Hier het logje :
Zoek.exe Version 4.0.0.2 Updated 31-03-2013
Tool run by Acer on wo 03/04/2013 at 21:35:03,10.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== System Restore Info ======================
3/04/2013 21:35:57 System Restore is disabled.
==== Running Processes ======================
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW10.exe
C:\Documents and Settings\Acer\Bureaublad\zoek.exe
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Installed Programs ======================
Acer eConsole
Acer eMode Management
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI - Nederlands
Adobe Shockwave Player 12.0
AVG 2012
Basissoftware voor HP Officejet 6500 E710n-z
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2183461)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2360131)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2416400)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2482017)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB2497640)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2544521)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2559049)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2586448)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2618444)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2647516)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2675157)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2744842)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2761465)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2792100)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2797052)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
Beveiligingsupdate voor Windows XP (KB2544893-v2)
Beveiligingsupdate voor Windows XP (KB2584146)
Beveiligingsupdate voor Windows XP (KB2585542)
Beveiligingsupdate voor Windows XP (KB2598479)
Beveiligingsupdate voor Windows XP (KB2603381)
Beveiligingsupdate voor Windows XP (KB2618451)
Beveiligingsupdate voor Windows XP (KB2619339)
Beveiligingsupdate voor Windows XP (KB2620712)
Beveiligingsupdate voor Windows XP (KB2621440)
Beveiligingsupdate voor Windows XP (KB2624667)
Beveiligingsupdate voor Windows XP (KB2631813)
Beveiligingsupdate voor Windows XP (KB2633171)
Beveiligingsupdate voor Windows XP (KB2639417)
Beveiligingsupdate voor Windows XP (KB2641653)
Beveiligingsupdate voor Windows XP (KB2646524)
Beveiligingsupdate voor Windows XP (KB2647518)
Beveiligingsupdate voor Windows XP (KB2653956)
Beveiligingsupdate voor Windows XP (KB2655992)
Beveiligingsupdate voor Windows XP (KB2659262)
Beveiligingsupdate voor Windows XP (KB2660465)
Beveiligingsupdate voor Windows XP (KB2661637)
Beveiligingsupdate voor Windows XP (KB2676562)
Beveiligingsupdate voor Windows XP (KB2686509)
Beveiligingsupdate voor Windows XP (KB2691442)
Beveiligingsupdate voor Windows XP (KB2695962)
Beveiligingsupdate voor Windows XP (KB2698365)
Beveiligingsupdate voor Windows XP (KB2705219)
Beveiligingsupdate voor Windows XP (KB2707511)
Beveiligingsupdate voor Windows XP (KB2712808)
Beveiligingsupdate voor Windows XP (KB2719985)
Beveiligingsupdate voor Windows XP (KB2723135)
Beveiligingsupdate voor Windows XP (KB2724197)
Beveiligingsupdate voor Windows XP (KB2727528)
Beveiligingsupdate voor Windows XP (KB2731847)
Beveiligingsupdate voor Windows XP (KB2753842-v2)
Beveiligingsupdate voor Windows XP (KB2753842)
Beveiligingsupdate voor Windows XP (KB2757638)
Beveiligingsupdate voor Windows XP (KB2758857)
Beveiligingsupdate voor Windows XP (KB2770660)
Beveiligingsupdate voor Windows XP (KB2778344)
Beveiligingsupdate voor Windows XP (KB2779030)
Beveiligingsupdate voor Windows XP (KB2780091)
Beveiligingsupdate voor Windows XP (KB2799494)
Beveiligingsupdate voor Windows XP (KB2802968)
C-Media WDM Audio Driver
CCleaner
Compatibility Pack for the 2007 Office system
Google Earth Plug-in
Google Update Helper
Google Updater
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix voor Windows XP (KB2633952)
Hotfix voor Windows XP (KB2779562)
HP Deskjet 3740
HP Officejet 6500 E710n-z Haelp
HP Photo Creations
HP Product Detection
HP Update
HPDiagnosticAlert
I.R.I.S. OCR
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Language Pack - NLD
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 5.2
Microsoft IntelliType Pro 5.2
Microsoft Office Excel Viewer
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 20.0 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.0
Photo Notifier and Animation Creator
PowerDVD
Productverbeteringonderzoek HP Officejet 6500 E710n-z
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Segoe UI
swMSM
TuneUp Utilities Language Pack (nl-NL)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update voor Windows Internet Explorer 8 (KB2447568)
Update voor Windows XP (KB2641690)
Update voor Windows XP (KB2661254-v2)
Update voor Windows XP (KB2718704)
Update voor Windows XP (KB2736233)
Update voor Windows XP (KB2749655)
WebFldrs XP
Windows Back-up
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
==== Reset Hosts File ======================
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== FireFox Fix ======================
Deleted from C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\gchpwlkh.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.be/");
Added to C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\gchpwlkh.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\d2jv0uea.default-1363634868609\prefs.js:
user_pref("browser.startup.homepage", "google");
Added to C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\d2jv0uea.default-1363634868609\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Documents and Settings\Administrator.ACER-T135\Application Data\Mozilla\Firefox\Profiles\wkem4uvd.default\prefs.js:
Added to C:\Documents and Settings\Administrator.ACER-T135\Application Data\Mozilla\Firefox\Profiles\wkem4uvd.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
"C:\FOUND.000" deleted
"C:\FOUND.001" deleted
"C:\FOUND.002" deleted
"C:\FOUND.003" deleted
"C:\FOUND.004" deleted
"C:\FOUND.005" deleted
"C:\FOUND.009" deleted
"C:\FOUND.010" deleted
"C:\FOUND.011" deleted
"C:\FOUND.006" deleted
"C:\FOUND.007" deleted
"C:\FOUND.008" deleted
"C:\FOUND.012" deleted
"C:\FOUND.013" deleted
"C:\FOUND.014" deleted
"C:\FOUND.015" deleted
"C:\FOUND.016" deleted
"C:\FOUND.017" deleted
"C:\FOUND.018" deleted
==== System Specs ======================
Windows: Windows XP Home Edition Service Pack 3 (Build 2600)
Internet Explorer: 8.0.6001.18702
Memory (RAM): 448 MB
CPU Info: AMD Sempron Processor 3000+
CPU Speed: 1770,4 MHz
Sound Card: Realtek AC97 Audio |
Display Adapters: VIA/S3G UniChrome Pro IGP | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; Plug en Play-monitor |
Screen Resolution: 1280 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8139/810x Family Fast Ethernet NIC - Pakketplanner-minipoort
CD / DVD Drives: 1x (E: | ) E: ASUS DRW-1814BLT
Ports: COM1 | COM2 LPT1
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 58,6GB | D: 220,9GB
Hard Disks - Free: C: 42,5GB | D: 220,8GB
Manufacturer *: Award Software International, Inc.
BIOS Info: AT/AT COMPATIBLE | 08/30/05 | VIAK8 - 42302e31
Time Zone: Romance (standaardtijd)
Motherboard *: Acer K8VM800MAE
Sun Java version: 1.7.0_17
Country: België
Language: NLB
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2013-04-02 18:17:00 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
2013-04-02 18:17:00 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
2013-04-02 18:17:00 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
2013-04-02 18:17:00 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
2013-04-02 18:17:00 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
====== C:\DOCUME~1\Acer\LOCALS~1\Temp ====
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-04-02 17:40:09 -------- d-----w- C:\Program Files\Trend Micro
======= C: =====
====== C:\Documents and Settings\Acer\Application Data ======
====== C:\Documents and Settings\Acer ======
2013-04-01 19:46:26 -------- d--h--r- C:\Documents and Settings\Acer\Onlangs geopend
====== C: exe-files ==
2013-04-02 18:17:00 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\WINDOWS\PEV.exe
2013-04-02 18:17:00 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\WINDOWS\grep.exe
2013-04-02 18:17:00 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\WINDOWS\zip.exe
2013-04-02 18:17:00 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\WINDOWS\SWSC.exe
2013-04-02 18:17:00 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\WINDOWS\MBR.exe
=== C: other files ==
2013-04-02 18:19:52 44D449FFD271A20B8D12326CA6D8E0DD 7564 ----a-w- C:\Qoobox\BackEnv\SetPath.bat
======== System Restore Points ========
No Restore Point in System.
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-21-3339670028-2350408140-161039472-1006\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe"
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe"
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe"
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe"
"SoundMan"="SOUNDMAN.EXE"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"AVG_TRAY"="C:\Program Files\AVG\AVG2012\avgtray.exe"
"Google Updater"="C:\Program Files\Google\Google Updater\GoogleUpdater.exe -systray -startup"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG8.1"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSPY2002]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSPY2002"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PHIME2002A"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PHIME2002ASync"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [17/09/2011 10:49]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ [undertermined Task]
C:\WINDOWS\tasks\At2.job --a------ C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [16/11/2010 21:12]
C:\WINDOWS\tasks\At3.job --a------ C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [16/11/2010 21:12]
C:\WINDOWS\tasks\At4.job --a------ C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [16/11/2010 21:12]
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14/03/2013 07:59]
C:\WINDOWS\tasks\Google Software Updater.job --a------ C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [12/08/2012 16:31]
C:\WINDOWS\tasks\User_Feed_Synchronization-{F3CD9E55-B75F-4790-BE71-4F93270E41F8}.job --ah----- [undertermined Task]
C:\WINDOWS\tasks\At1.job --a------ C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [16/11/2010 21:12]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\gchpwlkh.default
- Undetermined - C:\Program Files\Web Assistant\Firefox
- AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
- Undetermined - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.7
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- TimeLineRemove.Com - %ProfilePath%\extensions\jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack
ProfilePath: C:\Documents and Settings\Administrator.ACER-T135\Application Data\Mozilla\Firefox\Profiles\wkem4uvd.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\gchpwlkh.default
D4BD9F86123C87ECA570418B69326F99 - C:\WINDOWS\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.170.2
21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
6C403C77C8657F7F6A4F88106BCD5440 - C:\Program Files\NOS\bin\np_gp.dll - getPlusPlus for Adobe 16291
1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
3EA079023D32054BFD73D08E77C72609 - C:\WINDOWS\system32\npptools.dll - Besturingssysteem Microsoft® Windows®
Profilepath: C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\d2jv0uea.default-1363634868609
47299371607DC2FB234444EEACB1639E - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash
05C4A7136F3012BB47107333B5D351D3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99 - C:\WINDOWS\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.170.2
E971E06DDE68684CB3957C5D0E133CB0 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
546A28FBC44B984FD92530227BF6F5C2 - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll - Shockwave for Director / Shockwave for Director
E0FF893763BA82BAABB869A351F0C455 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update
21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
E0BCE90537E4A41AF36D5BDD5963A09D - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EA768A823B0DE8D2B3FFF8E38F4AFF50 - C:\Program Files\Google\Google Updater\2.4.1808.5272\npCIDetect14.dll - Google Updater
9013599B12923A45C029C34E8D2211AC - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
6C403C77C8657F7F6A4F88106BCD5440 - C:\Program Files\NOS\bin\np_gp.dll - getPlusPlus for Adobe 16291
1C8124B6A03A620EB0CBCA615666D2AE - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
BF2AD333C79072EEBE5AE0D72670E64E - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight
3EA079023D32054BFD73D08E77C72609 - C:\WINDOWS\system32\npptools.dll - Besturingssysteem Microsoft® Windows®
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ndibdjnfmopecpmkdieinmbadjfpblof - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.be/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{10B6074D-C44A-4E57-83BB-38ECC8DC4F4D} AVG Secure Search Url="http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts on Users Desktops ======================
C:\Documents and Settings\Acer\Bureaublad\HiJackThis.lnk - C:\Documents and Settings\Acer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
==== shortcuts on All Users Desktop ======================
C:\Documents and Settings\All Users\Bureaublad\AVG 2012.lnk - C:\Program Files\AVG\AVG2012\avgui.exe
==== shortcuts in Users Start Menu ======================
C:\Documents and Settings\Acer\Menu Start\Programma's\HiJackThis\HiJackThis.lnk - C:\Documents and Settings\Acer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
==== shortcuts in All Users Start Menu ======================
C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Rekenmachine.lnk - C:\WINDOWS\system32\calc.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Paint.lnk - C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Bureau-accessoires\Entertainment\Volumeregeling.lnk - C:\WINDOWS\system32\sndvol32.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\AVG\AVG 2012.lnk - C:\Program Files\AVG\AVG2012\avgui.exe
C:\Documents and Settings\All Users\Menu Start\Programma's\Google Earth\Uninstall Google Earth Plug-in.lnk - C:\WINDOWS\system32\msiexec.exe /x {34B32B70-8081-11E2-89AF-B8AC6F98CCE3} FEEDBACK=1
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="<local>"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
==== HijackThis Entries ======================
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342849095500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342849076812
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE
==== Silent Runners ======================
"Silent Runners.vbs", revision 69, Silent Runners - Adware? Disinfect, don't reformat!
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]
msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
LaunchApp = Alaunch [Acer Inc.]
VTTimer = VTTimer.exe [s3 Graphics, Inc.]
VTTrayp = VTtrayp.exe [s3 Graphics Co., Ltd.]
AspireService = C:\Program Files\Acer\Acer eMode Management\AspireService.exe [Acer Inc.]
MediaSync = C:\Program Files\Acer\Acer eConsole\MediaSync.exe [Acer Inc.]
type32 = "C:\Program Files\Microsoft IntelliType Pro\type32.exe" [MS]
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe" [MS]
SoundMan = SOUNDMAN.EXE [Realtek Semiconductor Corp.]
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [Cyberlink Corp.]
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [HP]
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [Hewlett-Packard Company]
HP Software Update = C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [Hewlett-Packard]
AVG_TRAY = "C:\Program Files\AVG\AVG2012\avgtray.exe" [AVG Technologies CZ, s.r.o.]
Google Updater = "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup [Google]
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [sun Microsystems, Inc.]
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = Internet Explorer
\StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [MS]
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = Outlook Express
\StubPath = C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE [MS]
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = Fax
\StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = Fax Provider
\StubPath = rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM…CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = WormRadar.com IESiteBlocker.NavFilter
-> {HKLM…CLSID} = AVG Safe Search
\InProcServer32\(Default) = C:\Program Files\AVG\AVG2012\avgssie.dll [AVG Technologies CZ, s.r.o.]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…CLSID} = Windows Live Aanmelden - Help
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM…CLSID} = Google Toolbar Notifier BHO
\InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll [Google Inc.]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal-pictogramuitbreiding
-> {HKLM…CLSID} = HyperTerminal Icon Ext
\InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [sun Microsystems, Inc.]
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [sun Microsystems, Inc.]
{63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [sun Microsystems, Inc.]
{3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [sun Microsystems, Inc.]
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} = IntelliType Pro Zooming Control Panel Property Page
-> {HKLM…CLSID} = IntelliType Pro Zooming Property Page
\InProcServer32\(Default) = "C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll" [MS]
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} = IntelliType Pro Scrolling Control Panel Property Page
-> {HKLM…CLSID} = IntelliType Pro Scrolling Property Page
\InProcServer32\(Default) = "C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll" [MS]
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} = IntelliType Pro Key Settings Control Panel Property Page
-> {HKLM…CLSID} = IntelliType Pro Key Settings Property Page
\InProcServer32\(Default) = "C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll" [MS]
{A2569D1F-4E06-43EC-9825-0088B471BE47} = IntelliType Pro Wireless Control Panel Property Page
-> {HKLM…CLSID} = IntelliType Pro Wireless Control Panel Property Page
\InProcServer32\(Default) = "C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll" [MS]
{20082881-FC36-4E47-9A7A-644C95FF749F} = IntelliPoint Wireless Control Panel Property Page
-> {HKLM…CLSID} = Wireless Property Page
\InProcServer32\(Default) = "C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll" [MS]
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} = IntelliPoint Wheel Control Panel Property Page
-> {HKLM…CLSID} = Wheel Property Page
\InProcServer32\(Default) = "C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll" [MS]
{653DCCC2-13DB-45B2-A389-427885776CFE} = IntelliPoint Activities Control Panel Property Page
-> {HKLM…CLSID} = Activities Property Page
\InProcServer32\(Default) = "C:\Program Files\Microsoft IntelliPoint\ipcplact.dll" [MS]
{124597D8-850A-41AE-849C-017A4FA99CA2} = IntelliPoint Buttons Control Panel Property Page
-> {HKLM…CLSID} = Buttons Property Page
\InProcServer32\(Default) = "C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll" [MS]
{0563DB41-F538-4B37-A92D-4659049B7766} = WLMD Message Handler
-> {HKLM…CLSID} = CLSID_WLMCMimeFilter
\InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\MI1933~1\OFFICE11\msohev.dll [MS]
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM…CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM…CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM…CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension
-> {HKLM…CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files\AVG\AVG2012\avgse.dll [AVG Technologies CZ, s.r.o.]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> BootExecute = autocheck autochk *|C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart [AVG Technologies CZ, s.r.o.]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> cetihpz\CLSID = {CF184AD3-CDCB-4168-A3F7-8E447D129300}
-> {HKLM…CLSID} = CZipHandler Object
\InProcServer32\(Default) = C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [Hewlett-Packard Company]
<<!>> linkscanner\CLSID = {F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
-> {HKLM…CLSID} = XPLPPFilter Class
\InProcServer32\(Default) = C:\Program Files\AVG\AVG2012\avgpp.dll [AVG Technologies CZ, s.r.o.]
<<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL [MS]
<<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL [MS]
<<!>> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0}
-> {HKLM…CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
-> {HKLM…CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files\AVG\AVG2012\avgse.dll [AVG Technologies CZ, s.r.o.]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [sun Microsystems, Inc.]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM…CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
-> {HKLM…CLSID} = AVG Shell Extension Class
\InProcServer32\(Default) = C:\Program Files\AVG\AVG2012\avgse.dll [AVG Technologies CZ, s.r.o.]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\
SaveZoneInformation = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Windows Components|Attachment Manager|
Do not preserve zone information in file attachments}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
disableregistrytools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKCU\Software\Policies\Microsoft\Windows\System\
disablecmd = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Documents and Settings\Acer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
MSLivePhotoAcqHWEventHandler\
Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10
ProgID = Microsoft.LivePhotoAcqHWEventHandler
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}
-> {HKLM…CLSID} = (no title provided)
\LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS]
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
MSLiveVideoCameraArrivalCaptureWizard\
Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10
ProgID = WLXAutoPlayMgr.WLXHWEventHandler
InitCmdLine = WLXVideoAcquireWizard
HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}
-> {HKLM…CLSID} = WLXWEventHandler Class
\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS]
MSWPDShellNamespaceHandler\
Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine =
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]
PDVDPlayDVDMovieOnArrival\
Provider = PowerDVD
InvokeProgID = DVD
InvokeVerb = PlayWithPowerDVD
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l" [CyberLink Corp.]
ShowBizCancelAutoPlay\
Provider =
ProgID = ShowBizCancelAutoPlay.CancelAutoPlay
HKLM\SOFTWARE\Classes\ShowBizCancelAutoPlay.CancelAutoPlay\CLSID\(Default) = {C730D06E-F984-421F-B71C-2E7144CFE10E}
-> {HKLM…CLSID} = ShowBiz Cancel AutoPlay
\LocalServer32\(Default) = CancelAutoPlay.exe [file not found]
Enabled Scheduled Tasks: {++}
------------------------
GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
At2 -> launches: C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe /UA 9.1 /DDV 0x0805" [Hewlett-Packard Co.]
At3 -> launches: C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe /UA 9.1 /DDV 0x0805" [Hewlett-Packard Co.]
At4 -> launches: C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe /UA 9.1 /DDV 0x0805" [Hewlett-Packard Co.]
Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
Google Software Updater -> launches: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start [Google]
User_Feed_Synchronization-{F3CD9E55-B75F-4790-BE71-4F93270E41F8} -> launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS]
At1 -> launches: C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe /UA 9.1 /DDV 0x0805" [Hewlett-Packard Co.]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 09
%SystemRoot%\system32\rsvpsp.dll [MS], 10 - 11
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = In weblog opnemen
MenuText = &In weblog opnemen met Windows Live Writer
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM…CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [MS]
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
MenuText = @xpsp3res.dll,-20001
Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Acer Media Server, Acer Media Server, "C:\Program Files\acer\Acer eConsole\MediaServerService.exe" [Acer Inc.]
AVG WatchDog, avgwd, "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.]
Java Quick Starter, JavaQuickStarterService, "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation]
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> PEVSystemStart, Service
<<!>> procexp90.Sys, Driver
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> PEVSystemStart, Service
<<!>> procexp90.Sys, Driver
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP 5412 Status Monitor\Driver = hpinksts5412LM.dll [Hewlett-Packard Co.]
HP Discovery Port Monitor (HP Officejet 6500 E710n-z)\Driver = HPDiscoPM5412.dll [Hewlett-Packard Co.]
hpzsnt10\Driver = hpzsnt10.dll [HP]
==== Empty IE Cache ======================
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Acer\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Documents and Settings\Acer\Local Settings\Application Data\Mozilla\Firefox\Profiles\d2jv0uea.default-1363634868609\Cache emptied successfully
C:\Documents and Settings\Administrator.ACER-T135\Local Settings\Application Data\Mozilla\Firefox\Profiles\wkem4uvd.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Acer\LOCALS~1\Temp successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\Acer\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
