Zoek.exe v5.0.0.0 Updated 21-December-2013 Tool run by Mark on za 21-12-2013 at 19:27:28,72. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Mark\Documents\zoek.zip\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 21-12-2013 19:28:45 Zoek.exe System Restore Point Created Succesfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\Program Files\Google deleted successfully C:\ProgramData\ALM deleted successfully C:\ProgramData\Oracle deleted successfully C:\ProgramData\PXISA deleted successfully C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} deleted successfully C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted successfully C:\Users\Mark\AppData\Roaming\Systweak deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} deleted successfully HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D78F0A18-8451-442D-A1F9-47418638975D} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{462be121-2b54-4218-bf00-b9bf8135b23f} deleted successfully HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{87775FDB-6972-41F9-AE51-8326E38CB206} deleted successfully HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{462be121-2b54-4218-bf00-b9bf8135b23f} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jdoynept deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\jdoynept deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\esgiguard deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\esgiguard deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default ---- Lines conduit removed from prefs.js ---- user_pref("browser.search.defaultenginename", "Conduit Search"); user_pref("browser.search.selectedEngine", "Conduit Search"); user_pref("browser.startup.homepage", "http://search.conduit.com/?ctid=CT2865317&SearchSource=13&CUI=SB_CUI&UP=SPE1577791-4B78-49D0-BB25-2B21765BD085" user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q="); user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT2865317&SearchSource=13&CUI=SB_CUI"); user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2865317&SearchSource=13&CUI=SB_CUI"); user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=SB_CUI&q=,http://search user_pref("Smartbar.ConduitSearchEngineList", "uTorrentBar_NL Customized Web Search"); user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q="); user_pref("Smartbar.SearchFromAddressBarSavedUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=SB_CUI&q="); ---- Lines smartbar removed from prefs.js ---- user_pref("Smartbar.keywordURLSelectedCTID", "CT2865317"); user_pref("smartbar.originalHomepage", "https://www.google.nl/"); user_pref("smartbar.originalSearchAddressUrl", ""); user_pref("smartbar.originalSearchEngine", false); ---- FireFox user.js and prefs.js backups ---- user_21-12-2013_1940_.backup prefs_21-12-2013_1940_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] ""=- ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\Optimizer Pro not found C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} not found C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} not found "C:\windows\SysNative\drivers\jdoynept.sys" not found C:\Program Files\Enigma Software Group deleted C:\ProgramData\Bcool deleted C:\PROGRA~2\Conduit deleted C:\found.000 deleted C:\ProgramData\OptimizerPro1 deleted C:\ProgramData\IBUpdaterService deleted C:\ProgramData\InstallMate deleted C:\ProgramData\Premium deleted C:\Users\Mark\AppData\Local\CRE deleted C:\Users\Mark\AppData\Local\Savings Sidekick deleted C:\Users\Mark\AppData\Local\Conduit deleted C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data deleted C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bcool deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteBlocker Parental Control deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\Mark\AppData\LocalLow\WhiteSmoke_US_New deleted C:\Users\Mark\AppData\LocalLow\Bcool deleted C:\Users\Mark\AppData\LocalLow\PriceGong deleted C:\Users\Mark\AppData\LocalLow\Conduit deleted C:\Windows\wininit.ini deleted C:\END deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default\searchplugins\conduit-search.xml deleted C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default\bprotector_extensions.sqlite deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Mark\AppData\Local\Temp ==== 2013-12-21 17:09:11 B91FE1536AB4D680DDD77469EA3FD4BF 24097311 ----a-w- C:\Users\Mark\AppData\Local\Temp\vlc-2.1.2-win32.exe 2013-12-19 17:04:04 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\Mark\AppData\Local\Temp\{201EF4EA-A9B6-41C0-8453-D0D645FCA6C0}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\isrt.dll 2013-12-19 17:04:04 ED2F56B3CE436D38EB7ABB2F11F2317E 12288 ----a-w- C:\Users\Mark\AppData\Local\Temp\{201EF4EA-A9B6-41C0-8453-D0D645FCA6C0}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isuser_0x0413.dll 2013-12-19 17:04:04 D3B8519380A78DFFCD566774D079A7BA 337216 ----a-w- C:\Users\Mark\AppData\Local\Temp\{201EF4EA-A9B6-41C0-8453-D0D645FCA6C0}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isres_0x0413.dll 2013-12-19 17:04:04 94B6F434210BFAD6ABDCF818B8CF350F 11080 ----a-w- C:\Users\Mark\AppData\Local\Temp\{201EF4EA-A9B6-41C0-8453-D0D645FCA6C0}\dotnetinstaller.exe 2013-12-19 17:04:04 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\Mark\AppData\Local\Temp\{201EF4EA-A9B6-41C0-8453-D0D645FCA6C0}\ISBEW64.exe 2013-12-19 17:04:02 900AB7B8B9A4016D9F13B140021A9D5B 808416 ----a-w- C:\Users\Mark\AppData\Local\Temp\{44D2176B-0CC8-4892-B34A-73F6B5351A3D}\Disk1\setup.exe 2013-12-19 17:04:02 5637F2F3F7AD7FA9A810BFD2E0B8DCE2 582624 ----a-w- C:\Users\Mark\AppData\Local\Temp\{44D2176B-0CC8-4892-B34A-73F6B5351A3D}\Disk1\ISSetup.dll 2013-12-16 16:52:50 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\Mark\AppData\Local\Temp\{664A586B-6340-407F-9756-E0C528134F4A}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\isrt.dll 2013-12-16 16:52:50 ED2F56B3CE436D38EB7ABB2F11F2317E 12288 ----a-w- C:\Users\Mark\AppData\Local\Temp\{664A586B-6340-407F-9756-E0C528134F4A}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isuser_0x0413.dll 2013-12-16 16:52:50 D3B8519380A78DFFCD566774D079A7BA 337216 ----a-w- C:\Users\Mark\AppData\Local\Temp\{664A586B-6340-407F-9756-E0C528134F4A}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isres_0x0413.dll 2013-12-16 16:52:50 94B6F434210BFAD6ABDCF818B8CF350F 11080 ----a-w- C:\Users\Mark\AppData\Local\Temp\{664A586B-6340-407F-9756-E0C528134F4A}\dotnetinstaller.exe 2013-12-16 16:52:50 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\Mark\AppData\Local\Temp\{664A586B-6340-407F-9756-E0C528134F4A}\ISBEW64.exe 2013-12-16 16:52:48 900AB7B8B9A4016D9F13B140021A9D5B 808416 ----a-w- C:\Users\Mark\AppData\Local\Temp\{C117BA5B-9835-4045-9F92-C0FACDD26486}\Disk1\setup.exe 2013-12-16 16:52:48 5637F2F3F7AD7FA9A810BFD2E0B8DCE2 582624 ----a-w- C:\Users\Mark\AppData\Local\Temp\{C117BA5B-9835-4045-9F92-C0FACDD26486}\Disk1\ISSetup.dll 2013-12-16 16:44:12 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\Mark\AppData\Local\Temp\{6968DFDB-A297-4AAF-819F-477EB301BE85}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\isrt.dll 2013-12-16 16:44:12 ED2F56B3CE436D38EB7ABB2F11F2317E 12288 ----a-w- C:\Users\Mark\AppData\Local\Temp\{6968DFDB-A297-4AAF-819F-477EB301BE85}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isuser_0x0413.dll 2013-12-16 16:44:12 D3B8519380A78DFFCD566774D079A7BA 337216 ----a-w- C:\Users\Mark\AppData\Local\Temp\{6968DFDB-A297-4AAF-819F-477EB301BE85}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isres_0x0413.dll 2013-12-16 16:44:12 94B6F434210BFAD6ABDCF818B8CF350F 11080 ----a-w- C:\Users\Mark\AppData\Local\Temp\{6968DFDB-A297-4AAF-819F-477EB301BE85}\dotnetinstaller.exe 2013-12-16 16:44:12 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\Mark\AppData\Local\Temp\{6968DFDB-A297-4AAF-819F-477EB301BE85}\ISBEW64.exe 2013-12-16 16:44:10 900AB7B8B9A4016D9F13B140021A9D5B 808416 ----a-w- C:\Users\Mark\AppData\Local\Temp\{E07C3FA8-E419-4BE3-9774-D69A1A88462A}\Disk1\setup.exe 2013-12-16 16:44:10 5637F2F3F7AD7FA9A810BFD2E0B8DCE2 582624 ----a-w- C:\Users\Mark\AppData\Local\Temp\{E07C3FA8-E419-4BE3-9774-D69A1A88462A}\Disk1\ISSetup.dll 2013-12-16 16:17:25 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\Mark\AppData\Local\Temp\{FE7F1B63-C52F-43FB-8C79-E068D07A1D08}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\isrt.dll 2013-12-16 16:17:25 ED2F56B3CE436D38EB7ABB2F11F2317E 12288 ----a-w- C:\Users\Mark\AppData\Local\Temp\{FE7F1B63-C52F-43FB-8C79-E068D07A1D08}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isuser_0x0413.dll 2013-12-16 16:17:25 D3B8519380A78DFFCD566774D079A7BA 337216 ----a-w- C:\Users\Mark\AppData\Local\Temp\{FE7F1B63-C52F-43FB-8C79-E068D07A1D08}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isres_0x0413.dll 2013-12-16 16:17:25 94B6F434210BFAD6ABDCF818B8CF350F 11080 ----a-w- C:\Users\Mark\AppData\Local\Temp\{FE7F1B63-C52F-43FB-8C79-E068D07A1D08}\dotnetinstaller.exe 2013-12-16 16:17:25 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\Mark\AppData\Local\Temp\{FE7F1B63-C52F-43FB-8C79-E068D07A1D08}\ISBEW64.exe 2013-12-16 16:17:23 900AB7B8B9A4016D9F13B140021A9D5B 808416 ----a-w- C:\Users\Mark\AppData\Local\Temp\{E47CE560-372E-4536-B215-5DC729EA6AA1}\Disk1\setup.exe 2013-12-16 16:17:23 5637F2F3F7AD7FA9A810BFD2E0B8DCE2 582624 ----a-w- C:\Users\Mark\AppData\Local\Temp\{E47CE560-372E-4536-B215-5DC729EA6AA1}\Disk1\ISSetup.dll 2013-12-14 18:29:26 827F912E4ADF1A7A021A2405229EEF17 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\TR\PCUDataIntl.DLL 2013-12-14 18:29:25 EE18EAECEC3A42D0D4D4658F5B0C4A51 43456 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\SV\PCUDataIntl.DLL 2013-12-14 18:29:24 830AEBA012C1CEBF6B73585FE62DF079 42944 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\SU\PCUDataIntl.DLL 2013-12-14 18:29:23 CE0D348988C8CD2A40BD9BAF1E8B309A 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\PL\PCUDataIntl.DLL 2013-12-14 18:29:23 13413F4E8A862BC6024E0E6DDBDBC0F9 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\RU\PCUDataIntl.DLL 2013-12-14 18:29:22 FD791F039B8688D4DD9448063036D5B7 44992 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\NL\PCUDataIntl.DLL 2013-12-14 18:29:21 41F2BC16537D10EEB1BF781DA3400877 43968 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\MA\PCUDataIntl.DLL 2013-12-14 18:29:20 F5C9E7B106AD9D7D3E1876D7C18D53DC 36288 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\JP\PCUDataIntl.DLL 2013-12-14 18:29:19 D69642922B57B5738DF5D9437AF3D16B 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\IT\PCUDataIntl.DLL 2013-12-14 18:29:18 C533FE90C27941D8828A587B323CAF16 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\FR\PCUDataIntl.DLL 2013-12-14 18:29:17 7A8F44AE06CAA8785F47A430ED44967D 43968 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\EN\PCUDataIntl.DLL 2013-12-14 18:29:17 4AFB1F96B0616FA1D2D99F7E860C9FB7 46016 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\ES\PCUDataIntl.DLL 2013-12-14 18:29:16 DB8DF327AE067B6C1CBD0E94AE9DC743 45504 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\DE\PCUDataIntl.DLL 2013-12-14 18:29:15 F43AF7C7C7B20D5C4FB5D0F88F464A61 43968 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\CZ\PCUDataIntl.DLL 2013-12-14 18:29:13 2EAD168F356072AEC10739928FAD2F3A 33216 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\CT\PCUDataIntl.DLL 2013-12-14 18:29:11 DA19C0ADCBC3D825D9B08C282730556D 32704 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\CS\PCUDataIntl.DLL 2013-12-14 18:29:08 292915C2E5B35AA37ACAB210DFC735B7 44992 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Lang\BR\PCUDataIntl.DLL 2013-12-14 18:29:06 705AA55D943D54776CA475256A7B8628 22968 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\RMPCUNLR.DLL 2013-12-14 18:29:06 3DF529BE9A36F057B80CA372559655FC 55224 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\DRPCUNLR.DLL 2013-12-14 18:29:06 1253B21802F57AE2EE58A5E25BD40301 2473384 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\SerChckv2.dll 2013-12-14 18:29:05 C7DA145F28E9930FC74B618C3CC3001D 2285000 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\SetupXML.dll 2013-12-14 18:29:05 9B4567D1185A9CE632A6DA8B57A12000 3234760 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Setup.exe 2013-12-14 18:29:05 65388696E7F64C3FEDFE7B6406711B7F 4151240 ----a-w- C:\Users\Mark\AppData\Local\Temp\4CA34D06-6C03-4D15-9040-DF14E8057FBE\Script.dll 2013-12-14 18:11:34 EE18EAECEC3A42D0D4D4658F5B0C4A51 43456 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\SV\PCUDataIntl.DLL 2013-12-14 18:11:34 827F912E4ADF1A7A021A2405229EEF17 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\TR\PCUDataIntl.DLL 2013-12-14 18:11:33 830AEBA012C1CEBF6B73585FE62DF079 42944 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\SU\PCUDataIntl.DLL 2013-12-14 18:11:32 13413F4E8A862BC6024E0E6DDBDBC0F9 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\RU\PCUDataIntl.DLL 2013-12-14 18:11:31 CE0D348988C8CD2A40BD9BAF1E8B309A 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\PL\PCUDataIntl.DLL 2013-12-14 18:11:30 FD791F039B8688D4DD9448063036D5B7 44992 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\NL\PCUDataIntl.DLL 2013-12-14 18:11:30 41F2BC16537D10EEB1BF781DA3400877 43968 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\MA\PCUDataIntl.DLL 2013-12-14 18:11:29 F5C9E7B106AD9D7D3E1876D7C18D53DC 36288 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\JP\PCUDataIntl.DLL 2013-12-14 18:11:29 D69642922B57B5738DF5D9437AF3D16B 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\IT\PCUDataIntl.DLL 2013-12-14 18:11:28 C533FE90C27941D8828A587B323CAF16 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\FR\PCUDataIntl.DLL 2013-12-14 18:11:28 4AFB1F96B0616FA1D2D99F7E860C9FB7 46016 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\ES\PCUDataIntl.DLL 2013-12-14 18:11:27 DB8DF327AE067B6C1CBD0E94AE9DC743 45504 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\DE\PCUDataIntl.DLL 2013-12-14 18:11:27 7A8F44AE06CAA8785F47A430ED44967D 43968 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\EN\PCUDataIntl.DLL 2013-12-14 18:11:26 F43AF7C7C7B20D5C4FB5D0F88F464A61 43968 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\CZ\PCUDataIntl.DLL 2013-12-14 18:11:25 DA19C0ADCBC3D825D9B08C282730556D 32704 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\CS\PCUDataIntl.DLL 2013-12-14 18:11:25 2EAD168F356072AEC10739928FAD2F3A 33216 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\CT\PCUDataIntl.DLL 2013-12-14 18:11:24 292915C2E5B35AA37ACAB210DFC735B7 44992 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Lang\BR\PCUDataIntl.DLL 2013-12-14 18:11:23 EBC629F54B070D89E0C075CC9E0279E4 2485192 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Setup.exe 2013-12-14 18:11:23 9E213942001AD71756DAE483ACC51BBB 1675720 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\SetupXML.dll 2013-12-14 18:11:23 705AA55D943D54776CA475256A7B8628 22968 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\RMPCUNLR.DLL 2013-12-14 18:11:23 6CF7C0572958BA0CCD60D29254418632 2975688 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\Script.dll 2013-12-14 18:11:23 6957B79E687E21F75910D1707F70CBC8 1828264 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\SerChckv2.dll 2013-12-14 18:11:23 3DF529BE9A36F057B80CA372559655FC 55224 ----a-w- C:\Users\Mark\AppData\Local\Temp\8876F179-F87F-4DB8-9FEC-BD3DAC65D489\DRPCUNLR.DLL 2013-12-14 17:48:48 A0BDF494ABDF345F07CB8D3827BE94B5 597952 ----a-w- C:\Users\Mark\AppData\Local\Temp\8416570C-3729-4700-A556-642220BAAEB4\Uninst.exe 2013-12-14 17:26:12 827F912E4ADF1A7A021A2405229EEF17 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\TR\PCUDataIntl.DLL 2013-12-14 17:26:11 EE18EAECEC3A42D0D4D4658F5B0C4A51 43456 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\SV\PCUDataIntl.DLL 2013-12-14 17:26:10 830AEBA012C1CEBF6B73585FE62DF079 42944 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\SU\PCUDataIntl.DLL 2013-12-14 17:26:08 13413F4E8A862BC6024E0E6DDBDBC0F9 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\RU\PCUDataIntl.DLL 2013-12-14 17:26:07 CE0D348988C8CD2A40BD9BAF1E8B309A 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\PL\PCUDataIntl.DLL 2013-12-14 17:26:06 FD791F039B8688D4DD9448063036D5B7 44992 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\NL\PCUDataIntl.DLL 2013-12-14 17:26:04 F5C9E7B106AD9D7D3E1876D7C18D53DC 36288 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\JP\PCUDataIntl.DLL 2013-12-14 17:26:04 41F2BC16537D10EEB1BF781DA3400877 43968 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\MA\PCUDataIntl.DLL 2013-12-14 17:26:03 D69642922B57B5738DF5D9437AF3D16B 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\IT\PCUDataIntl.DLL 2013-12-14 17:26:02 C533FE90C27941D8828A587B323CAF16 44480 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\FR\PCUDataIntl.DLL 2013-12-14 17:26:02 4AFB1F96B0616FA1D2D99F7E860C9FB7 46016 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\ES\PCUDataIntl.DLL 2013-12-14 17:26:01 7A8F44AE06CAA8785F47A430ED44967D 43968 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\EN\PCUDataIntl.DLL 2013-12-14 17:26:00 DB8DF327AE067B6C1CBD0E94AE9DC743 45504 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\DE\PCUDataIntl.DLL 2013-12-14 17:25:58 F43AF7C7C7B20D5C4FB5D0F88F464A61 43968 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\CZ\PCUDataIntl.DLL 2013-12-14 17:25:56 2EAD168F356072AEC10739928FAD2F3A 33216 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\CT\PCUDataIntl.DLL 2013-12-14 17:25:54 DA19C0ADCBC3D825D9B08C282730556D 32704 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\CS\PCUDataIntl.DLL 2013-12-14 17:25:52 292915C2E5B35AA37ACAB210DFC735B7 44992 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Lang\BR\PCUDataIntl.DLL 2013-12-14 17:25:51 705AA55D943D54776CA475256A7B8628 22968 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\RMPCUNLR.DLL 2013-12-14 17:25:51 3DF529BE9A36F057B80CA372559655FC 55224 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\DRPCUNLR.DLL 2013-12-14 17:25:50 EBC629F54B070D89E0C075CC9E0279E4 2485192 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Setup.exe 2013-12-14 17:25:50 9E213942001AD71756DAE483ACC51BBB 1675720 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\SetupXML.dll 2013-12-14 17:25:50 6CF7C0572958BA0CCD60D29254418632 2975688 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\Script.dll 2013-12-14 17:25:50 6957B79E687E21F75910D1707F70CBC8 1828264 ----a-w- C:\Users\Mark\AppData\Local\Temp\F5A5C5D7-5E54-47B9-A3DF-D62D0101F838\SerChckv2.dll 2013-12-14 16:42:20 E6144FB36C1FDC6BA1D1AFA9632588F8 12288 ----a-w- C:\Users\Mark\AppData\Local\Temp\UoFKXqpYfsDoiQOKDKKP.DLL 2013-12-14 16:09:20 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\Mark\AppData\Local\Temp\{361B0D2E-6935-4809-ADE1-A798D0DF9881}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\isrt.dll 2013-12-14 16:09:20 ED2F56B3CE436D38EB7ABB2F11F2317E 12288 ----a-w- C:\Users\Mark\AppData\Local\Temp\{361B0D2E-6935-4809-ADE1-A798D0DF9881}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isuser_0x0413.dll 2013-12-14 16:09:20 D3B8519380A78DFFCD566774D079A7BA 337216 ----a-w- C:\Users\Mark\AppData\Local\Temp\{361B0D2E-6935-4809-ADE1-A798D0DF9881}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isres_0x0413.dll 2013-12-14 16:09:20 94B6F434210BFAD6ABDCF818B8CF350F 11080 ----a-w- C:\Users\Mark\AppData\Local\Temp\{361B0D2E-6935-4809-ADE1-A798D0DF9881}\dotnetinstaller.exe 2013-12-14 16:09:20 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\Mark\AppData\Local\Temp\{361B0D2E-6935-4809-ADE1-A798D0DF9881}\ISBEW64.exe 2013-12-14 16:09:19 900AB7B8B9A4016D9F13B140021A9D5B 808416 ----a-w- C:\Users\Mark\AppData\Local\Temp\{D3C47AE3-6B26-4CB9-8A6A-BC37AB8479F6}\Disk1\setup.exe 2013-12-14 16:09:18 5637F2F3F7AD7FA9A810BFD2E0B8DCE2 582624 ----a-w- C:\Users\Mark\AppData\Local\Temp\{D3C47AE3-6B26-4CB9-8A6A-BC37AB8479F6}\Disk1\ISSetup.dll 2013-12-14 15:48:12 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\Mark\AppData\Local\Temp\{7BC91422-4F4A-44DD-A592-75D5457AAF02}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\isrt.dll 2013-12-14 15:48:12 ED2F56B3CE436D38EB7ABB2F11F2317E 12288 ----a-w- C:\Users\Mark\AppData\Local\Temp\{7BC91422-4F4A-44DD-A592-75D5457AAF02}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isuser_0x0413.dll 2013-12-14 15:48:12 D3B8519380A78DFFCD566774D079A7BA 337216 ----a-w- C:\Users\Mark\AppData\Local\Temp\{7BC91422-4F4A-44DD-A592-75D5457AAF02}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isres_0x0413.dll 2013-12-14 15:48:12 94B6F434210BFAD6ABDCF818B8CF350F 11080 ----a-w- C:\Users\Mark\AppData\Local\Temp\{7BC91422-4F4A-44DD-A592-75D5457AAF02}\dotnetinstaller.exe 2013-12-14 15:48:12 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\Mark\AppData\Local\Temp\{7BC91422-4F4A-44DD-A592-75D5457AAF02}\ISBEW64.exe 2013-12-14 15:48:10 900AB7B8B9A4016D9F13B140021A9D5B 808416 ----a-w- C:\Users\Mark\AppData\Local\Temp\{0454A45B-C59C-493A-911F-25CCD4E39C8D}\Disk1\setup.exe 2013-12-14 15:48:10 5637F2F3F7AD7FA9A810BFD2E0B8DCE2 582624 ----a-w- C:\Users\Mark\AppData\Local\Temp\{0454A45B-C59C-493A-911F-25CCD4E39C8D}\Disk1\ISSetup.dll 2013-12-14 12:26:25 ED2F56B3CE436D38EB7ABB2F11F2317E 12288 ----a-w- C:\Users\Mark\AppData\Local\Temp\{91384525-1BC7-4F7D-9424-0167B6DAEA16}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isuser_0x0413.dll 2013-12-14 12:26:25 D3B8519380A78DFFCD566774D079A7BA 337216 ----a-w- C:\Users\Mark\AppData\Local\Temp\{91384525-1BC7-4F7D-9424-0167B6DAEA16}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isres_0x0413.dll 2013-12-14 12:26:24 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\Mark\AppData\Local\Temp\{91384525-1BC7-4F7D-9424-0167B6DAEA16}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\isrt.dll 2013-12-14 12:26:24 94B6F434210BFAD6ABDCF818B8CF350F 11080 ----a-w- C:\Users\Mark\AppData\Local\Temp\{91384525-1BC7-4F7D-9424-0167B6DAEA16}\dotnetinstaller.exe 2013-12-14 12:26:24 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\Mark\AppData\Local\Temp\{91384525-1BC7-4F7D-9424-0167B6DAEA16}\ISBEW64.exe 2013-12-14 12:26:22 900AB7B8B9A4016D9F13B140021A9D5B 808416 ----a-w- C:\Users\Mark\AppData\Local\Temp\{ACA140F9-B4B7-4B06-A88B-1E4F4E7DF9DF}\Disk1\setup.exe 2013-12-14 12:26:22 5637F2F3F7AD7FA9A810BFD2E0B8DCE2 582624 ----a-w- C:\Users\Mark\AppData\Local\Temp\{ACA140F9-B4B7-4B06-A88B-1E4F4E7DF9DF}\Disk1\ISSetup.dll 2013-12-14 12:08:20 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\Mark\AppData\Local\Temp\{9C85F7C9-12AC-4EAF-8124-83F6A141947D}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\isrt.dll 2013-12-14 12:08:20 ED2F56B3CE436D38EB7ABB2F11F2317E 12288 ----a-w- C:\Users\Mark\AppData\Local\Temp\{9C85F7C9-12AC-4EAF-8124-83F6A141947D}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isuser_0x0413.dll 2013-12-14 12:08:20 D3B8519380A78DFFCD566774D079A7BA 337216 ----a-w- C:\Users\Mark\AppData\Local\Temp\{9C85F7C9-12AC-4EAF-8124-83F6A141947D}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isres_0x0413.dll 2013-12-14 12:08:20 94B6F434210BFAD6ABDCF818B8CF350F 11080 ----a-w- C:\Users\Mark\AppData\Local\Temp\{9C85F7C9-12AC-4EAF-8124-83F6A141947D}\dotnetinstaller.exe 2013-12-14 12:08:20 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\Mark\AppData\Local\Temp\{9C85F7C9-12AC-4EAF-8124-83F6A141947D}\ISBEW64.exe 2013-12-14 12:08:18 900AB7B8B9A4016D9F13B140021A9D5B 808416 ----a-w- C:\Users\Mark\AppData\Local\Temp\{B35BE988-0CD8-4BCB-912D-E5ECDED6C5D7}\Disk1\setup.exe 2013-12-14 12:08:18 5637F2F3F7AD7FA9A810BFD2E0B8DCE2 582624 ----a-w- C:\Users\Mark\AppData\Local\Temp\{B35BE988-0CD8-4BCB-912D-E5ECDED6C5D7}\Disk1\ISSetup.dll 2013-12-14 11:49:37 ED2F56B3CE436D38EB7ABB2F11F2317E 12288 ----a-w- C:\Users\Mark\AppData\Local\Temp\{F44A6318-E3EF-40AA-AC1E-03F793F37E4D}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isuser_0x0413.dll 2013-12-14 11:49:37 D3B8519380A78DFFCD566774D079A7BA 337216 ----a-w- C:\Users\Mark\AppData\Local\Temp\{F44A6318-E3EF-40AA-AC1E-03F793F37E4D}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isres_0x0413.dll 2013-12-14 11:49:36 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\Mark\AppData\Local\Temp\{F44A6318-E3EF-40AA-AC1E-03F793F37E4D}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\isrt.dll 2013-12-14 11:49:36 94B6F434210BFAD6ABDCF818B8CF350F 11080 ----a-w- C:\Users\Mark\AppData\Local\Temp\{F44A6318-E3EF-40AA-AC1E-03F793F37E4D}\dotnetinstaller.exe 2013-12-14 11:49:36 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\Mark\AppData\Local\Temp\{F44A6318-E3EF-40AA-AC1E-03F793F37E4D}\ISBEW64.exe 2013-12-14 11:49:34 900AB7B8B9A4016D9F13B140021A9D5B 808416 ----a-w- C:\Users\Mark\AppData\Local\Temp\{C51D185C-8905-453B-B6F5-254F485677AC}\Disk1\setup.exe 2013-12-14 11:49:34 5637F2F3F7AD7FA9A810BFD2E0B8DCE2 582624 ----a-w- C:\Users\Mark\AppData\Local\Temp\{C51D185C-8905-453B-B6F5-254F485677AC}\Disk1\ISSetup.dll 2013-12-14 11:30:46 ED5AA645392883B21507C8D097FDA277 261424 ----a-w- C:\Users\Mark\AppData\Local\Temp\{85CBD103-524E-4D87-8BE4-037E9C485029}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\isrt.dll 2013-12-14 11:30:46 ED2F56B3CE436D38EB7ABB2F11F2317E 12288 ----a-w- C:\Users\Mark\AppData\Local\Temp\{85CBD103-524E-4D87-8BE4-037E9C485029}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isuser_0x0413.dll 2013-12-14 11:30:46 D3B8519380A78DFFCD566774D079A7BA 337216 ----a-w- C:\Users\Mark\AppData\Local\Temp\{85CBD103-524E-4D87-8BE4-037E9C485029}\{4E95DEAE-FFEE-4D22-9CF3-19195171D6B7}\_isres_0x0413.dll 2013-12-14 11:30:46 94B6F434210BFAD6ABDCF818B8CF350F 11080 ----a-w- C:\Users\Mark\AppData\Local\Temp\{85CBD103-524E-4D87-8BE4-037E9C485029}\dotnetinstaller.exe 2013-12-14 11:30:46 41CB698F967B4D9F2580EA2A21A5A710 107320 ----a-w- C:\Users\Mark\AppData\Local\Temp\{85CBD103-524E-4D87-8BE4-037E9C485029}\ISBEW64.exe 2013-12-14 11:30:44 900AB7B8B9A4016D9F13B140021A9D5B 808416 ----a-w- C:\Users\Mark\AppData\Local\Temp\{92F0055F-1AD6-4C2F-A452-C4B0A9094A4F}\Disk1\setup.exe 2013-12-14 11:30:44 5637F2F3F7AD7FA9A810BFD2E0B8DCE2 582624 ----a-w- C:\Users\Mark\AppData\Local\Temp\{92F0055F-1AD6-4C2F-A452-C4B0A9094A4F}\Disk1\ISSetup.dll 2013-12-14 11:01:52 538FF726CC3DC7CC452BA111C02898DC 346000 ----a-w- C:\Users\Mark\AppData\Local\Temp\Creative Cloud Helper.exe 2013-12-14 10:57:58 ABADE38A820750BAADB360961A2E8D8C 3867512 ----a-w- C:\Users\Mark\AppData\Local\Temp\CreativeCloudSet-Up.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2013-12-11 20:15:57 02DF0628BE8B64B84D50FBE53549AA3B 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL 2013-12-11 20:15:56 6C4B2E1A25841077084EB9F76FF6FFA7 11410432 ----a-w- C:\Windows\SysWOW64\wmp.dll 2013-12-11 20:14:30 C74500A1BCB4113A7310295DD3FA4440 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 20:14:28 3D43EAC957F2F797BE82CF6B04A933F8 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 20:14:28 355BF103E2CF862B00EEB3731E25E802 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-12-11 20:14:27 35DE59C975A0C97E8DBBE095BCC3644E 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2013-12-11 20:14:26 B2E1F7B212502BB49AAD4EFAD37C5CF5 2166784 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-12-11 20:14:26 927FA6456AD6D7630F6854828D2FD16B 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-12-11 20:14:26 08881C59F795C356DE12067E44FFD260 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2013-12-11 20:14:25 84EAF0A08C7742697816E148C066D757 1928192 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2013-12-11 20:14:25 0763C5D8660436D4D961F72609E33BBE 1157632 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-12-11 20:14:24 4B638CE3DAA3A082E576C0DDF9D635D4 11221504 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-12-11 20:14:23 BFAFE990C4A191E83843362B5AC64A9B 17112576 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-12-11 20:14:23 A60A222D3126DD9E380F9D8B651BC13D 4243968 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-12-11 18:03:01 AFA53BD631FB0509A91A99391209BB70 301568 ----a-w- C:\Windows\SysWOW64\msieftp.dll 2013-12-11 18:03:00 E9504E484076585F6DA3C59F0E20E122 417792 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll 2013-12-11 18:02:45 E7B9D5FF20FFDD4AAE2EF1D1B8C27A37 159232 ----a-w- C:\Windows\SysWOW64\imagehlp.dll 2013-12-11 18:02:14 4EC2C3B15B9EC41AD0D6CD918D20376E 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll 2013-12-11 18:02:11 A3B1D1312602280839A4A2AFBDFD066E 163840 ----a-w- C:\Windows\SysWOW64\scrrun.dll 2013-12-11 18:02:11 A3A35EE79C64A640152B3113E6E254E2 126976 ----a-w- C:\Windows\SysWOW64\cscript.exe 2013-12-11 18:02:11 979D74799EA6C8B8167869A68DF5204A 141824 ----a-w- C:\Windows\SysWOW64\wscript.exe 2013-12-11 18:02:11 09F65975C1C9793B923BB52A7FA83453 121856 ----a-w- C:\Windows\SysWOW64\wshom.ocx ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-12-11 20:15:57 AB272BBFB05A8585C3405EFA9F605774 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL 2013-12-11 20:15:55 8CBBB27369F9F07BC5E874E750EAF9D0 14631424 ----a-w- C:\Windows\Sysnative\wmp.dll 2013-12-11 20:14:30 A3427586C75749B51BF5DEBEDEB4AD5C 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-12-11 20:14:29 FB13F4873F6747AB4E3C37CAFEA8ACAE 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2013-12-11 20:14:28 EF098867663B07247587587C29E631DB 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-12-11 20:14:28 4E249022336591E9C6DE374A68C18EF6 574976 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-12-11 20:14:28 3A722B49408BE7FE8A375C3B8FD57BB1 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-12-11 20:14:28 2E2875FFC6C2DC1ACF4F46AFC7819BD5 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-12-11 20:14:28 2A0B7281854ACBECA25D8FDD06A4D714 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-12-11 20:14:28 0F753FDA08F495E515629210FF0DA59E 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2013-12-11 20:14:27 DACB9A752CEB29C1D931514EF73803E1 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2013-12-11 20:14:27 95EED00D70485F6F82983EB7C03CC42A 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2013-12-11 20:14:27 40B33A42F90DED26DE4F5AAFA00F24CA 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2013-12-11 20:14:27 16B0A65F52531B769B891DC251ECC6C0 23183360 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-12-11 20:14:27 14074CF6190B937EB70BE2F93113B5FE 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2013-12-11 20:14:26 7016991D493B9F9FA492E75BD13D031D 2764288 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-12-11 20:14:25 FA30E3DC75EA42FE19B819F30FBDED8D 1995264 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2013-12-11 20:14:25 C8CF11D73017CC588411FCB936891CF4 1395200 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-12-11 20:14:25 9B6678DB9C6A232C5A84D2FDFFF8B0E1 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-12-11 20:14:24 EDF5C6A9F33FBD3D717D1B77A9864C64 12996608 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-12-11 20:14:22 6491B719695D713335B431FCF0EAE28B 5769216 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-12-11 18:03:01 AC38EC8D0C1B4C783CA6A24D239A71B7 335360 ----a-w- C:\Windows\Sysnative\msieftp.dll 2013-12-11 18:03:01 97D50B0CABF18A6D40F8883D02DDB519 3155968 ----a-w- C:\Windows\Sysnative\win32k.sys 2013-12-11 18:03:00 4EDF8812713291DBBFDA67CE6215F236 465920 ----a-w- C:\Windows\Sysnative\WMPhoto.dll 2013-12-11 18:02:45 B4F29F65AD3114051F01E9403346047F 81408 ----a-w- C:\Windows\Sysnative\imagehlp.dll 2013-12-11 18:02:14 5FD67F205773EC80674DBBD609DB5315 2048 ----a-w- C:\Windows\Sysnative\tzres.dll 2013-12-11 18:02:11 ECB021CA3370582F0C7244B0CF06732C 156160 ----a-w- C:\Windows\Sysnative\cscript.exe 2013-12-11 18:02:11 731131A477F69476F2D739B0DB6A9281 202752 ----a-w- C:\Windows\Sysnative\scrrun.dll 2013-12-11 18:02:11 05D80FF3483BD8F268B01703C859198A 150016 ----a-w- C:\Windows\Sysnative\wshom.ocx 2013-12-11 18:02:11 045451FA238A75305CC26AC982472367 168960 ----a-w- C:\Windows\Sysnative\wscript.exe ====== C:\Windows\Sysnative\drivers ===== 2013-12-11 18:02:11 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys 2013-12-11 18:02:11 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys ====== C:\Windows\Tasks ====== 2013-12-12 19:25:50 B4979C0DFFD3CD0F1CF39A7E36703A90 3180 ----a-w- C:\Windows\Sysnative\Tasks\HPCeeScheduleForMark 2013-12-12 19:25:50 37FF1458256A3F737D1C5AE32CB2F0E8 328 ----a-w- C:\Windows\Tasks\HPCeeScheduleForMark.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-12-21 15:54:16 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2013-11-23 11:51:04 -------- d-----w- C:\PROGRA~2\Spirent Communications ======= C: ===== 2013-12-21 18:27:10 6B917DBF4949B2DD891661A084FF072D 2965 ----a-w- C:\runcheck.txt 2013-12-14 19:21:17 8042946509D4D121C7325C8BA1C5EF73 3408 ------w- C:\bootsqm.dat ====== C:\Users\Mark\AppData\Roaming ====== 2013-12-17 18:20:44 -------- d-----w- C:\Users\Mark\AppData\Roaming\PDAppFlex 2013-11-23 12:19:17 -------- d-----w- C:\Users\Mark\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 2013-11-23 11:53:17 -------- d-----w- C:\Users\Mark\AppData\Local\Htc 2013-11-23 11:52:20 -------- d-----w- C:\Users\Mark\AppData\Roaming\HTC ====== C:\Users\Mark ====== 2013-12-19 17:04:09 -------- d-----w- C:\ProgramData\CorelDRAW Graphics Suite X6 2013-11-26 16:51:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2013-11-23 11:51:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync 2013-11-23 11:51:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC ====== C: exe-files == 2013-12-21 15:54:16 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Mark.exe 2013-12-19 17:04:10 9B4567D1185A9CE632A6DA8B57A12000 3234760 ----a-w- C:\ProgramData\CorelDRAW Graphics Suite X6\16.1.0.843\Setup.exe 2013-12-19 17:04:10 85A4206251FB42047C9B0D744F9F9F88 2804168 ----a-w- C:\ProgramData\CorelDRAW Graphics Suite X6\16.1.0.843\SetupARP.exe 2013-12-19 17:04:09 4A28135259875443AB573415FAEEF95A 1723240 ----a-w- C:\ProgramData\CorelDRAW Graphics Suite X6\16.1.0.843\GetMsgs.EXE 2013-12-16 16:07:35 F4CCCAB03392ECA3BCB6EAB9DB2089E0 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_NSPOS.exe 2013-12-16 16:07:35 F228ECDCDF7D094326F43ADF29A0DBD5 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_EMEA.exe 2013-12-16 16:07:35 C7EC72A8673DD2CC88A8384CA6D00120 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_US.exe 2013-12-16 16:07:35 5288FEC36ADB27C8A24623F6DB8858B8 72920 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_toastNotify.exe === C: other files == 2013-12-17 18:09:27 04ECF6C52079D2E117E6B25E5837D089 15724213 ----a-w- C:\Program Files\Adobe\Adobe\AdobePatchFiles\{BA7701F0-F567-4021-BFD2-20D765BF5179}.zip 2013-12-17 18:09:26 1BB2475AF88921A4E4C0836CC61F86E6 398831 ----a-w- C:\Program Files\Adobe\Adobe\AdobePatchFiles\{6C6FBF28-2A79-436D-9AC5-8797F72FC63E}.zip 2013-12-17 18:09:02 2CE2827A91C7EBEAF5763CE39D29EB17 12438118 ----a-w- C:\Program Files (x86)\Adobe\Adobe\AdobePatchFiles\{2B9E61CE-6E24-46C2-97EC-7748FD38E409}.zip 2013-12-17 18:09:01 943AD1337854B41D4AC36882F8A0B8C3 398831 ----a-w- C:\Program Files (x86)\Adobe\Adobe\AdobePatchFiles\{1E8DF00A-DBAA-4D03-9A21-906700174713}.zip 2013-12-17 18:08:46 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\Adobe\AdobePatchFiles\{81036849-4B6D-4CB8-8D47-31222F3540E3}.zip 2013-12-17 17:59:09 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\Adobe\AdobePatchFiles\{DE9B086C-67C4-4EB7-9786-9531AD8FEAE8}.zip 2013-12-17 17:59:00 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\Adobe\AdobePatchFiles\{0F60BFC9-8764-4554-B222-2B55089F395D}.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-641389877-299622356-937118616-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe /c" "uTorrent"="C:\Users\Mark\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "HPQuickWebProxy"="C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" "HPOSD"="C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" "HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey" "niDevMon"="C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe " "HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" "HTC Sync Loader"="C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe -startup" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe /c" "uTorrent"="C:\Users\Mark\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~3\\codecs~1\\22639~1.201\\{16cdf~1\\codecm~1.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PAN Tray" "BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll,TrayApp" "SetDefault"="C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Registry Disabled ====================== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" "Google Update"="\"C:\\Users\\Mark\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Creative Cloud] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Creative Cloud" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Adobe Creative Cloud\\ACC\\Creative Cloud.exe\" --showwindow=false --onOSstartup=true" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeAAMUpdater-1.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeCS6ServiceManager" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "hkey"="HKCU" "command"="\"C:\\Users\\Mark\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_96D28242BA1FDBE7F82E6712BD4F4597] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleChromeAutoLaunch_96D28242BA1FDBE7F82E6712BD4F4597" "hkey"="HKCU" "command"="\"C:\\Users\\Mark\\AppData\\Local\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NI Update Service] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NI Update Service" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\National Instruments\\Shared\\Update Service\\NIUpdateService.exe\" -startupTask " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NIRegistrationWizard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NIRegistrationWizard" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\National Instruments\\Shared\\RegistrationWizard\\Bin\\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1043 " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Optimizer Pro" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Optimizer Pro\\OptProLauncher.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="uTorrent" "hkey"="HKCU" "command"="\"C:\\Users\\Mark\\AppData\\Roaming\\uTorrent\\uTorrent.exe\" /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "path"="C:\\Users\\Mark\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Mark\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup" "item"="Dropbox" ==== Startup Folders ====================== 2013-11-25 16:53:35 1010 ----a-w- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-05-24 08:59:36 1223 ---ha-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641389877-299622356-937118616-1000Core1ce48ebcfbf444c.job --a------ C:I;C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-641389877-299622356-937118616-1000UA.job --a------ C:;C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\HPCeeScheduleForMAESTRO$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15-07-2011 04:43] C:\Windows\tasks\HPCeeScheduleForMark.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15-07-2011 04:43] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Maestro-Mark" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\Codecs Pack Manager" [C:\Windows\system32\sc.exe start Codecs Pack Manager] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Google Updater and Installer" [C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-641389877-299622356-937118616-1000Core" [C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-641389877-299622356-937118616-1000Core1ce48ebcfbf444c" [C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-641389877-299622356-937118616-1000UA" [C:\Users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForMAESTRO$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForMark" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] "C:\Windows\SysNative\tasks\Launch HTC Sync Loader" [C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\NIUpdateServiceCheckTask" [C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{2804BC2C-2514-4AA4-8E1A-F28A3FD7A79E}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{844E80A6-47A1-43E0-B645-7794052150D9}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{956A4DB7-EA2D-4933-BDA1-11B2711E69A3}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - TrueSuite Website Logon - %AppDir%\extensions\websitelogon@truesuite.com - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\5awyvyzn.default F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash C36444D7301A8C881FC7296B092609C7 - C:\Users\Mark\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update AE7B288233C212C62CD544BF768C45E6 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll - Shockwave for Director / Shockwave for Director ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Mark\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] debkinhcgejcbfgjiaalomcmkedjmiaa - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx[25-08-2011 04:41] dhdepfaagokllfmhfbcfmocaeigmoebo - C:\Users\Mark\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx[] ejpbbhjlbipncjklfjjaedaieimbmdda - C:\Users\Mark\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx[] gklnghebegehegmhjjfpfpbdfbbekgoe - C:\ProgramData\Bcool\gklnghebegehegmhjjfpfpbdfbbekgoe.crx[] mkahlblhkpnkaijmlekfdodcncpeajik - C:\ProgramData\Bcool\mkahlblhkpnkaijmlekfdodcncpeajik.crx[] pdkahhgpfcgpnlanplmfihdbhcjkdemb - C:\ProgramData\Bcool\pdkahhgpfcgpnlanplmfihdbhcjkdemb.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Mark\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] ejpbbhjlbipncjklfjjaedaieimbmdda - C:\Users\Mark\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx[] Website Logon - Mark - Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa Savings Sidekick - Mark - Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo uTorrentControl_v2 - Mark - Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Bcool - Mark - Default\Extensions\gklnghebegehegmhjjfpfpbdfbbekgoe Bcool - Mark - Default\Extensions\mkahlblhkpnkaijmlekfdodcncpeajik Bcool - Mark - Default\Extensions\pdkahhgpfcgpnlanplmfihdbhcjkdemb ==== Chrome Fix ====================== C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkahlblhkpnkaijmlekfdodcncpeajik deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mkahlblhkpnkaijmlekfdodcncpeajik_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0 deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejpbbhjlbipncjklfjjaedaieimbmdda_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ejpbbhjlbipncjklfjjaedaieimbmdda_0 deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklnghebegehegmhjjfpfpbdfbbekgoe deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gklnghebegehegmhjjfpfpbdfbbekgoe_0.localstorage deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdkahhgpfcgpnlanplmfihdbhcjkdemb deleted successfully C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pdkahhgpfcgpnlanplmfihdbhcjkdemb_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="http://nl.wikipedia.org/wiki/Special:Search?search={searchTerms}" {EC2C94E3-E356-47E0-AFA8-8F929D40D29C} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_nlNL530" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0E931A51-A183-4E66-8562-D82896E74C67} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mkahlblhkpnkaijmlekfdodcncpeajik deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gklnghebegehegmhjjfpfpbdfbbekgoe deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pdkahhgpfcgpnlanplmfihdbhcjkdemb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R7OP9Z8M will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Mark\AppData\Local\Mozilla\Firefox\Profiles\5awyvyzn.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\Mark\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Mark\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R7OP9Z8M" not found ==== EOF on za 21-12-2013 at 19:58:11,96 ======================