Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Arne Coudenys on zo 14/06/2015 at 22:39:56,38. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Arne Coudenys\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 14/06/2015 22:42:51 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AVS4YOU deleted successfully C:\PROGRA~2\Cisco deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\Pando Networks deleted successfully C:\PROGRA~2\WebSearch deleted successfully C:\Program Files\Google deleted successfully C:\Program Files\Java deleted successfully C:\Program Files\log deleted successfully C:\Program Files\WBFS deleted successfully C:\PROGRA~3\ALM deleted successfully C:\PROGRA~3\APN deleted successfully C:\PROGRA~3\AVAST Software deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\Browser Stabilizer deleted successfully C:\PROGRA~3\Codemasters deleted successfully C:\PROGRA~3\PDF2Printer deleted successfully C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully C:\Users\Arne Coudenys\AppData\Roaming\Opera deleted successfully C:\Users\Arne Coudenys\AppData\Roaming\PerformerSoft deleted successfully C:\Users\Arne Coudenys\AppData\Roaming\RPS deleted successfully C:\Users\Arne Coudenys\AppData\Roaming\YourFileDownloader deleted successfully C:\Users\Arne Coudenys\AppData\Local\Android deleted successfully C:\Users\Arne Coudenys\AppData\Local\Downloaded Installations deleted successfully C:\Users\Arne Coudenys\AppData\Local\Opera deleted successfully C:\Users\Arne Coudenys\AppData\Local\Ubisoft Game Launcher deleted successfully C:\Users\Gast\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1804901760-770863985-867342495-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2EE4A5DC-7CE7-48ED-BDD4-F17D1A403034} deleted successfully HKEY_USERS\S-1-5-21-1804901760-770863985-867342495-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1804901760-770863985-867342495-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1804901760-770863985-867342495-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-1804901760-770863985-867342495-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D770D21D-22F9-4751-A716-94FEE3414AC1} deleted successfully HKEY_USERS\S-1-5-21-1804901760-770863985-867342495-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe C:\windows\system32\hasplms.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\windows\SysWOW64\PnkBstrA.exe C:\windows\SysWOW64\PnkBstrB.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Autodesk\AutoCAD 2016\acwebbrowser\acwebbrowser.exe C:\Program Files\Autodesk\AutoCAD 2016\acwebbrowser\acwebbrowser.exe C:\Program Files\Autodesk\AutoCAD 2016\acwebbrowser\acwebbrowser.exe C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\AVG\AVG2015\avgui.exe C:\windows\SysWOW64\ctfmon.exe C:\Users\Arne Coudenys\Downloads\zoek.exe C:\windows\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe C:\windows\SysWOW64\cmd.exe C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\2db04d42 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\2db04d42 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\ARNECO~1\AppData\Roaming\Mozilla\Firefox\Profiles\bpinnlba.default ---- Lines delta removed from prefs.js ---- user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.backgroundjs", "\n\nappAPI.ready(function(m){fun user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.id", "0a2d20860000000000003ec63c762142"); user_pref("extensions.delta.instlDay", "15763"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.10.0"); user_pref("extensions.delta.vrsnTs", "1.8.10.020:17:15"); user_pref("extensions.delta.vrsni", "1.8.10.0"); ---- Lines delta removed from user.js ---- user_pref("extensions.delta.tlbrSrchUrl", ""r_pref("extensions.delta.appId", "{C26, "1.8.10.0"); user_pref("extensions.delta.vrsni", "1.8.10.0"); user_pref("extensions.delta.vrsnTs", "1.8.10.020:17:15"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.instlRef", "sst"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.admin", false); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.newTab", false); ---- Lines ividi removed from user.js ---- user_pref("extensions.ividi.id", "0a2d208600000.ividi.appId", "{685F23D9-FCFD-475C-B56A-362645945C5A}"); user_pref("extensions.ividi.instlDay", "15946"); user_pref("extensions.ividi.vrsn", "1.8.23.0"); user_pref("extensions.ividi.vrsni", "1.8.23.0"); user_pref("extensions.ividi.vrsnTs", "1.8.23.011:12:01"); user_pref("extensions.ividi.prtnrId", "ividi"); user_pref("extensions.ividi.prdct", "ividi"); user_pref("extensions.ividi.aflt", "3"); user_pref("extensions.ividi.smplGrp", "none"); user_pref("extensions.ividi.tlbrId", "base"); user_pref("extensions.ividi.instlRef", ""); user_pref("extensions.ividi.dfltLng", ""); user_pref("extensions.ividi.excTlbr", true); user_pref("extensions.ividi.ffxUnstlRst", false); user_pref("extensions.ividi.admin", false); user_pref("extensions.ividi.autoRvrt", "false"); user_pref("extensions.ividi.rvrt", "false"); user_pref("extensions.ividi.hmpg", true); user_pref("extensions.ividi.hmpgUrl", "http://search.ividi.org/?src=tbhp&id=0a2d20860000000000003ec63c762142&affilt=3"); user_pref("extensions.ividi.dfltSrch", true); user_pref("extensions.ividi.srchPrvdr", "Search "); user_pref("extensions.ividi.kw_url", "http://search.ividi.org/?src=tbsp&id=0a2d20860000000000003ec63c762142&affilt=3&q="); user_pref("extensions.ividi.dnsErr", true); user_pref("extensions.ividi.newTab", true); user_pref("extensions.ividi.newTabUrl", "http://search.ividi.org/?q={searchTerms}&src=tbnt&id=0a2d20860000000000003ec63c762142&affilt=3"); ---- FireFox user.js and prefs.js backups ---- user_20151406_2255_.backup prefs_20151406_2255_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AVS4YOU not found C:\PROGRA~2\Cisco not found C:\PROGRA~2\Pando Networks not found C:\PROGRA~2\WebSearch not found C:\ProgramData\APN not found C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found C:\PROGRA~2\DIALux deleted C:\ProgramData\Startup Manager deleted C:\Program Files (x86)\Startup Manager deleted C:\ProgramData\AVG Security Toolbar deleted C:\ProgramData\ciointinuetosave deleted C:\Users\Arne Coudenys\AppData\LocalLow\{5D16BE2C-B8EF-FEBD-2EA6-5D560AC6669B} deleted C:\Users\Arne Coudenys\AppData\LocalLow\{A8DB6B4A-69B0-9C18-A644-639BD2F6D289} deleted C:\Users\Arne Coudenys\AppData\Local\Packages\windows_ie_ac_001\AC\{5D16BE2C-B8EF-FEBD-2EA6-5D560AC6669B} deleted C:\Users\Arne Coudenys\AppData\Local\Packages\windows_ie_ac_001\AC\{A8DB6B4A-69B0-9C18-A644-639BD2F6D289} deleted C:\PROGRA~3\90f66deeedb98c2f deleted C:\PROGRA~3\DivX deleted C:\PROGRA~3\StarApp deleted C:\Users\Arne Coudenys\.android deleted C:\PROGRA~3\Huappy2Save deleted C:\PROGRA~3\NetaooCoupon deleted C:\PROGRA~2\GUT348.tmp deleted C:\PROGRA~2\GUM347.tmp deleted C:\PROGRA~2\Mozilla Firefox\user.js deleted C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted C:\PROGRA~2\Alawar.co.nl deleted C:\PROGRA~2\GreenTree Applications deleted C:\user.js deleted C:\install.exe deleted C:\found.000 deleted C:\Users\Arne Coudenys\AppData\Roaming\Network Meter_Usage.ini deleted C:\Users\Arne Coudenys\AppData\Roaming\ARCompanion.log deleted C:\Users\Arne Coudenys\AppData\Roaming\plot.log deleted C:\Users\Arne Coudenys\AppData\Roaming\Web Cake deleted C:\Users\Arne Coudenys\AppData\Roaming\Babylon deleted C:\Users\Arne Coudenys\AppData\Roaming\YoudaGames deleted C:\Users\Arne Coudenys\AppData\Roaming\NCdownloader deleted C:\Users\Arne Coudenys\AppData\Roaming\eType deleted C:\PROGRA~3\AlawarWrapper deleted C:\PROGRA~3\Partner deleted C:\PROGRA~3\SeArchh-NeewTab deleted C:\PROGRA~3\cconttiNiUUetoosaavee deleted C:\PROGRA~3\YTD Video Downloader deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\Tarma Installer deleted C:\PROGRA~3\Package Cache deleted C:\Users\Arne Coudenys\AppData\Local\cache deleted C:\Users\Arne Coudenys\AppData\Local\CrashRpt deleted C:\windows\sysWoW64\config\systemprofile\AppData\Local\Clip Converter deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeArchh-NeewTab deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cconttiNiUUetoosaavee deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ciointinuetosave deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader deleted C:\Users\Arne Coudenys\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted C:\Users\Gast\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\windows\SysNative\tasks\RunAsStdUser Task deleted C:\windows\SysNative\tasks\QtraxPlayer deleted C:\windows\SysNative\tasks\YourFile Update deleted C:\windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysWow64\AI_RecycleBin deleted C:\Users\Public\Documents\AlawarWrapper deleted C:\Users\ARNECO~1\AppData\Roaming\Mozilla\Firefox\Profiles\bpinnlba.default\Invalidprefs.js deleted C:\Users\ARNECO~1\AppData\Roaming\Mozilla\Firefox\Profiles\bpinnlba.default\extensions\jdh0.fcdz@zzmkikepn-.net deleted C:\Users\ARNECO~1\AppData\Roaming\Mozilla\Firefox\Profiles\bpinnlba.default\extensions\pIi9C0ctG@q.org deleted C:\Users\ARNECO~1\AppData\Roaming\Mozilla\Firefox\Profiles\bpinnlba.default\extensions\uioa1ff@lpdhmxmuey.edu deleted "C:\windows\Installer\119ed8.msi" deleted "C:\windows\Installer\22d5cb.msi" deleted "C:\ProgramData\52b271fc3e7be50de3fb3e3b293dc6c5_c" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8152 MB CPU Info: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz CPU Speed: 2291,4 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: AMD Radeon HD 7670M | AMD Radeon HD 7670M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; Generic PnP Monitor | Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Atheros AR9485WB-EG Wireless Network Adapter | Realtek PCIe GBE Family Controller CD / DVD Drives: 2x (D: | F: | ) D: TSSTcorpCDDVDW SN-208AB | F: MagicISOVirtual DVD-ROM Ports: COM6 | COM7 | COM10 | COM11 | COM12 | COM13 | COM14 | COM20 | COM21 | COM22 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 681,1GB | E: 1863,0GB Hard Disks - Free: C: 306,1GB | E: 656,3GB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | 10/01/13 | TOSASU - 100 Time Zone: Romance (standaardtijd) Motherboard *: Type2 - Board Vendor Name1 Type2 - Board Product Name1 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated) Anti-Virus: AVG update module On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG update module disabled (Outdated) Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated) Firewall: AVG update module disabled Firewall: AVG Internet Security 2015 disabled Default Browser: Google Chrome 43.0.2357.124 Internet Explorer Version: 11.0.9600.17843 Google Chrome version: 43.0.2357.124 Adobe Reader version: 11.0.11.18 Sun Java version: 1.8.0_45 (32-bit) Sun Java version: 1.8.0_45 (64-bit) Flash Player version: 17.0.0.188 ==== Files Recently Created / Modified ====================== ====== C:\windows ==== ====== C:\Users\ARNECO~1\AppData\Local\Temp ==== 2015-06-14 08:04:21 D9348DB92AB4E5B94F005F0F651DE2B1 43008 ----a-w- C:\Users\Arne Coudenys\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyk5euk.dll 2015-06-14 07:39:52 70595A37D9C4647C195CDA11EDC2D251 2909720 ----a-w- C:\Users\Arne Coudenys\AppData\Local\Temp\UNINSTALL.EXE ====== Java Cache ===== ====== C:\windows\SysWOW64 ===== 2015-06-12 20:02:13 0C9988BDA3CEC3C421B773982C5E2EC6 5703168 ----a-w- C:\windows\SysWOW64\mstscax.dll 2015-06-12 09:35:56 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\windows\SysWOW64\wksprtPS.dll 2015-06-12 09:35:56 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\windows\SysWOW64\tsgqec.dll 2015-06-12 09:35:56 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\windows\SysWOW64\mstsc.exe 2015-06-12 09:35:56 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\windows\SysWOW64\MsRdpWebAccess.dll 2015-06-12 09:35:55 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\windows\SysWOW64\rdvidcrl.dll 2015-06-12 09:26:20 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\windows\SysWOW64\rdpendp_winip.dll 2015-06-12 09:23:24 B01B8C949EDEC1B8A856E3056BDA7C42 1372160 ----a-w- C:\windows\SysWOW64\dwmcore.dll 2015-06-12 09:23:23 F7F135F7702E0FB3EFE89283E2BE2EBB 67584 ----a-w- C:\windows\SysWOW64\dwmapi.dll 2015-06-12 09:22:42 C1D7451054FEDC3F96F2903B6F84A4EE 173056 ----a-w- C:\windows\SysWOW64\wuwebv.dll 2015-06-12 09:22:42 B4667963F9711C644F5E43D9A46D8680 33792 ----a-w- C:\windows\SysWOW64\wuapp.exe 2015-06-12 09:22:42 81AE5637F2D2DE4DAF67F540F5A076AA 30208 ----a-w- C:\windows\SysWOW64\wups.dll 2015-06-12 09:22:42 61302CE8DDB8513A4FF03CEE2A14471F 92672 ----a-w- C:\windows\SysWOW64\wudriver.dll 2015-06-12 09:22:42 4A99665068B907CCB0EE4A5D3F2584D7 566784 ----a-w- C:\windows\SysWOW64\wuapi.dll 2015-06-10 07:33:35 A98E8F79C738CAF23C152DBCABD978FE 11411456 ----a-w- C:\windows\SysWOW64\wmp.dll 2015-06-10 07:33:35 605E9B2CFA3445ED7716D0B345EE21EC 8192 ----a-w- C:\windows\SysWOW64\spwmp.dll 2015-06-10 07:33:35 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\windows\SysWOW64\msdxm.ocx 2015-06-10 07:33:35 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\windows\SysWOW64\dxmasf.dll 2015-06-10 07:33:34 DA27A4EA7B7C77FAFDB3F94D83E310C1 12625408 ----a-w- C:\windows\SysWOW64\wmploc.DLL 2015-06-10 07:33:25 2CA16814DA3C5B2D8C7E70DC47A45ED1 551424 ----a-w- C:\windows\SysWOW64\kerberos.dll 2015-06-10 07:33:23 9E68E1BDEBD85FC8803707370BE0FC6E 641536 ----a-w- C:\windows\SysWOW64\advapi32.dll 2015-06-10 07:33:23 641A14E6AC492ED45BC68815E2E2F566 3989440 ----a-w- C:\windows\SysWOW64\ntkrnlpa.exe 2015-06-10 07:33:20 583FFF12D2F0D6E1A8746462C433895F 3934144 ----a-w- C:\windows\SysWOW64\ntoskrnl.exe 2015-06-10 07:33:20 3C1BE79C3CE6EB378108B11D94CA1072 364544 ----a-w- C:\windows\SysWOW64\tracerpt.exe 2015-06-10 07:33:19 FCA6EFFEE6D7D42E794F0E538297026C 43008 ----a-w- C:\windows\SysWOW64\srclient.dll 2015-06-10 07:33:19 FB224B0A63B8F58E91FE8A314AD295AD 17408 ----a-w- C:\windows\SysWOW64\diskperf.exe 2015-06-10 07:33:19 F85FA29340A536C8E0A16151B9B03923 50176 ----a-w- C:\windows\SysWOW64\auditpol.exe 2015-06-10 07:33:19 EA141596564AE0C670EDD0F2636EC29C 259584 ----a-w- C:\windows\SysWOW64\msv1_0.dll 2015-06-10 07:33:19 BBABC6702529CFADAC0EC2B28168A288 248832 ----a-w- C:\windows\SysWOW64\schannel.dll 2015-06-10 07:33:19 A9E8F961F7FE1EDEEF8F46EEB800F2D8 172032 ----a-w- C:\windows\SysWOW64\wdigest.dll 2015-06-10 07:33:19 9A50B2567918BF7DDD600ECE5DB5ED76 221184 ----a-w- C:\windows\SysWOW64\ncrypt.dll 2015-06-10 07:33:19 8C7635292CFF4901F058269454A1D64E 1310744 ----a-w- C:\windows\SysWOW64\ntdll.dll 2015-06-10 07:33:19 6C06D2B1CF88AB83F1CFB24928F63107 25600 ----a-w- C:\windows\SysWOW64\setup16.exe 2015-06-10 07:33:19 65A5E27C2217D606E212B6088CCD6104 92160 ----a-w- C:\windows\SysWOW64\sechost.dll 2015-06-10 07:33:19 629AD3FDA168D82D459164044A29F9BB 40448 ----a-w- C:\windows\SysWOW64\typeperf.exe 2015-06-10 07:33:19 5643A88C6DA8AAEC9CE2845431942650 65536 ----a-w- C:\windows\SysWOW64\TSpkg.dll 2015-06-10 07:33:19 4238391DE3E3FDCD2C731C1E4E0F402C 635392 ----a-w- C:\windows\SysWOW64\tdh.dll 2015-06-10 07:33:19 3E6731BF36A7D6C62D09671B427B6B67 37888 ----a-w- C:\windows\SysWOW64\relog.exe 2015-06-10 07:33:19 3B5DA649BF7B7D07510C06DE0AEEB4EB 82944 ----a-w- C:\windows\SysWOW64\logman.exe 2015-06-10 07:33:18 F72A9953199EF5807D595AE3694B5D01 96768 ----a-w- C:\windows\SysWOW64\sspicli.dll 2015-06-10 07:33:18 D877133532CE090502B1166B360E9516 274944 ----a-w- C:\windows\SysWOW64\KernelBase.dll 2015-06-10 07:33:18 7A9F94E0F53C8F6E09405351AC104A3C 17408 ----a-w- C:\windows\SysWOW64\credssp.dll 2015-06-10 07:33:18 558227F567E977D71B9182013EF03E9C 14336 ----a-w- C:\windows\SysWOW64\ntvdm64.dll 2015-06-10 07:33:18 2D23A10FBFA09DC1B61799128BBA91A2 22016 ----a-w- C:\windows\SysWOW64\secur32.dll 2015-06-10 07:33:17 F81920ADB15012CF4E9FF8238C85686A 1114112 ----a-w- C:\windows\SysWOW64\kernel32.dll 2015-06-10 07:33:16 6C730482615C97B923B88C648FF554A3 5120 ----a-w- C:\windows\SysWOW64\wow32.dll 2015-06-10 07:33:15 EEA17E843EE2EE50D623BEACF50BD815 7680 ----a-w- C:\windows\SysWOW64\instnm.exe 2015-06-10 07:33:15 EC6E5AE2ECFE7A335B370865A1158EF8 2048 ----a-w- C:\windows\SysWOW64\user.exe 2015-06-10 07:33:15 52C869A640B8169D7C8460FB1646ABF5 6656 ----a-w- C:\windows\SysWOW64\apisetschema.dll 2015-06-10 07:33:14 7E7933E63BBE2BE71CC908EF140458EF 60416 ----a-w- C:\windows\SysWOW64\msobjs.dll 2015-06-10 07:33:14 619D5101114C71E1A4A585C5E68301B7 146432 ----a-w- C:\windows\SysWOW64\msaudite.dll 2015-06-10 07:33:14 2E65BF3D85BB2C831669FBCBDE6C9879 686080 ----a-w- C:\windows\SysWOW64\adtschema.dll 2015-06-10 07:32:36 58788565442368B0615DDAF1D452B843 530432 ----a-w- C:\windows\SysWOW64\comctl32.dll 2015-06-10 07:32:17 8C3A03295F56D1FFB51D9D05DA42B12D 47616 ----a-w- C:\windows\SysWOW64\ieetwproxystub.dll 2015-06-10 07:32:17 81C1182A9EE7AC4D21187811DE66A7D0 30720 ----a-w- C:\windows\SysWOW64\iernonce.dll 2015-06-10 07:32:16 9F6066005D8B8620598085C7499E9B70 64000 ----a-w- C:\windows\SysWOW64\MshtmlDac.dll 2015-06-10 07:32:16 6B7210618D7E2CE0404ECF748701253A 76288 ----a-w- C:\windows\SysWOW64\mshtmled.dll 2015-06-10 07:32:15 96837E5864777688477AF6DE2332C06D 503808 ----a-w- C:\windows\SysWOW64\vbscript.dll 2015-06-10 07:32:15 7C9F8DB66A56306C5BBE97F9FC0F01EF 342736 ----a-w- C:\windows\SysWOW64\iedkcs32.dll 2015-06-10 07:32:15 53E9614ADFA6A40A452BA014CEF6F261 1309696 ----a-w- C:\windows\SysWOW64\urlmon.dll 2015-06-10 07:32:15 185490A6C3BEDAC5EF547314F68AB07B 60416 ----a-w- C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-10 07:32:14 F26680AF396F89F7ABFDA1D1D6B62011 285696 ----a-w- C:\windows\SysWOW64\dxtrans.dll 2015-06-10 07:32:14 975421AC32F9F6E27A58F75DAB4B5871 19607040 ----a-w- C:\windows\SysWOW64\mshtml.dll 2015-06-10 07:32:14 2DED8A99E45053C42DD21D6937D3960C 689152 ----a-w- C:\windows\SysWOW64\msfeeds.dll 2015-06-10 07:32:13 C27C8CACEBC712BE2AD791715E9734EC 664064 ----a-w- C:\windows\SysWOW64\jscript.dll 2015-06-10 07:32:13 B6D8148C1C697A7BF04EE0FE82408B6A 710144 ----a-w- C:\windows\SysWOW64\ieapfltr.dll 2015-06-10 07:32:13 927E38A35E4DFC4E294BD130BAA6F759 2278912 ----a-w- C:\windows\SysWOW64\iertutil.dll 2015-06-10 07:32:13 5C06EE62F06E990E9521EA80B8D4D4B8 62464 ----a-w- C:\windows\SysWOW64\iesetup.dll 2015-06-10 07:32:13 4ABEEF30EA5B9F4718312DCB60B6C9BC 2052608 ----a-w- C:\windows\SysWOW64\inetcpl.cpl 2015-06-10 07:32:12 E21AE910DF0C5CB7D46D8FA17A4567DE 115712 ----a-w- C:\windows\SysWOW64\ieUnatt.exe 2015-06-10 07:32:12 DB254D50B4527C2821C537E0587B44E8 12829696 ----a-w- C:\windows\SysWOW64\ieframe.dll 2015-06-10 07:32:12 C93AE4D14AEF5169791B35D97AE7C9FC 47104 ----a-w- C:\windows\SysWOW64\jsproxy.dll 2015-06-10 07:32:12 7DBCBB1647B7CD71E2039C1B50A12717 620032 ----a-w- C:\windows\SysWOW64\jscript9diag.dll 2015-06-10 07:32:12 1A628C1F5470F0AF21E37E425026F27A 478208 ----a-w- C:\windows\SysWOW64\ieui.dll 2015-06-10 07:32:12 17B0852D8202A872C3E6D01B518B6A4E 418304 ----a-w- C:\windows\SysWOW64\dxtmsft.dll 2015-06-10 07:32:11 8C8B8C78C0CCD5D36ABCB115B0B581E1 2724864 ----a-w- C:\windows\SysWOW64\mshtml.tlb 2015-06-10 07:32:10 85E21CCF38166E0D6DE2E42D9D3823BD 1155072 ----a-w- C:\windows\SysWOW64\mshtmlmedia.dll 2015-06-10 07:32:09 FB5C9234E4BF6BDAF4A954763A4582BA 168960 ----a-w- C:\windows\SysWOW64\msrating.dll 2015-06-10 07:32:09 EF853EA2A6A7BD891CCF31B0C2915352 341504 ----a-w- C:\windows\SysWOW64\html.iec 2015-06-10 07:32:09 E4EB138060BAE0DBAB1A3B71A3141FE7 1950720 ----a-w- C:\windows\SysWOW64\wininet.dll 2015-06-10 07:32:09 3FD7E6DB5D81FE400DB4D81D278596E6 4305920 ----a-w- C:\windows\SysWOW64\jscript9.dll ====== C:\windows\SysWOW64\drivers ===== ====== C:\windows\Sysnative ===== 2015-06-13 16:45:27 2A9C3ADBC3B9D061CACDEFFBED67683C 87040 ----a-w- C:\windows\Sysnative\TSWbPrxy.exe 2015-06-13 06:44:26 B5CBA15C9DEDBE914D24AA1494A82DF5 3179520 ----a-w- C:\windows\Sysnative\rdpcorets.dll 2015-06-13 06:44:26 35308B0F821CE1E8EDC2FAB96F3073F3 16384 ----a-w- C:\windows\Sysnative\RdpGroupPolicyExtension.dll 2015-06-13 06:44:26 15C3986C015EA186BCB4E6096528D656 243200 ----a-w- C:\windows\Sysnative\rdpudd.dll 2015-06-12 20:02:12 6DD73E4E947DB3B0608321AE13210D94 6584320 ----a-w- C:\windows\Sysnative\mstscax.dll 2015-06-12 09:36:01 DDED7C5558B3AE09F568945281A9A6D1 44544 ----a-w- C:\windows\Sysnative\TsUsbGDCoInstaller.dll 2015-06-12 09:35:57 FEC6178962DFF33074D39CA907971405 12800 ----a-w- C:\windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll 2015-06-12 09:35:57 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe 2015-06-12 09:35:56 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\windows\Sysnative\mstsc.exe 2015-06-12 09:35:56 7BD2E6E2458A5B95F8341244C7FC7DD4 18944 ----a-w- C:\windows\Sysnative\wksprtPS.dll 2015-06-12 09:35:56 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\windows\Sysnative\wksprt.exe 2015-06-12 09:35:56 5289A00E2D21BB3A7D6761646543ED5C 62976 ----a-w- C:\windows\Sysnative\tsgqec.dll 2015-06-12 09:35:56 149A388C17F04AD1F99B477A43BE1A9F 56832 ----a-w- C:\windows\Sysnative\MsRdpWebAccess.dll 2015-06-12 09:35:55 A4420969E5AB94856E5C0C02E6099D3F 1057280 ----a-w- C:\windows\Sysnative\rdvidcrl.dll 2015-06-12 09:26:20 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\windows\Sysnative\rdpendp_winip.dll 2015-06-12 09:23:25 20E761A4D203D5F403B6EC2FB95B7A6B 1632768 ----a-w- C:\windows\Sysnative\dwmcore.dll 2015-06-12 09:23:23 DDFCECAADEE51EFB82A0548BE5EBD8AC 82944 ----a-w- C:\windows\Sysnative\dwmapi.dll 2015-06-12 09:22:42 E89F94AED85BF3611F61608C26B64177 135168 ----a-w- C:\windows\Sysnative\wuauclt.exe 2015-06-12 09:22:42 D7897C17117286A237A639209F53C51C 98304 ----a-w- C:\windows\Sysnative\wudriver.dll 2015-06-12 09:22:42 C8C3839305F2C4D9A4B33DE6AB83334E 191488 ----a-w- C:\windows\Sysnative\wuwebv.dll 2015-06-12 09:22:42 A76DAC2E9CBB9595D2F806CBFB5C0BC4 696320 ----a-w- C:\windows\Sysnative\wuapi.dll 2015-06-12 09:22:42 803E9B4DF2E931FDB3210F342B89BE9F 36864 ----a-w- C:\windows\Sysnative\wups.dll 2015-06-12 09:22:42 4D9BE5567F9DDC54D41907C9A95F61BF 12288 ----a-w- C:\windows\Sysnative\wu.upgrade.ps.dll 2015-06-12 09:22:42 478007800DAF83A33CECCD776E7FA734 37888 ----a-w- C:\windows\Sysnative\wups2.dll 2015-06-12 09:22:42 4152B8E73C7198DBFBB1FD8A5FFD41F9 3147776 ----a-w- C:\windows\Sysnative\wucltux.dll 2015-06-12 09:22:42 29F4030F3A449AAF68778C1C67603569 87040 ----a-w- C:\windows\Sysnative\WinSetupUI.dll 2015-06-12 09:22:42 19165E301A50829D28C27A832AD16FB0 36864 ----a-w- C:\windows\Sysnative\wuapp.exe 2015-06-12 09:22:42 14882A15F5CE7B8EADC8E7F54FD5B53B 2589184 ----a-w- C:\windows\Sysnative\wuaueng.dll 2015-06-10 07:33:36 9D80A82B0BB77AC3EF6A87FA0C534E20 14635008 ----a-w- C:\windows\Sysnative\wmp.dll 2015-06-10 07:33:35 834FD7C31EA16D59CC3B2DC60F2F2620 9728 ----a-w- C:\windows\Sysnative\spwmp.dll 2015-06-10 07:33:35 1A8C5D4BE449E4A9D8667A341E535E22 5120 ----a-w- C:\windows\Sysnative\msdxm.ocx 2015-06-10 07:33:35 1A8C5D4BE449E4A9D8667A341E535E22 5120 ----a-w- C:\windows\Sysnative\dxmasf.dll 2015-06-10 07:33:33 51ECEE70F33601310DDEF3EEE39550D3 12625920 ----a-w- C:\windows\Sysnative\wmploc.DLL 2015-06-10 07:33:26 AA5319FA8602676B5D3A2B4A1355896D 1255424 ----a-w- C:\windows\Sysnative\diagtrack.dll 2015-06-10 07:33:26 8DCA1C70AF170C3FBCE47A4F49BFC887 424960 ----a-w- C:\windows\Sysnative\KernelBase.dll 2015-06-10 07:33:26 6ECD6D92F43C2DC55099F892978D5BE7 728576 ----a-w- C:\windows\Sysnative\kerberos.dll 2015-06-10 07:33:24 93A05407F8E53BC731C42AAD56163F80 1461760 ----a-w- C:\windows\Sysnative\lsasrv.dll 2015-06-10 07:33:24 6FDF03A3B110C5264F52F979335AE301 1162752 ----a-w- C:\windows\Sysnative\kernel32.dll 2015-06-10 07:33:23 9E2A2028228645DD57EF45A02CAC0CCE 5569984 ----a-w- C:\windows\Sysnative\ntoskrnl.exe 2015-06-10 07:33:23 4FFD08A01047EF6B58F6EB4E6D001A8D 879104 ----a-w- C:\windows\Sysnative\advapi32.dll 2015-06-10 07:33:21 53042708C242959B3924242FBBE297B1 1728960 ----a-w- C:\windows\Sysnative\ntdll.dll 2015-06-10 07:33:20 FF9BBFAE899091C1FF0D1A3F2C587911 243712 ----a-w- C:\windows\Sysnative\wow64.dll 2015-06-10 07:33:20 CCB352B939B77B38983DD878C547451F 503808 ----a-w- C:\windows\Sysnative\srcore.dll 2015-06-10 07:33:20 6703266C1E56157B5965F9AC868A20AC 404992 ----a-w- C:\windows\Sysnative\tracerpt.exe 2015-06-10 07:33:20 48C30C54194142910FB6B86D308220ED 338432 ----a-w- C:\windows\Sysnative\conhost.exe 2015-06-10 07:33:20 2313AF8D5A9CEB4A55400A01DD311A95 215040 ----a-w- C:\windows\Sysnative\winsrv.dll 2015-06-10 07:33:20 16154A6682B1552DEAB953BFA4B8E955 296960 ----a-w- C:\windows\Sysnative\rstrui.exe 2015-06-10 07:33:19 E20BF3FA89DE67B00ED713B5254C0BF0 47104 ----a-w- C:\windows\Sysnative\typeperf.exe 2015-06-10 07:33:19 AD54856A16B635720B0BE5FAF44526FC 210944 ----a-w- C:\windows\Sysnative\wdigest.dll 2015-06-10 07:33:19 A929B9ABA1083AF35ECE7BD63AF3E42F 136192 ----a-w- C:\windows\Sysnative\sspicli.dll 2015-06-10 07:33:19 A5F57F4866C2DC7F8215058D7D56BD21 86528 ----a-w- C:\windows\Sysnative\TSpkg.dll 2015-06-10 07:33:19 9BBEA639884C0338DD78654277BD188A 112640 ----a-w- C:\windows\Sysnative\smss.exe 2015-06-10 07:33:19 996EE6571ADB880A60846DD02C8D5869 314880 ----a-w- C:\windows\Sysnative\msv1_0.dll 2015-06-10 07:33:19 858F04B3C39239972959E9EE97CACAE4 43008 ----a-w- C:\windows\Sysnative\relog.exe 2015-06-10 07:33:19 7C5E375F20F639607376351A8BCC0647 309760 ----a-w- C:\windows\Sysnative\ncrypt.dll 2015-06-10 07:33:19 66DF73B202105406602941778792FE3D 879104 ----a-w- C:\windows\Sysnative\tdh.dll 2015-06-10 07:33:19 4F90A7A0FCBC0ED18E573917860062FF 113664 ----a-w- C:\windows\Sysnative\sechost.dll 2015-06-10 07:33:19 37DFCC91E419952772E02F2B3BBB2E2B 342016 ----a-w- C:\windows\Sysnative\schannel.dll 2015-06-10 07:33:19 210E7D1EA34369194BE09493784E27BE 104448 ----a-w- C:\windows\Sysnative\logman.exe 2015-06-10 07:33:19 1B93381366141875D8EE7EC1085236B9 19456 ----a-w- C:\windows\Sysnative\diskperf.exe 2015-06-10 07:33:19 17A6A9AAD04CCC6EE53290585BFC43AF 31232 ----a-w- C:\windows\Sysnative\lsass.exe 2015-06-10 07:33:19 13DE715D959DD502CFD52DC920408B33 43520 ----a-w- C:\windows\Sysnative\csrsrv.dll 2015-06-10 07:33:19 11D5815F0DC571CE3C72213B375860B1 50176 ----a-w- C:\windows\Sysnative\srclient.dll 2015-06-10 07:33:19 03BA5D20751137F3A705B389C52DB8D6 64000 ----a-w- C:\windows\Sysnative\auditpol.exe 2015-06-10 07:33:18 D68690450978D127E030FB14E9B2023B 16384 ----a-w- C:\windows\Sysnative\ntvdm64.dll 2015-06-10 07:33:18 6ACD3C75BE449F039E1A4E43424D5B6F 28160 ----a-w- C:\windows\Sysnative\secur32.dll 2015-06-10 07:33:18 5EC57AC6DC16CB8A058CA019AA2C188D 29184 ----a-w- C:\windows\Sysnative\sspisrv.dll 2015-06-10 07:33:18 5A17FF38EDE95B2313E428BF444126D7 362496 ----a-w- C:\windows\Sysnative\wow64win.dll 2015-06-10 07:33:18 289D99B0879C6ED5C6D1B3A856CA6DA3 22016 ----a-w- C:\windows\Sysnative\credssp.dll 2015-06-10 07:33:18 20BD408AC3F8576997D6A47F48A1C5B2 13312 ----a-w- C:\windows\Sysnative\wow64cpu.dll 2015-06-10 07:33:15 AF557D115972A73964FC8F209300948A 6656 ----a-w- C:\windows\Sysnative\apisetschema.dll 2015-06-10 07:33:14 8A4EB32C7C948F70EAC6F85063596A39 36864 ----a-w- C:\windows\Sysnative\UtcResources.dll 2015-06-10 07:33:14 837BBE4170D5A75F293BD6F294A8FE34 60416 ----a-w- C:\windows\Sysnative\msobjs.dll 2015-06-10 07:33:14 6E882D7CA34073890107559B5A515A24 146432 ----a-w- C:\windows\Sysnative\msaudite.dll 2015-06-10 07:33:14 6ACFCC28E4D60B5A931D8749332A14E2 686080 ----a-w- C:\windows\Sysnative\adtschema.dll 2015-06-10 07:32:36 51F89CE2D0FEC66070354504E6C4C3E4 633856 ----a-w- C:\windows\Sysnative\comctl32.dll 2015-06-10 07:32:34 1EE2DBA5AD2E5EB618C7FB187C2CFDF4 3206144 ----a-w- C:\windows\Sysnative\win32k.sys 2015-06-10 07:32:17 73509D13542A90E260F45D1D6D4100A8 114688 ----a-w- C:\windows\Sysnative\ieetwcollector.exe 2015-06-10 07:32:16 9DB8E01D5A546FAFCACE95489E351186 48640 ----a-w- C:\windows\Sysnative\ieetwproxystub.dll 2015-06-10 07:32:15 9E2B8C0601E3D460F78F0233B509CE4F 34304 ----a-w- C:\windows\Sysnative\iernonce.dll 2015-06-10 07:32:15 70D24021ED327CE7FFA9DEE327BB4C6B 720384 ----a-w- C:\windows\Sysnative\ie4uinit.exe 2015-06-10 07:32:14 4BD747AAF01C480901B3E777EC48826B 77824 ----a-w- C:\windows\Sysnative\JavaScriptCollectionAgent.dll 2015-06-10 07:32:13 D202078FBA3A77B85D39669EE4110DE2 389840 ----a-w- C:\windows\Sysnative\iedkcs32.dll 2015-06-10 07:32:13 6ABFC5736EC920C4436F32111F5CBCEE 1545728 ----a-w- C:\windows\Sysnative\urlmon.dll 2015-06-10 07:32:13 3C3E159F284F51D55DB59C3D0B843979 2724864 ----a-w- C:\windows\Sysnative\mshtml.tlb 2015-06-10 07:32:13 36F3718E67F442F54AB4A39DCDD8FD19 4096 ----a-w- C:\windows\Sysnative\ieetwcollectorres.dll 2015-06-10 07:32:12 86FDFEA67833DB261EC01A777594EDCF 316928 ----a-w- C:\windows\Sysnative\dxtrans.dll 2015-06-10 07:32:12 57DFACB53ED16190EF732E2430B39741 968704 ----a-w- C:\windows\Sysnative\MsSpellCheckingFacility.exe 2015-06-10 07:32:12 083BCA14FCE290D682D8DAC9372CBF23 801280 ----a-w- C:\windows\Sysnative\msfeeds.dll 2015-06-10 07:32:11 7F8F9AE03D1BA4354671E05F07A40F1A 800768 ----a-w- C:\windows\Sysnative\ieapfltr.dll 2015-06-10 07:32:11 5F8EE9311ECF078CD9426874FFAD660C 66560 ----a-w- C:\windows\Sysnative\iesetup.dll 2015-06-10 07:32:10 FF84182188CA8F0DC28CFED06C9B7816 2125824 ----a-w- C:\windows\Sysnative\inetcpl.cpl 2015-06-10 07:32:10 6E295C7364DAEB151CC0E98434B6AC92 2885632 ----a-w- C:\windows\Sysnative\iertutil.dll 2015-06-10 07:32:09 AFF5C12099B87FA645F8867701729894 54784 ----a-w- C:\windows\Sysnative\jsproxy.dll 2015-06-10 07:32:09 33B5F1A727FACDEA7CDA0E35FFAADDCF 584192 ----a-w- C:\windows\Sysnative\vbscript.dll 2015-06-10 07:32:09 0EDA3219FA027A486AA11269355AB279 144384 ----a-w- C:\windows\Sysnative\ieUnatt.exe 2015-06-10 07:32:07 AE5A2843B4A2E1E558B9EE13EF62CCE5 14404096 ----a-w- C:\windows\Sysnative\ieframe.dll 2015-06-10 07:32:07 8909A24DA8B5C426CF6595BA843B6CC5 490496 ----a-w- C:\windows\Sysnative\dxtmsft.dll 2015-06-10 07:32:07 35622F5A652C4E16774234DCA0026E74 633856 ----a-w- C:\windows\Sysnative\ieui.dll 2015-06-10 07:32:06 ACD6FE6C82B93813F023FC01A51CB940 92160 ----a-w- C:\windows\Sysnative\mshtmled.dll 2015-06-10 07:32:06 4A5A84B457C72E79A64AE4036EC6BB0E 1359360 ----a-w- C:\windows\Sysnative\mshtmlmedia.dll 2015-06-10 07:32:05 CFA52E2FE8E623042A1EEF96EB1B9481 6026240 ----a-w- C:\windows\Sysnative\jscript9.dll 2015-06-10 07:32:05 83781DF625A4448B39410D7FA2BDC48D 816640 ----a-w- C:\windows\Sysnative\jscript.dll 2015-06-10 07:32:05 417F80E4AFBA1AA9EBBD618F1C6D9165 2426880 ----a-w- C:\windows\Sysnative\wininet.dll 2015-06-10 07:32:05 3854BFE1C0F14872C94501421CC40813 814080 ----a-w- C:\windows\Sysnative\jscript9diag.dll 2015-06-10 07:32:04 2BC2D3A41BB755487FD55C09938F00BC 417792 ----a-w- C:\windows\Sysnative\html.iec 2015-06-10 07:32:04 16091938F6CDBCCCBA1CBE24600121BC 88064 ----a-w- C:\windows\Sysnative\MshtmlDac.dll 2015-06-10 07:32:03 06A8CE6C3AE6B7916F026B0EFDDCAAA5 199680 ----a-w- C:\windows\Sysnative\msrating.dll 2015-06-10 07:32:00 A29BAFC1543F9D2234AFFFEA9BCE76C8 24917504 ----a-w- C:\windows\Sysnative\mshtml.dll 2015-06-05 00:29:56 E87D4371B24BC9E5BAE95AEA60FFD959 193536 ----a-w- C:\windows\Sysnative\aepic.dll 2015-06-05 00:29:56 CFF429F2234C1D1A5993E80F46C37CFB 1119232 ----a-w- C:\windows\Sysnative\aeinv.dll 2015-06-05 00:29:56 B23AB4C401E2DE02C47B7497D41E2318 757248 ----a-w- C:\windows\Sysnative\invagent.dll 2015-06-05 00:29:56 52DEF4C743C2EABD6BD3EDC790A0E778 1021440 ----a-w- C:\windows\Sysnative\appraiser.dll 2015-06-05 00:29:56 2DCA988113A02EB9BCB98A5DC2D34E57 700416 ----a-w- C:\windows\Sysnative\generaltel.dll 2015-06-05 00:29:55 6F07FC190DBCB42C8A5319235F72F906 423424 ----a-w- C:\windows\Sysnative\devinv.dll 2015-06-05 00:29:55 6E2EB5A36C3CCD917F7FF9BED7C1390E 45568 ----a-w- C:\windows\Sysnative\acmigration.dll 2015-06-05 00:29:55 587BBA3B3959144334700EC48232712F 227328 ----a-w- C:\windows\Sysnative\aepdu.dll ====== C:\windows\Sysnative\drivers ===== 2015-06-12 09:35:57 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\windows\Sysnative\drivers\TsUsbFlt.sys 2015-06-12 09:26:25 AD64450A4ABE076F5CB34CC08EEACB07 30208 ----a-w- C:\windows\Sysnative\drivers\TsUsbGD.sys 2015-06-12 09:26:25 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\windows\Sysnative\drivers\rdpvideominiport.sys 2015-06-11 16:28:00 E9CD058C79EA15B4AA93E259FA713B07 136408 ----a-w- C:\windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-06-11 16:24:45 F49FB3C88E263AE9A246593B0BB29294 63704 ----a-w- C:\windows\Sysnative\drivers\mwac.sys 2015-06-11 16:24:45 54D70409DE6932E9EFA117779611E7A9 107736 ----a-w- C:\windows\Sysnative\drivers\mbamchameleon.sys 2015-06-11 16:24:45 1E9E32AEC3E1EB1B31B8169F33168B56 25816 ----a-w- C:\windows\Sysnative\drivers\mbam.sys 2015-06-10 07:33:37 36E0DDD19038C92B7C7709BFA03F813F 69888 ----a-w- C:\windows\Sysnative\drivers\stream.sys 2015-06-10 07:33:20 272C27711C8AA6E7815EE33F8ACA9C66 155584 ----a-w- C:\windows\Sysnative\drivers\ksecpkg.sys 2015-06-10 07:33:19 BF69D973523D539A35807946C6DA7E16 95680 ----a-w- C:\windows\Sysnative\drivers\ksecdd.sys ====== C:\windows\Tasks ====== 2015-06-06 07:09:27 D58FD6EF491D410B42E393BB46928EB5 3760 ----a-w- C:\windows\Sysnative\Tasks\AutoKMS 2015-06-02 07:00:38 D378524D63C62A89BC4F38E1363BCB41 4054 ----a-w- C:\windows\Sysnative\Tasks\DropboxUpdateTaskUserS-1-5-21-1804901760-770863985-867342495-1000UA 2015-06-02 07:00:38 4EAAAE335CE2A1E159FFB3CE202EBFAF 1004 ----a-w- C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1804901760-770863985-867342495-1000Core.job 2015-06-02 07:00:38 2AA906CB2EB8664099868864A08AC9FF 3658 ----a-w- C:\windows\Sysnative\Tasks\DropboxUpdateTaskUserS-1-5-21-1804901760-770863985-867342495-1000Core 2015-06-02 07:00:38 1EC942F700C598A93FABD9AB6F04F92A 1056 ----a-w- C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1804901760-770863985-867342495-1000UA.job ====== C:\windows\Temp ====== ======= C:\Program Files ===== 2015-06-14 14:26:36 -------- d-----w- C:\Program Files\trend micro 2015-05-23 08:23:19 -------- d-----w- C:\Program Files\SketchUp ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Arne Coudenys\AppData\Roaming ====== 2015-06-13 15:48:41 -------- d-----w- C:\Users\Gast\AppData\Local\Box Sync 2015-06-12 13:53:12 -------- d-----w- C:\Users\Arne Coudenys\AppData\Roaming\InstallShield 2015-06-11 07:13:32 -------- d-----w- C:\Users\Arne Coudenys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-06-02 07:00:37 -------- d-----w- C:\Users\Arne Coudenys\AppData\Local\Dropbox 2015-06-01 13:22:09 -------- d-----w- C:\Users\Arne Coudenys\AppData\Local\GWX 2015-05-29 17:58:59 -------- d-----w- C:\Users\Arne Coudenys\AppData\Local\Popcorn-Time 2015-05-29 17:55:52 -------- d-----w- C:\Users\Arne Coudenys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2015-05-29 17:55:09 -------- d-----w- C:\Users\Arne Coudenys\AppData\Local\Popcorn Time 2015-05-23 08:32:47 -------- d-----w- C:\Users\Arne Coudenys\AppData\Roaming\SketchUp 2015-05-21 15:56:53 -------- d-----w- C:\Users\Arne Coudenys\AppData\Local\4kdownload.com 2015-05-16 06:07:56 -------- d-----w- C:\Users\Arne Coudenys\AppData\Local\Avg ====== C:\Users\Arne Coudenys ====== 2015-06-14 14:26:05 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Arne Coudenys\Downloads\RSITx64.exe 2015-06-13 15:38:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Manager 2015-06-13 15:35:49 1880E11263F714EEE7172BBCAF473EF5 1017888 ----a-w- C:\Users\Arne Coudenys\Downloads\StM_setup242-re.exe 2015-06-11 16:20:18 6CDEAC78E5677E304477FB36351C3195 21546080 ----a-w- C:\Users\Arne Coudenys\Downloads\mbam-setup-2.1.6.1022.exe 2015-06-02 07:00:37 -------- d-----w- C:\ProgramData\Dropbox 2015-05-23 08:24:08 -------- d---a-w- C:\ProgramData\Reprise 2015-05-23 08:23:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015 2015-05-23 08:23:20 -------- d-----w- C:\ProgramData\SketchUp ====== C: exe-files == 2015-06-14 14:26:36 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Arne Coudenys.exe 2015-06-11 10:18:58 EA3A530CA50D240360C3CA758380CC21 70096 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avguirux.exe 2015-06-11 10:18:58 DD722808DA0C0B18FE67DB8A6D71C384 22992 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtestx.exe 2015-06-11 10:18:58 9B69E01A5A4AA4795F5548C02E877B23 24016 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgrdtesta.exe 2015-06-11 10:18:58 0F0F7BFA5BF6C19794325692F917E58B 6816000 ----a-w- C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe 2015-06-10 07:33:35 E39D7E7FCC5D4B77B8CBA52FEF8753DE 102912 ----a-w- C:\Program Files\Windows Media Player\wmpshare.exe 2015-06-10 07:33:35 8D3316795ACCC0EC0DD6A844E046DA68 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2015-06-10 07:33:35 44854DDB738BF2C507FC2162245361D6 102400 ----a-w- C:\Program Files\Windows Media Player\wmpconfig.exe 2015-06-10 07:32:13 8D4E75DEAA0FFBEFB5F366A4770D9644 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2015-06-10 07:32:10 FF9877ABCA06D539264275321C97BB07 814288 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-06-10 07:32:10 52956B4DD1899CB09BB50FB939F6E99D 490496 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe === C: other files == 2015-06-12 09:35:57 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2015-06-12 09:26:25 AD64450A4ABE076F5CB34CC08EEACB07 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys 2015-06-12 09:26:25 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys 2015-06-11 16:28:00 E9CD058C79EA15B4AA93E259FA713B07 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-06-11 16:24:45 F49FB3C88E263AE9A246593B0BB29294 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-06-11 16:24:45 54D70409DE6932E9EFA117779611E7A9 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-06-11 16:24:45 1E9E32AEC3E1EB1B31B8169F33168B56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-06-10 07:33:37 36E0DDD19038C92B7C7709BFA03F813F 69888 ----a-w- C:\Windows\System32\drivers\stream.sys 2015-06-10 07:33:20 272C27711C8AA6E7815EE33F8ACA9C66 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-06-10 07:33:19 BF69D973523D539A35807946C6DA7E16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-06-10 07:32:34 1EE2DBA5AD2E5EB618C7FB187C2CFDF4 3206144 ----a-w- C:\Windows\System32\win32k.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" "Copy"="C:\Users\Arne Coudenys\AppData\Roaming\Copy\CopyAgent.exe" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1804901760-770863985-867342495-1000\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Akamai NetSession Interface"="C:\Users\Arne Coudenys\AppData\Local\Akamai\netsession_win.exe" "CCleaner"="C:\Program Files\CCleaner\CCleaner64.exe /AUTO" "Dropbox Update"="C:\Users\Arne Coudenys\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "SurDoc"="C:\Program Files (x86)\SurDoc\surdoc.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" "Copy"="C:\Users\Arne Coudenys\AppData\Roaming\Copy\CopyAgent.exe" "Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60" "TSleepSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Akamai NetSession Interface"="C:\Users\Arne Coudenys\AppData\Local\Akamai\netsession_win.exe" "CCleaner"="C:\Program Files\CCleaner\CCleaner64.exe /AUTO" "Dropbox Update"="C:\Users\Arne Coudenys\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "SurDoc"="C:\Program Files (x86)\SurDoc\surdoc.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "SRS Premium Sound HD"="C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe /f=C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip /h" "TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" "Toshiba Registration"="C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe" "Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe" "TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" "TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe" "TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" "QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdAppMgrSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Autodesk Content Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BoxSyncUpdateService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Garmin Core Update Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NAUpdate] ==== Startup Folders ====================== 2015-06-14 07:05:38 989 ----a-w- C:\Users\Arne Coudenys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2012-07-08 16:50:32 1258 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2012-07-08 16:50:32 1258 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2012-11-14 20:15:33 2002 ----a-w- C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2015-06-13 15:46:14 1139 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk 2014-12-11 09:45:21 773 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ==== Task Scheduler Jobs ====================== C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/06/2015 20:24] C:\windows\tasks\DropboxUpdateTaskUserS-1-5-21-1804901760-770863985-867342495-1000Core.job --a------ C:\Users\Arne Coudenys\AppData\Local\Dropbox\Update\DropboxUpdate.exe [02/06/2015 09:00] C:\windows\tasks\DropboxUpdateTaskUserS-1-5-21-1804901760-770863985-867342495-1000UA.job --a------ C:\Users\Arne Coudenys\AppData\Local\Dropbox\Update\DropboxUpdate.exe [02/06/2015 09:00] C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/12/2014 16:29] C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/12/2014 16:29] C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe [] C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe [] ==== Other Scheduled Tasks ====================== "C:\windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\windows\SysNative\tasks\AutoKMS" [C:\windows\AutoKMS\AutoKMS.exe] "C:\windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1804901760-770863985-867342495-1000Core" [C:\Users\Arne Coudenys\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1804901760-770863985-867342495-1000UA" [C:\Users\Arne Coudenys\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe] "C:\windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe] "C:\windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\windows\SysNative\tasks\{91A6BE44-33EB-4C01-8049-DDB03CCBA500}" ["c:\program files (x86)\google\chrome\application\chrome.exe"] "C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\ARNECO~1\AppData\Roaming\Mozilla\Firefox\Profiles\bpinnlba.default - Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com - Undetermined - C:\Users\Arne Coudenys\AppData\Roaming\Mozilla\Firefox\Profiles\bpinnlba.default\extensions\avg@toolbar AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Hotspot Shield Extension - %AppDir%\browser\extensions\afproxy@anchorfree.com ==== Firefox Plugins ====================== Profilepath: C:\Users\Arne Coudenys\AppData\Roaming\Mozilla\Firefox\Profiles\bpinnlba.default F6D12679B9112358AC705A1308156F59 - C:\Users\Arne Coudenys\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player ==== Deleted Firefox Extensions ====================== C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com deleted ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\ARNECO~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[] Google Drive - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf Musictonic - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cbakkiohhfghmaeaafbbgnigkmeanggp Striker Manager - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chmachfiimeggafocgeldapnchdnoiib Google Search - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Calendar - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn Tonematrix - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\enpfehkomaakbncdddjkoffacajcglha AdBlock - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom Pin It Button - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic Lose It - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jehemifhdilebjjpibeianiedocpgocn PT - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kmgohkgndpahjklgpdihieeedjeneoke Evernote Web - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol Google Mail Checker - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff Google Wallet - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Online Muziek Luisteren - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\olacollommkcihebibpjdbhkngcnhgdg Gmail - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia BodBot - Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppnkdiaelidjhcebhmgemlpnghbdgjhk Google Wallet - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ==== Chromium Startpages ====================== C:\Users\Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences B5D007016D99322D95B7D1141FA","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"D1ED48F200C17DE95E066C2EE3050E0C780CB7C0AB9833D39DBD83E0A2813904","pjkljhegncpnkpknbcohdijeoejaedia":"EBD4575EBFA5F0A2FC10BDA82F349DCF4DCFD4BB59A05602CB76A40F83D26DD0","ppnkdiaelidjhcebhmgemlpnghbdgjhk":"30B100BA8D9D64AAB35FEB47C7AD96D837582C46060C21B0CA5A6120793AC469"}},"google":{"services":{"last_username":"0F08D91E7868FC303C855B97E4400C7E880894CAE271FEA26ADD22606559666F","username":"893C472E2DED8A517A1A0FAC4FE363086726FACB22493AC8D38F314136DCE838"}},"homepage":"4FAFBF3AF16D84F404C7B3A7D3363FA0482715136C16F577174B9705FE9C8E0C","homepage_is_newtabpage":"91FAE2932EB19C825A72D3CAF9E1A98E641865D4A625450389D2281D3783EF94","pinned_tabs":"DC0DB71B4AF86DFED2BEACA1D87E98E27B386D1ABEF998A24BB81601EDB6E583","prefs":{"preference_reset_time":"FF19730B485F4425C8B245A5EACA72A4B38A286482E09F22EBA5887136A97A42"},"profile":{"reset_prompt_memento":"7EDEC56BA8A4D075E9A9BFA17937AD2300E75AFB5DCFBEECF0527BB5B486183E"},"safebrowsing":{"incidents_sent":"69D9DF2549A1E23C06A6BBD8DF0D163617C30FF0B2E3A80966C790B50A75ADA8"},"search_provider_overrides":"42699087CF385EE83DBD642012A4EBCD1C71618150F672835D06960F9D868E90","session":{"restore_on_startup":"471ED972395BA7492C33A70CE76E13508D6753201DC29BC5212538867351C9B5","startup_urls":"F6EDD1C890E23D076F49D1EC1C9ACD3AB584FD38D253D065310C07991260A4F6"},"software_reporter":{"prompt_reason":"801876F43A717AA4EFE5DA2412E68E267C7D24971BE155A2464341F9DAC0D8FE","prompt_seed":"12D58FCDD634064D710FD43AB7794828E1514E0AD5E1640B4FAB4C4BCC0A7996","prompt_version":"D4367DE7DF4A0D827B57320670355342891FD356FE69A969C205DA1B88CDAA27"},"sync":{"remaining_rollback_tries":"7D69EFF0F0AC22556F7E7798D03E54A1FDDD08CC8E8AA608AAE9171AAEA9FFCD"}},"super_mac":"A80BC95178ED0991E7DC1C99994572CB76A16B323D8B8EABB24ED4EF3CC46EDC"},"session":{"restore_on_startup":5,"startup_urls":["http://by163w.bay163.mail.live.com/default.aspx","http://www.facebook.com/","http://search.babylon.com/?affID=111796&tt=060612_7_&babsrc=HP_ss&mntrId=36c9b03b00000000000000ff2446eb74","http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=BE&userid=a35339fc-2387-46cf-acc6-7b2f3c22c307&affid=110774&searchtype=hp&babsrc=lnkry","http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA","http://www.google.com/","http://myfitnesspal.com/","http://www.virtuagym.com/","http://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyE0CyBtB0BzyyDtAyDtA0F0CtBtDzzyCtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1152827073","http://search.toggle.com/?lang=nl&cid=c2a242b1","http://www.amazon.com/websearch/ref=bit_bds-p25_serp_cr_us_display?ie=UTF8&tagbase=bds-p25&tbrId=v1_abb-channel-25_b020e7d01bf341d08fee62cf43e69d5f_39_44_20130315_BE_cr_sp_","http://websearch.pu-results.info/?pid=708&r=2013/05/07&hid=784308684&lg=EN&cc=BE","http://websearch.lookforithere.info/?pid=518&r=2013/05/11&hid=784308684&lg=EN&cc=BE&unqvl=14","http://websearch.searchingissme.info/?unqvl=23","http://mysearch.avg.com/?cid={2EFA6C62-53E5-428D-9403-84E81C7A54BB}&mid=3abce6cd310347d0bf5d9d3bffb7ba0f-85cad2d0282959787c211528700c0aa36c20df89&lang=en&ds=xf011&pr=sa&d=2013-08-24 13:01:30&v=15.4.0.5&pid=safeguard&sg=0&sap=hp","http://mysearch.avg.com?cid={50F71A1D-5A32-424F-9CB8-DFFFDAFD2EC9}&mid=3abce6cd310347d0bf5d9d3bffb7ba0f-85cad2d0282959787c211528700c0aa36c20df89&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-22 18:31:53&v=17.3.1.91&pid=safeguard&sg=&sap=hp","http://mysearch.avg.com?cid={50F71A1D-5A32-424F-9CB8-DFFFDAFD2EC9}&mid=3abce6cd310347d0bf5d9d3bffb7ba0f-85cad2d0282959787c211528700c0aa36c20df89&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-22 18:31:53&v=18.0.5.292&pid=safeguard&sg=&sap=hp","http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1eeK7l24Ey_peMn2wnP0QyCO5K5XmXCpPyor6rkTWqHmRgQY2kkZegS0tNIGgOuwEylNH1Y9mdCo6Rdtn4P94IVZvbFaJN8jO8yA0nQt7OHYKY8fQOYLfuFfpvPvsYuFz5xwp84u12-B9Xde0LuIC7GzqTQkppvH1tnXpGikgPDSdMLbY","https://www.google.com/"]},"sync":{"remaining_rollback_tries":0}} C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences {"browser":{"last_known_google_url":"https://www.google.be/","window_placement":{"bottom":850,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":860,"work_area_left":0,"work_area_right":1600,"work_area_top":0}},"countryid_at_install":16965,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","570759"],"daily_original_length_via_data_reduction_proxy":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_original_length_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","570759"],"daily_received_length_https_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_long_bypass_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_short_bypass_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_unknown_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_via_data_reduction_proxy":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"daily_received_length_with_data_reduction_proxy_enabled":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"],"last_update_date":"13078620000000000"},"default_apps_install_state":2,"dns_prefetching":{"host_referral_list":[2,["https://www.google.be/",["https://apis.google.com/",2.2733802,"https://ssl.gstatic.com/",2.2733802,"https://www.google.be/",4.585621599999999,"https://www.google.com/",2.2733802,"https://www.gstatic.com/",2.2733802]]],"startup_list":[1,"http://cache.pack.google.com/","http://r5---sn-uxaxoxu-cg0s.c.pack.google.com/","https://apis.google.com/","https://clients2.google.com/","https://ssl.gstatic.com/","https://www.google.be/","https://www.google.com/","https://www.gstatic.com/"]},"extensions":{"alerts":{"initialized":true},"autoupdate":{"next_check":"13078703871649931"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"last_chrome_version":"43.0.2357.124"},"http_original_content_length":"570759","http_received_content_length":"570759","intl":{"accept_languages":"nl-NL,nl,en-US,en"},"invalidator":{"client_id":"r3hsp6IcQ0Nil1uc3540Wg=="},"media":{"device_id_salt":"4czhhlpkCnWxPTV9zb0mdQ=="},"net":{"http_server_properties":{"servers":{},"version":3}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Eerste gebruiker","per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13078684155549211"},"translate_blocked_languages":["nl"],"translate_whitelists":{}} 6427155","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"nl","default_locale":"en","description":"Google Wallet voor digitale producten","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Google Wallet","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"DF24A2BA6ED50B815F9A1056B7631241262F2775F16FF52F92EAC02B710A466A"},"default_search_provider":{"keyword":"6D041F150080D86D79E3E5B9727424409E5485897C3F39883F254A3AB3FE2118","name":"F4A3D270C892C0CAE4693E0123386EB58C21BD25B8AA17F0C1BEE622F4E876EE","search_url":"A8365C0E7FB4CA43EC7C025AB9DA7EDB904715C88D458D0FF8A01ACD938A45D8"},"default_search_provider_data":{"template_url_data":"617F26B4B5534A5920E1118C4B9A0EE07D8C8424F323189176AAFC1A92CB34E8"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"AB05FCF647A71D06BB6F16543F41B0B6E46E31955D82D549FE6C2E2C3928B81A","bepbmhgboaologfdajaanbcjmnhjmhfn":"3464CE774B39F866DD0FC634BA8870D69AF618F53F9ED1DE56D982A6211CAD2F","eemcgdkfndhakfknompkggombfjjjeno":"3DC91E231EAD78B01D1576B463C099DABB960341BB14CA5C7DABC66D986BABB1","ennkphjdgehloodpbhlhldgbnhmacadg":"A98E9C3ECF695B8D3AAABEE04534ADAB992D6F3A1D71D691AF9F294A9848208C","gfdkimpbcpahaombhbimeihdjnejgicl":"9814BFADB9FBA6A7362F175B287FEC7EF06D44EB18965073AEB30DF21DEA14E5","kmendfapggjehodndflmmgagdbamhnfd":"C4DDE54A40B6B1549A84433C6DDB9B88C2EF0EF40792937D624957E596604BE3","mfehgcgbbipciphmccgaenjidiccnmng":"4C6927255E19D249B0E27432B94355A2B8F521DEA5E173D9EF2BD5BD12DE4BF0","mgndgikekgjfcpckkfioiadnlibdjbkf":"83C1D77B534D7B50B590E013F7D4897281209CDD4C8F8E479BFA51D45DA311F6","mhjfbmdgcfjbbpaeojofohoefgiehjai":"7A0C3D461AE0C6032163F1FBE635DA6F928A760E7CAD22EA021FBBD7F5FF9AFA","neajdppkdcdipfabeoofebfddakdcjhd":"E78C35D2A22B23BA992B8118445D74485B4561DE3A11A398708C7FF8A8E3A840","nkeimhogjdpnpccoofpliimaahmaaome":"6CC8D24834A7C9B7F90B3B84BCD3D9A2394E3FCF7CAC6398B98DE8F0DFFD69FC","nmmhkkegccagdldgiimedpiccmgmieda":"E0F42C227EB9CF23B8558EFD6B8D1007A6114759797AAA51B5A8496706E7AF50"}},"google":{"services":{"last_username":"E046D855A4EF22DA6080C8E157929E0E418ECEA69EA5A0B3AB895D8C44ACF118","username":"E7E1A49225F0D4E1E557B12A7D15420A6D044E1D4C01E1FD46BE0CA4BECD6F50"}},"homepage":"65E486852EB22708442A87EADEF3B94117B0B8E9CCB8C11F2C114F3490B98FFF","homepage_is_newtabpage":"74094910513373DEF0D0F8E49E9D6218A10EC05DF1076147B4FE7CF2F13947C6","pinned_tabs":"DC0DB71B4AF86DFED2BEACA1D87E98E27B386D1ABEF998A24BB81601EDB6E583","prefs":{"preference_reset_time":"FF19730B485F4425C8B245A5EACA72A4B38A286482E09F22EBA5887136A97A42"},"profile":{"reset_prompt_memento":"7EDEC56BA8A4D075E9A9BFA17937AD2300E75AFB5DCFBEECF0527BB5B486183E"},"safebrowsing":{"incidents_sent":"69D9DF2549A1E23C06A6BBD8DF0D163617C30FF0B2E3A80966C790B50A75ADA8"},"search_provider_overrides":"42699087CF385EE83DBD642012A4EBCD1C71618150F672835D06960F9D868E90","session":{"restore_on_startup":"BD52F36CBFFA2FEFD1545F3D1C21D92E4EB028060D7F5C2698B329DB879AC8C2","startup_urls":"0E0E9B3A93FCC85F016877FBD43B292A4B6CF7F63D773BCF3F73827FAAC4DFFA"},"software_reporter":{"prompt_reason":"801876F43A717AA4EFE5DA2412E68E267C7D24971BE155A2464341F9DAC0D8FE","prompt_seed":"12D58FCDD634064D710FD43AB7794828E1514E0AD5E1640B4FAB4C4BCC0A7996","prompt_version":"D4367DE7DF4A0D827B57320670355342891FD356FE69A969C205DA1B88CDAA27"},"sync":{"remaining_rollback_tries":"F38883D715BDDD630953974C2B980D143C91AA7654060310023AD077191A6747"}},"super_mac":"223E6E2BB0BAB7350821264E30AC2C0F481C9D9C5F0BBA798BE6E2441DD9985E"}} ==== Chromium Fix ====================== C:\Users\Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://mysearch.avg.com/?cid={C7B5E91E-4F98-4AE4-A6D7-6F5CD6267A1A}&mid=3abce6cd310347d0bf5d9d3bffb7ba0f-b15108f8d60291332fdc0a59c47fa377cc5c2b91&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-07 13:17:06&v=4.1.0.411&pid=wtu&sg=&sap=hp" "Default_Page_URL"="http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{2EE4A5DC-7CE7-48ED-BDD4-F17D1A403034}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2EE4A5DC-7CE7-48ED-BDD4-F17D1A403034}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {1AB8F4B3-25C5-4757-BA39-375B713C9BF8} Unknown Url="Not_Found" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\Users\Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully C:\Users\Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully C:\Users\Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1804901760-770863985-867342495-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1AB8F4B3-25C5-4757-BA39-375B713C9BF8} deleted successfully HKEY_USERS\S-1-5-21-1804901760-770863985-867342495-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1AB8F4B3-25C5-4757-BA39-375B713C9BF8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1AB8F4B3-25C5-4757-BA39-375B713C9BF8} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2796DCED0947FA548B697A5657DFA40D deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D2F3875400F0000152000060BECB6AB deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{033D331D-1F18-43FE-6A2B-C4DE4F17480A} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0E87D069-3D98-4A80-AF4D-2C5E9AFC5437} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5D5C2732-9189-583E-D0C2-5B8A577939B4} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60C3F49F-4E6E-88CE-69C4-0BBA93564907} deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DECD6972-7490-45AF-B896-A76575FD4AD0} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5783F2D7-F004-0000-5102-0060B0CE6BBA} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2796DCED0947FA548B697A5657DFA40D deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7D2F3875400F0000152000060BECB6AB deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Arne Coudenys\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Arne Coudenys\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKCU\..\Run: [SurDoc] C:\Program Files (x86)\SurDoc\surdoc.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: Dropbox.lnk = Arne Coudenys\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe O4 - Global Startup: Toshiba Places Icon Utility.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\windows\system32\hasplms.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Arne Coudenys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Arne Coudenys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GYE8HX5 will be deleted at reboot C:\Users\Arne Coudenys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NK4D941L will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Arne Coudenys\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1615 folders=377 315481709 bytes) ==== Empty Temp Folders ====================== C:\Users\Arne Coudenys\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gast\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\ARNECO~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Arne Coudenys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GYE8HX5" not found "C:\Users\Arne Coudenys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NK4D941L" not found ==== EOF on zo 14/06/2015 at 23:12:56,71 ======================