Zoek.exe v5.0.0.0 Updated 10-September-2014 Tool run by Anthony on vr 12-09-2014 at 0:07:37,71. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Anthony\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 12-9-2014 0:10:25 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\BrowseFox deleted successfully C:\PROGRA~2\Movdap deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\Tarma Installer deleted successfully C:\Users\Anthony\AppData\Roaming\TP deleted successfully C:\Users\Anthony\AppData\Local\ms-drivers deleted successfully C:\Users\School\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23398596-cfb3-463e-b896-8976097993b3} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23398596-cfb3-463e-b896-8976097993b3} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4dc528cf-3142-4193-b86d-7d2c121eb9b7} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4dc528cf-3142-4193-b86d-7d2c121eb9b7} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba5f1506-0faa-4db0-a6bd-9928b703f977} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba5f1506-0faa-4db0-a6bd-9928b703f977} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{23398596-cfb3-463e-b896-8976097993b3} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23398596-cfb3-463e-b896-8976097993b3} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4dc528cf-3142-4193-b86d-7d2c121eb9b7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4dc528cf-3142-4193-b86d-7d2c121eb9b7} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ba5f1506-0faa-4db0-a6bd-9928b703f977} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba5f1506-0faa-4db0-a6bd-9928b703f977} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{23398596-cfb3-463e-b896-8976097993b3} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4dc528cf-3142-4193-b86d-7d2c121eb9b7} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{ba5f1506-0faa-4db0-a6bd-9928b703f977} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{bf111a51-c3cd-44bb-be4c-cedb66cc9763} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{89c40de4-1a1f-4923-acdf-33989e807071} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{6a071da3-1fb4-4007-bdc4-7c1cf41ffb36} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{90d5964f-81c8-4de7-a5ea-999b6c5db3a2} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{2cb01755-8080-4023-9d26-e465d5f61037} deleted successfully HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{cd1a63ba-a08c-431b-9a34-f240aadc728d} deleted successfully ==== Installed Programs ====================== ćTorrent Ableton Live 9 Suite Adobe After Effects CC Adobe Creative Cloud Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.08) - Nederlands Allin1Convert Internet Explorer Toolbar AMD Catalyst Install Manager AMD Media Foundation Decoders AMD VISION Engine Control Center Atheros Bluetooth Filter Driver Package Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Driver Installation Program AVG PC TuneUp 2014 AVG PC TuneUp 2014 (nl-NL) Bandicam Bandisoft MPEG-1 Decoder Bejeweled 2 Deluxe Bejeweled 3 Bluetooth Stack for Windows by Toshiba Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon IJ Network Scanner Selector EX Canon IJ Network Tool Canon IJ Scan Utility Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MG4100 series MP Drivers Canon MG4100 series On-screen Manual Canon MG4200 series MP Drivers Canon MG4200 series On-screen Manual Canon MP Navigator EX 5.0 Canon My Printer Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chicken Invaders 3 - Revenge of the Yolk Chuzzle Deluxe Conexant HD Audio Contr“le ActiveX Windows Live Mesh pour connexions … distance Copy D3DX10 DAEMON Tools Lite DAEMON Tools Ultra Diner Dash 2 Restaurant Rescue Dropbox Facebook Video Calling 3.1.0.521 FATE FileZilla Client 3.8.0 Final Drive: Nitro Galerie de photos Windows Live Gebruikersregistratie voor Canon MG4100 series Gebruikersregistratie voor Canon MG4200 series GeoGebra 4.4 GIMP 2.8.10 Google Chrome Google Earth Google Update Helper High-Definition Video Playback Insaniquarium Deluxe inSSIDer Wi-Fi Helper IrfanView (remove only) Java 7 Update 25 Java Auto Updater Java(TM) 6 Update 20 Junk Mail filter update LEGO MINDSTORMS NXT - (Nederlands) Taal Pakket LEGO MINDSTORMS NXT Software v2.0 LEGO MINDSTORMS NXT x64 Driver LEGO MINDSTORMS NXT x64 Driver Support LibreOffice 4.1.1.2 Media Player Media View Media Viewer Media Watch Mesh Runtime Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Klik-en-Klaar 2010 Microsoft Office Starter 2010 - Nederlands Microsoft OneDrive Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 More Games - WildTangent MorphVOX Junior Movavi Screen Capture Studio 5 Mozilla Firefox 28.0 (x86 nl) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Need for Speed Most Wanted Need for SpeedT Most Wanted Nero 10 Movie ThemePack Basic Nero BackItUp 10 Nero BackItUp 10 Help (CHM) Nero BurnRights 10 Nero BurnRights 10 Help (CHM) Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero Express 10 Nero Express 10 Help (CHM) Nero InfoTool 10 Nero InfoTool 10 Help (CHM) Nero Kwik Media Nero Multimedia Suite 10 Essentials Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Update NeroKwikMedia Help (CHM) NI VC2008MSMs x64 NI VC2008MSMs x86 Norton Internet Security Notepad++ Opera Stable 24.0.1558.53 Penguins Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 Polar Bowler PowerISO Python 2.7.6 (64-bit) Raccolta foto di Windows Live Realtek USB 2.0 Reader Driver Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) SkypeT 6.16 Slingo Deluxe Spotify Spybot - Search & Destroy Synaptics Pointing Device Driver Teach2000 versie 8.53 TOSHIBA Assist TOSHIBA Bulletin Board TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA eco Utility TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Manuals TOSHIBA Online Product Information TOSHIBA PC Health Monitor TOSHIBA Places Icon Utility TOSHIBA Recovery Media Creator TOSHIBA Recovery Media Creator Reminder TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Sleep Utility TOSHIBA Supervisor Password TOSHIBA TEMPRO TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBA Wireless LAN Indicator TRORMCLauncher TWLan version 1.5.1 Update Installer for WildTangent Games App Video Player VLC media player 2.0.5 WampServer 2.2 Webexp Enhanced Wedding Dash 2 - Rings Around the World WildTangent Games WildTangent Games App (Toshiba Games) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 5.00 beta 6 (64-bit) Zuma Deluxe ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\PROGRA~2\ALLIN1~1\bar\1.bin\8hbarsvc.exe C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrmon.exe C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe c:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe C:\Program Files (x86)\Opera\24.0.1558.53\opera_crashreporter.exe C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe C:\Program Files (x86)\LibreOffice 4\program\swriter.exe C:\Program Files (x86)\LibreOffice 4\program\soffice.exe C:\Program Files (x86)\LibreOffice 4\program\soffice.bin C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe C:\Program Files (x86)\Opera\24.0.1558.53\opera.exe C:\Users\Anthony\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Allin1Convert_8hService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Allin1Convert_8hService deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Allin1Convert Home Page Guard 64 bit"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba5f1506-0faa-4db0-a6bd-9928b703f977}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Allin1Convert EPM Support"=- "Allin1Convert Search Scope Monitor"=- "Allin1Convert_8h Browser Plugin Loader"=- "Allin1Convert_8h Browser Plugin Loader 64"=- ==== Deleting Files \ Folders ====================== C:\ProgramData\Tarma Installer not found C:\Program Files (x86)\WebexpEnhancedV1 deleted C:\PROGRA~2\TornTV.com deleted C:\PROGRA~2\VideoPlayerV3 deleted C:\PROGRA~2\MediaViewV1 deleted C:\PROGRA~2\MediaViewerV1 deleted C:\PROGRA~2\Better-Surf deleted C:\PROGRA~2\MediaPlayerV1 deleted C:\PROGRA~2\MediaWatchV1 deleted C:\PROGRA~2\MediaBuzzV1 deleted C:\PROGRA~2\RichMediaViewV1 deleted C:\PROGRA~2\Conduit deleted C:\PROGRA~2\COMMON~1\Config deleted C:\extensions.sqlite deleted C:\Users\Anthony\AppData\Roaming\Movdap deleted C:\Users\Anthony\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\Partner deleted C:\PROGRA~3\DSearchLink deleted C:\PROGRA~3\Package Cache deleted C:\Users\Anthony\AppData\Local\CRE deleted C:\Users\Anthony\AppData\Local\avgchrome deleted C:\Users\Anthony\AppData\Local\SwvUpdater deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 deleted C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted C:\Users\Anthony\AppData\LocalLow\Allin1Convert_8h deleted C:\Users\Anthony\AppData\LocalLow\Conduit deleted C:\Users\School\AppData\LocalLow\Allin1Convert_8h deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\tasks\Desk 365 RunAsStdUser deleted C:\END deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Windows\Syswow64\SearchProtect deleted C:\Windows\SysWow64\AI_RecycleBin deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\Anthony\Documents\PC Speed Maximizer deleted C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\k7j95eua.default\searchplugins\trovi-search.xml deleted "C:\ProgramData\droidcam-settings" deleted "C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrmon.exe" deleted "C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrmon64.exe" deleted "C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrstub.dll" deleted "C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrstub64.dll" not deleted "C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe" deleted "C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegratorStub64.dll" deleted "C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\Hpg64.dll" deleted "C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\T8RES.DLL" deleted "C:\PROGRA~2\Allin1Convert_8h\bar\1.bin\8hbrmon.exe" deleted "C:\PROGRA~2\Allin1Convert_8h\bar\1.bin\8hbrmon64.exe" deleted "C:\PROGRA~2\Allin1Convert_8h\bar\1.bin\8hbrstub.dll" deleted "C:\PROGRA~2\Allin1Convert_8h\bar\1.bin\8hbrstub64.dll" not deleted "C:\PROGRA~2\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe" deleted "C:\PROGRA~2\Allin1Convert_8h\bar\1.bin\AppIntegratorStub64.dll" deleted "C:\PROGRA~2\Allin1Convert_8h\bar\1.bin\Hpg64.dll" deleted "C:\PROGRA~2\Allin1Convert_8h\bar\1.bin\T8RES.DLL" deleted "C:\Program Files (x86)\Allin1Convert_8h" not deleted "C:\PROGRA~2\Allin1Convert_8h" not deleted "C:\Program Files (x86)\Allin1Convert_8h\bar" not deleted "C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin" not deleted "C:\PROGRA~2\Allin1Convert_8h\bar" not deleted "C:\PROGRA~2\Allin1Convert_8h\bar\1.bin" not deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 7655 MB CPU Info: AMD A8-3520M APU with Radeon(tm) HD Graphics CPU Speed: 1596,6 MHz Sound Card: Luidsprekers (Conexant SmartAud | Display Adapters: AMD Radeon(TM) HD 6620G | AMD Radeon(TM) HD 6620G | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Bluetooth Personal Area Network | Microsoft Virtual WiFi Miniport Adapter | Atheros AR9002WB-1NG Wireless Network Adapter | Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) CD / DVD Drives: 3x (E: | F: | G: | ) E: TSSTcorpCDDVDW SN-208AB | F: | G: DTSOFT BDROM Ports: COM6 | COM7 | COM10 | COM11 | COM12 | COM13 | COM14 | COM20 | COM21 | COM22 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 297,9GB | D: 297,9GB | Q: 0,0MB Hard Disks - Free: C: 196,2GB | D: 284,4GB | Q: 0,0MB Manufacturer *: Insyde Corp. BIOS Info: AT/AT COMPATIBLE | 11/23/11 | TOSQCI - 1 Time Zone: Romance (standaardtijd) Motherboard *: AMD Torpedo Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated) Anti-Spyware: Norton Internet Security disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Spybot - Search and Destroy disabled (Outdated) Firewall: Norton Internet Security disabled Default Browser: Opera Internet Browser 24.0.1558.53 Internet Explorer Version: 11.0.9600.17239 Mozilla Firefox version: 28.0 (x86 nl) Opera Browser version: 24.0.1558.53 Google Chrome version: 37.0.2062.103 Opera Stable 24.0.1558.53 Adobe Reader version: 11.0.8.4 Sun Java version: 1.7.0_25 (32-bit) Flash Player version: 11.1.102.55 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Anthony\AppData\Local\Temp ==== 2014-09-08 22:14:20 74C24038F3D51AB84F490B991AF56281 43008 ----a-w- C:\Users\Anthony\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv91prj.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-09-11 20:57:15 2413D2216D08FAF7D7178D9E0B481AEB 2285056 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-09-11 20:57:15 3469B9FAE899139FEE7356E91693376A 2777088 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll 2014-09-10 19:58:11 E2BCB58869598B392D6A78953F61A2D9 578048 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-09-10 19:58:10 88BC88D0BDFB6BBE5765D5ABB233C110 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-09-05 22:26:13 99AB1545591A311BFD46086EDDCE3628 2402 ----a-w- C:\Windows\Sysnative\activity.txt 2014-09-05 19:52:36 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\Windows\Sysnative\sdnclean64.exe ====== C:\Windows\Sysnative\drivers ===== 2014-08-17 17:18:04 87CE5C8965E101CCCED1F4675557E868 985536 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-09-08 19:16:49 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2014-09-07 22:58:31 -------- d-----w- C:\PROGRA~2\Microsoft OneDrive 2014-09-05 22:37:44 -------- d-----w- C:\PROGRA~2\MetaGeek 2014-09-02 13:32:47 -------- d-----w- C:\PROGRA~2\GeoGebra 4.4 ======= C: ===== ====== C:\Users\Anthony\AppData\Roaming ====== 2014-09-07 23:28:26 -------- d-----w- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-05 22:50:38 0C4B1ACB72943D8D024DABD9CDC37F85 7605 ----a-w- C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg 2014-09-05 22:38:31 514ECDAFEC4860BD97D5808DB5C1F55A 37 --sh--w- C:\Users\Anthony\AppData\Local\42747051538627b9063d49.45359236 2014-09-05 22:38:27 -------- d-----w- C:\Users\Anthony\AppData\Local\MetaGeek,_LLC 2014-08-25 00:23:00 -------- d-----w- C:\Users\Anthony\AppData\Locallow\Google ====== C:\Users\Anthony ====== 2014-09-08 19:15:54 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Anthony\Downloads\RSITx64.exe 2014-09-07 23:35:09 B5922C3B1CEBD78251259CBADB639582 323696 ----a-w- C:\Users\Anthony\Downloads\DropboxInstaller (2).exe 2014-09-07 23:33:56 -------- d-----r- C:\Users\Anthony\Dropbox 2014-09-07 23:25:54 6AA7BA659D6E2564E93AD63E1BB13F5D 323696 ----a-w- C:\Users\Anthony\Downloads\DropboxInstaller (1).exe 2014-09-07 23:24:28 607AAAE2D6164351CA6E892B8AF6CFD6 323696 ----a-w- C:\Users\Anthony\Downloads\DropboxInstaller.exe 2014-09-07 22:58:31 8D7A1204CC0086FDE7C3C3A08D1840C9 6014120 ----a-w- C:\Users\Anthony\Downloads\OneDriveSetup.exe 2014-09-07 22:58:30 -------- d-----r- C:\Users\Anthony\OneDrive 2014-09-07 22:58:08 -------- d-----w- C:\ProgramData\Microsoft OneDrive 2014-09-05 22:37:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek 2014-09-05 22:24:38 02F5E2DD8AF49A52E5745DCB9EF5F77F 60 ----a-w- C:\Users\Anthony\activity.txt 2014-09-05 21:16:58 CE2AE795117E54CA8403F86E7A3E19A7 167296 ----a-w- C:\Users\Anthony\Downloads\DNSBench.exe 2014-09-02 13:33:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.4 2014-09-02 13:32:00 0B41D7535492232AD066A8DBB1DB97A4 42109112 ----a-w- C:\Users\Anthony\Downloads\GeoGebra-Windows-Installer-4-4-43-0.exe 2014-08-25 00:22:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ====== C: exe-files == 2014-09-08 19:16:53 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Anthony.exe 2014-09-08 19:15:54 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Anthony\Downloads\RSITx64.exe 2014-09-07 23:35:09 B5922C3B1CEBD78251259CBADB639582 323696 ----a-w- C:\Users\Anthony\Downloads\DropboxInstaller (2).exe 2014-09-07 23:28:21 0D789AA845A89EA45F41044B4AF6B284 225240 ----a-w- C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe 2014-09-07 23:28:20 67E4F5C40505F272A7962D3FC8117884 36415760 ----a-w- C:\Users\Anthony\AppData\Roaming\Dropbox\bin\Dropbox.exe 2014-09-07 23:25:54 6AA7BA659D6E2564E93AD63E1BB13F5D 323696 ----a-w- C:\Users\Anthony\Downloads\DropboxInstaller (1).exe 2014-09-07 23:24:28 607AAAE2D6164351CA6E892B8AF6CFD6 323696 ----a-w- C:\Users\Anthony\Downloads\DropboxInstaller.exe 2014-09-07 22:58:31 8D7A1204CC0086FDE7C3C3A08D1840C9 6014120 ----a-w- C:\Users\Anthony\Downloads\OneDriveSetup.exe 2014-09-07 22:58:31 8D7A1204CC0086FDE7C3C3A08D1840C9 6014120 ----a-w- C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe 2014-09-07 22:58:30 8D7A1204CC0086FDE7C3C3A08D1840C9 6014120 ----a-w- C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\OneDriveSetup.exe 2014-09-07 22:58:30 1EAEAFAF61F7DB321A005F8FF64FA8CC 251040 ----a-w- C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe 2014-09-07 22:58:21 2DE22C0868B0FC1E10F06767665A9619 87200 ----a-w- C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveConfig.exe 2014-09-05 21:16:58 CE2AE795117E54CA8403F86E7A3E19A7 167296 ----a-w- C:\Users\Anthony\Downloads\DNSBench.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP" "Copy"="C:\Users\Anthony\AppData\Roaming\Copy\CopyAgent.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2037804108-4009389822-1668227099-1001\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR" "Facebook Update"="C:\Users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "DAEMON Tools Ultra Agent"="C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe -autorun" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Copy"="C:\Users\Anthony\AppData\Roaming\Copy\CopyAgent.exe" "Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean" "SkyDrive"="C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP" "Copy"="C:\Users\Anthony\AppData\Roaming\Copy\CopyAgent.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBAgent"="c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE -startup" "IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE" "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" "TSleepSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" "ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR" "Facebook Update"="C:\Users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "DAEMON Tools Ultra Agent"="C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe -autorun" "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun" "Copy"="C:\Users\Anthony\AppData\Roaming\Copy\CopyAgent.exe" "Spybot-S&D Cleaning"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean" "SkyDrive"="C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe" "SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t" "TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaReminder.exe" "Allin1Convert Home Page Guard 64 bit"="C:\PROGRA~2\ALLIN1~1\bar\1.bin\AppIntegrator64.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe " "TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" "HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe " "TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe " "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "Teco"=""%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r" "TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" "TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe " "TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe " ==== Startup Folders ====================== 2014-09-07 23:30:12 1066 ----a-w- C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-05-13 21:59:22 1258 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2013-05-13 21:59:22 1258 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2013-05-22 15:49:45 1258 ----a-w- C:\Users\School\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk 2013-09-01 20:49:56 956 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk 2011-08-10 03:25:26 773 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2037804108-4009389822-1668227099-1001Core.job --a------ C:\Users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2037804108-4009389822-1668227099-1001UA.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10-08-2011 05:13] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10-08-2011 05:13] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Anthony-Toshiba-Anthony" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\ConfigFree Startup Programs" [C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2037804108-4009389822-1668227099-1001Core" [C:\Users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2037804108-4009389822-1668227099-1001UA" [C:\Users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\WSCStub.exe"] "C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1403975656" [C:\Program Files (x86)\Opera\launcher.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "ext@RichMediaViewV1release351.net"="C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release351\ff" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\k7j95eua.default - Undetermined - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode475\ff - Undetermined - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release351\ff AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\k7j95eua.default D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17 DE3745A51B7AC7FEDC356A83F76C8023 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll - Shockwave Flash 15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bdokohedelokbicimlpigomocpjpacbh - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1167\ch\MediaViewerV1alpha1167.crx[] bmejddjogianaomefdnpgenelpmfmank - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode475\ch\MediaBuzzV1mode475.crx[] cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Anthony\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] dedmngkbaffkenlfdcbganndoghblmap - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx[] dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\Anthony\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[] fgmaenpmkahjjmgompelodognohidmep - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha27\ch\WebexpEnhancedV1alpha27.crx[] fmfgcajfemibjinjjpipnbadcdenalap - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta335\ch\VideoPlayerV3beta335.crx[] gehhfckcionhgiklfgnaoongolgfcooo - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home408\ch\MediaWatchV1home408.crx[] hcmiagpmakljnjclehhgoeolgjllagaf - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release351\ch\RichMediaViewV1release351.crx[] iikflkcanblccfahdhdonehdalibjnif - No path found[] janpolmclijfmcaicgeklbinckjmcghd - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3050\ch\MediaViewV1alpha3050.crx[] lpgjmggepafkhenaeknpnjiceakbedpi - C:\Users\Anthony\AppData\Local\CRE\lpgjmggepafkhenaeknpnjiceakbedpi.crx[] lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\Anthony\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx[31-07-2014 07:47] mmifolfpllfdhilecpdpmemhelmanajl - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx[] ojiepdffacokeaijhnbahjceeobfgkpd - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha2013\ch\MediaViewV1alpha2013.crx[] poheodfamflhhhdcmjfeggbgigeefaco - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions cjofdnhdkbflacojpfpkchgafjahijbb - C:\Users\Anthony\AppData\Local\CRE\cjofdnhdkbflacojpfpkchgafjahijbb.crx[] lpgjmggepafkhenaeknpnjiceakbedpi - C:\Users\Anthony\AppData\Local\CRE\lpgjmggepafkhenaeknpnjiceakbedpi.crx[] Media Buzz - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmejddjogianaomefdnpgenelpmfmank Secure Profile - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\eddeeogaiodnhfkingpegpmhpdiifbgh Rich Media View - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmiagpmakljnjclehhgoeolgjllagaf Google Wallet - Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Docs - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Media Viewer - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokohedelokbicimlpigomocpjpacbh YouTube - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Webexp Enhanced - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmaenpmkahjjmgompelodognohidmep Video Player - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfgcajfemibjinjjpipnbadcdenalap Media Watch - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehhfckcionhgiklfgnaoongolgfcooo Media View - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\janpolmclijfmcaicgeklbinckjmcghd Norton Identity Protection - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Media View - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojiepdffacokeaijhnbahjceeobfgkpd Gmail - School\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Photo Tagger - Anthony\AppData\Roaming\Opera Software\Opera Stable\Extensions\mknamppckfmfbebjliiohafcmbhladbl Last updated at time on date - Anthony\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp ==== Chromium Startpages ====================== C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://search.conduit.com/?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP0E9EEA27-2A08-4FAB-9173-F81DC50168D5&SSPV=", "startup_urls": [ "http://search.conduit.com/?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP0E9EEA27-2A08-4FAB-9173-F81DC50168D5&SSPV=" ], C:\Users\Anthony\AppData\Roaming\Opera Software\Opera Stable\Preferences "startup_urls": [ "http://www.google.be/" ], ==== Chromium Fix ====================== C:\Users\School\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokohedelokbicimlpigomocpjpacbh deleted successfully C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmejddjogianaomefdnpgenelpmfmank deleted successfully C:\Users\School\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmaenpmkahjjmgompelodognohidmep deleted successfully C:\Users\School\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfgcajfemibjinjjpipnbadcdenalap deleted successfully C:\Users\School\AppData\Local\Google\Chrome\User Data\Default\Extensions\gehhfckcionhgiklfgnaoongolgfcooo deleted successfully C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmiagpmakljnjclehhgoeolgjllagaf deleted successfully C:\Users\School\AppData\Local\Google\Chrome\User Data\Default\Extensions\janpolmclijfmcaicgeklbinckjmcghd deleted successfully C:\Users\School\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojiepdffacokeaijhnbahjceeobfgkpd deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_nlBE536BE536" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\12x3q@3244516.com deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@WebexpEnhancedV1alpha27.net deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@VideoPlayerV3beta335.net deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaPlayerV1alpha801.net deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaViewerV1alpha1167.net deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaViewV1alpha3050.net deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaViewV1alpha2013.net deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaWatchV1home408.net deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@MediaBuzzV1mode475.net deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ext@RichMediaViewV1release351.net deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\Anthony\Desktop\GIMP 2.lnk - C:\Program Files\GIMP 2\bin\gimp-2.8.exe C:\Users\Anthony\Desktop\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe C:\Users\Anthony\Desktop\Spotify.lnk - C:\Users\Anthony\AppData\Roaming\Spotify\spotify.exe C:\Users\Anthony\Desktop\Teach2000.lnk - C:\Program Files (x86)\Teach2000\Teach2000.exe C:\Users\Anthony\Desktop\µTorrent.lnk - C:\Users\School\Desktop\Bandicam.lnk - C:\Program Files (x86)\Bandicam\bdcam.exe C:\Users\School\Desktop\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\GeoGebra.lnk - C:\Program Files (x86)\GeoGebra 4.4\GeoGebra.exe C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\inSSIDer Wi-Fi Helper.lnk - C:\Windows\Installer\{E9AB7FB6-D488-4273-B719-4EC757D03D78}\Icon.ico C:\Users\Public\Desktop\LibreOffice 4.1.lnk - C:\Program Files (x86)\LibreOffice 4\program\soffice.exe C:\Users\Public\Desktop\Microsoft Office 2010.lnk - C:\Toshiba\OfficeLink.cmd C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\uistub.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Anthony\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Anthony\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk - C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.4\GeoGebra Forum.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.4\GeoGebra.lnk - C:\Program Files (x86)\GeoGebra 4.4\GeoGebra.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.4\GeoGebraTube.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in DirectX-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth starten in OpenGL-modus.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setOGL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth verwijderen.lnk - C:\Windows\SysWOW64\msiexec.exe /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek\inSSIDer Wi-Fi Helper.lnk - C:\Windows\Installer\{E9AB7FB6-D488-4273-B719-4EC757D03D78}\Icon.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\LiveUpdate.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\uistub.exe /lu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\NBRT.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\uistub.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Support.lnk - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\symerr.exe /support C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Uninstall Norton Internet Security.lnk - C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\21.5.0.19\inststub.exe /X /shortcut ==== shortcuts in Quick Launch ====================== C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=TOSHIBAXMK6475GSX_123HFVMYSXX123HFVMYS&ts=1376002620 C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\LibreOffice Writer.lnk - C:\Program Files (x86)\LibreOffice 4\program\swriter.exe C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera Internet Browser.lnk - C:\Program Files (x86)\Opera\launcher.exe C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\School\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\School\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\School\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\School\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\School\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\School\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Nero BackItUp.lnk - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\BackItUp.exe C:\Users\School\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype .lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\School\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\School\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 ==== shortcuts After Repair ====================== C:\Users\Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bdokohedelokbicimlpigomocpjpacbh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bmejddjogianaomefdnpgenelpmfmank deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fgmaenpmkahjjmgompelodognohidmep deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fmfgcajfemibjinjjpipnbadcdenalap deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gehhfckcionhgiklfgnaoongolgfcooo deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hcmiagpmakljnjclehhgoeolgjllagaf deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\janpolmclijfmcaicgeklbinckjmcghd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lpgjmggepafkhenaeknpnjiceakbedpi deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ojiepdffacokeaijhnbahjceeobfgkpd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lpgjmggepafkhenaeknpnjiceakbedpi deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Video Player deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Copy] "C:\Users\Anthony\AppData\Roaming\Copy\CopyAgent.exe" O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - HKCU\..\Run: [SkyDrive] "C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: Dropbox.lnk = Anthony\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Toshiba Places Icon Utility.lnk = ? O8 - Extra context menu item: Toevoegen aan TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{2D7CD791-5B1A-402A-A55A-2BA26E1594BA}: NameServer = 195.130.130.132,195.130.131.132 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Anthony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Anthony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Anthony\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Anthony\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\School\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Anthony\AppData\Local\Mozilla\Firefox\Profiles\k7j95eua.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Anthony\AppData\Local\Opera Software\Opera Stable\Cache will be emptied at reboot C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\School\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=345 folders=193 110612161 bytes) ==== Empty Temp Folders ====================== C:\Users\Anthony\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\School\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Anthony\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbrstub64.dll" not found "C:\PROGRA~2\Allin1Convert_8h\bar\1.bin\8hbrstub64.dll" not found "C:\Users\Anthony\AppData\Local\Opera Software\Opera Stable\Cache\data_0" deleted "C:\Users\Anthony\AppData\Local\Opera Software\Opera Stable\Cache\data_1" deleted "C:\Users\Anthony\AppData\Local\Opera Software\Opera Stable\Cache\data_2" deleted "C:\Users\Anthony\AppData\Local\Opera Software\Opera Stable\Cache\data_3" deleted "C:\Users\Anthony\AppData\Local\Opera Software\Opera Stable\Cache\index" deleted "C:\Program Files (x86)\Allin1Convert_8h" not found "C:\PROGRA~2\Allin1Convert_8h" not found ==== EOF on vr 12-09-2014 at 23:36:21,12 ======================