B028-184A2A1C7CCE} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC872B94-35E3-4B94-B028-184A2A1C7CCE} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC872B94-35E3-4B94-B028-184A2A1C7CCE} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\antiphishing@bullguard deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3EFE2DCB-0C9A-6301-A0B7-D1D0D88CC486} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{55712AA5-26C2-0C2B-FF11-7C8078211531} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{66862770-DA78-9D60-7E02-20522FC4F772} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{63494BF5-1B37-63F3-ECA6-69E25C1988F1} deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\ProgrammaStijn\scanprint\OpwareSE4.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\ProgrammaStijn\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Velocify] wscript.exe "C:\Program Files (x86)\Common Files\Velocify\data.js" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Stijn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Stijn\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Stijn\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1419259181 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Stijn\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: tmchlang.lnk = C:\Program Files\Trend Micro\Internet Security\TmChLang.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\ProgrammaStijn\bullguard\Files32\Antiphishing\IE\BGAntiphishingIE.dll (file missing) O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: bggamingmonitor.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: BgRaSvc - Unknown owner - C:\ProgrammaStijn\bullguard\Support\BgRaSvc.exe (file missing) O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\ProgrammaStijn\bullguard\BullGuardScanner.exe O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\ProgrammaStijn\bullguard\BullGuardUpdate.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FastBootAgent - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\ProgrammaStijn\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Stijn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Stijn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Stijn\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Stijn\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Stijn\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Stijn\AppData\Local\Mozilla\Firefox\Profiles\ldgtfxii.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== No Chrome Cache found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=339 folders=106 93224580 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Stijn\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Stijn\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on 22/12/2014 at 18:13:21.94 ======================