Zoek.exe v5.0.0.0 Updated 19-November-2014 Tool run by Theo on do 20-11-2014 at 14:51:52,42. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Theo\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 20-11-2014 15:01:21 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Feed2All deleted successfully C:\PROGRA~2\PokerStars.EU deleted successfully C:\PROGRA~2\WinZip Registry Optimizer deleted successfully C:\Program Files\Google deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\PROGRA~3\BitGuard deleted successfully C:\PROGRA~3\Browser Manager deleted successfully C:\PROGRA~3\BrowserProtect deleted successfully C:\PROGRA~3\Systweak deleted successfully C:\PROGRA~3\{12AACD5D-4833-4218-BE1B-018803F7BA1D} deleted successfully C:\PROGRA~3\{B1148819-B88A-4DDE-A988-CA8093A887F4} deleted successfully C:\Users\Theo\AppData\Roaming\Macromedia deleted successfully C:\Users\Theo\AppData\Roaming\Nico Mak Computing deleted successfully C:\Users\Theo\AppData\Roaming\Simpelfact deleted successfully C:\Users\Theo\AppData\Roaming\TP deleted successfully C:\Users\Theo\AppData\Roaming\Windows Live Writer deleted successfully C:\Users\Theo\AppData\Local\Conduit deleted successfully C:\Users\Theo\AppData\Local\CUSTPDF Writer deleted successfully C:\Users\Theo\AppData\Local\PackageAware deleted successfully C:\Users\Theo\AppData\Local\PokerStars.EU deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{282b0e54-8981-49eb-9193-5910a1f6fd33} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{282b0e54-8981-49eb-9193-5910a1f6fd33} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{285028f8-201e-4f8f-827b-7381fc181c3e} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{285028f8-201e-4f8f-827b-7381fc181c3e} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6a79cdac-f710-4996-842b-fdc33b785a35} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6a79cdac-f710-4996-842b-fdc33b785a35} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73b8e1fd-331f-4c17-8613-8a3034d3b0ca} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{73b8e1fd-331f-4c17-8613-8a3034d3b0ca} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77f8c945-4b74-4bd6-a073-e0d1997edce8} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{77f8c945-4b74-4bd6-a073-e0d1997edce8} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5a318c1-d1d9-41f0-85fe-41cc9fb25e75} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c5a318c1-d1d9-41f0-85fe-41cc9fb25e75} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07BA1DA9-F501-4796-8728-74D1B91A6CD5} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6B1F6086-A57F-4F46-97CA-3E73F3FBB7BE} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7CAF8555-C554-4880-ABED-E0643C08FD88} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6d010537-9e99-400b-b652-b0d5a5757e5d} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{282b0e54-8981-49eb-9193-5910a1f6fd33} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{282b0e54-8981-49eb-9193-5910a1f6fd33} deleted successfully HKEY_CLASSES_ROOT\CLSID\{282b0e54-8981-49eb-9193-5910a1f6fd33} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{282b0e54-8981-49eb-9193-5910a1f6fd33} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{282b0e54-8981-49eb-9193-5910a1f6fd33} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{282b0e54-8981-49eb-9193-5910a1f6fd33} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{285028f8-201e-4f8f-827b-7381fc181c3e} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{285028f8-201e-4f8f-827b-7381fc181c3e} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6a79cdac-f710-4996-842b-fdc33b785a35} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a79cdac-f710-4996-842b-fdc33b785a35} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{73b8e1fd-331f-4c17-8613-8a3034d3b0ca} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73b8e1fd-331f-4c17-8613-8a3034d3b0ca} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{77f8c945-4b74-4bd6-a073-e0d1997edce8} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c5a318c1-d1d9-41f0-85fe-41cc9fb25e75} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{07BA1DA9-F501-4796-8728-74D1B91A6CD5} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{6d010537-9e99-400b-b652-b0d5a5757e5d} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c5a318c1-d1d9-41f0-85fe-41cc9fb25e75} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{282b0e54-8981-49eb-9193-5910a1f6fd33} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{282b0e54-8981-49eb-9193-5910a1f6fd33} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{77f8c945-4b74-4bd6-a073-e0d1997edce8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{c5a318c1-d1d9-41f0-85fe-41cc9fb25e75} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{f41a56d2-7b52-4d16-812c-a63c6ca9d4c5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{265EEE8E-3228-44D3-AEA5-F7FDF5860049} deleted successfully ==== Running Processes ====================== C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe C:\Program Files (x86)\Music App\Datamngr\DatamngrCoordinator.exe C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe C:\Program Files (x86)\Music App\Datamngr\DatamngrCoordinator.exe C:\Program Files (x86)\Music App\Datamngr\DatamngrUI.exe C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe C:\Windows\system32\hasplms.exe C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE C:\PROGRA~2\OnlineMapFinder_9p\bar\1.bin\9pbarsvc.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\fssm32.exe C:\Users\Theo\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DatamngrCoordinator deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OnlineMapFinder_9pService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\OnlineMapFinder_9pService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622 deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions ---- FireFox user.js and prefs.js backups ---- user_20-11-2014_1613_.backup prefs_20-11-2014_1613_.backup ProfilePath: C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0 ---- FireFox user.js and prefs.js backups ---- user_20-11-2014_1613_.backup prefs_20-11-2014_1613_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{282b0e54-8981-49eb-9193-5910a1f6fd33}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{282b0e54-8981-49eb-9193-5910a1f6fd33}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{285028f8-201e-4f8f-827b-7381fc181c3e}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a79cdac-f710-4996-842b-fdc33b785a35}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73b8e1fd-331f-4c17-8613-8a3034d3b0ca}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9f16d8b-81b5-4667-af4d-25365bbf7fc9}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iMesh] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnlineMapFinder Home Page Guard 64 bit] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnlineMapFinder Search Scope Monitor] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "OnlineMapFinder Search Scope Monitor"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe] ==== Deleting Files \ Folders ====================== C:\PROGRA~3\{12AACD5D-4833-4218-BE1B-018803F7BA1D} not found C:\PROGRA~3\{B1148819-B88A-4DDE-A988-CA8093A887F4} not found C:\PROGRA~3\Conduit deleted C:\Program Files (x86)\SaveSense deleted C:\Program Files (x86)\Vuze_Remote deleted C:\Program Files (x86)\midicair deleted C:\PROGRA~3\14214 deleted C:\Users\Theo\AppData\LocalLow\Conduit deleted C:\Users\Theo\AppData\LocalLow\midicair deleted C:\Users\Theo\AppData\LocalLow\Vuze_Remote deleted C:\PROGRA~2\TornTV.com deleted C:\PROGRA~2\GUT6C99.tmp deleted C:\PROGRA~2\GUM6C98.tmp deleted C:\PROGRA~2\Music Toolbar deleted C:\PROGRA~2\DealPly deleted C:\PROGRA~2\DealPlyLive deleted C:\PROGRA~2\SopCast deleted C:\PROGRA~2\BearShare Applications deleted C:\PROGRA~2\iMesh Applications deleted C:\PROGRA~2\FreeHDSport.TV deleted C:\PROGRA~2\MyPC Backup deleted C:\PROGRA~2\Conduit deleted C:\Users\Theo\AppData\Roaming\WB.CFG deleted C:\Users\Theo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk deleted C:\Users\Theo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\iMesh.lnk deleted C:\Users\Theo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iMesh.lnk deleted C:\Users\Theo\AppData\Roaming\Open Download Manager deleted C:\Users\Theo\AppData\Roaming\BabSolution deleted C:\Users\Theo\AppData\Roaming\Dealply deleted C:\Users\Theo\AppData\Roaming\Registry Mechanic deleted C:\Users\Theo\AppData\Roaming\Systweak deleted C:\Users\Theo\AppData\Roaming\pdfforge deleted C:\Users\Theo\AppData\Roaming\OpenCandy deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\Datamngr deleted C:\PROGRA~3\Registry Helper deleted C:\PROGRA~3\eSafe deleted C:\PROGRA~3\Partner deleted C:\PROGRA~3\boost_interprocess deleted C:\PROGRA~3\DealPlyLive deleted C:\PROGRA~3\DSearchLink deleted C:\PROGRA~3\OberonGameConsole deleted C:\PROGRA~3\iMesh deleted C:\Users\Theo\AppData\Local\Wajam deleted C:\Users\Theo\AppData\Local\DealPlyLive deleted C:\Users\Theo\AppData\Local\IAC deleted C:\Users\Theo\AppData\Local\BearShare deleted C:\Users\Theo\AppData\Local\Systweak deleted C:\Users\Theo\AppData\Local\iMesh deleted C:\Users\Theo\AppData\Local\cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Cleaner deleted C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com deleted C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense deleted C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk deleted C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Windows\SysNative\roboot64.exe deleted C:\Users\Theo\AppData\LocalLow\SkwConfig.bin deleted C:\Users\Theo\AppData\LocalLow\searchresultstb deleted C:\Users\Theo\AppData\LocalLow\imeshmusicboxtoolbar181 deleted C:\Users\Theo\AppData\LocalLow\FreeHDSport TV deleted C:\Users\Theo\AppData\LocalLow\IAC deleted C:\Users\Theo\AppData\LocalLow\mediabarbs deleted C:\Users\Theo\AppData\LocalLow\mediabarim deleted C:\Users\Theo\AppData\LocalLow\wincoreimband deleted C:\Users\Theo\AppData\LocalLow\Delta deleted C:\Users\Theo\AppData\LocalLow\DataMngr deleted C:\Users\Theo\AppData\LocalLow\PriceGong deleted C:\windows\SysNative\tasks\ASP deleted C:\END deleted C:\Windows\Syswow64\sho2474.tmp deleted C:\Windows\Syswow64\sho4DA.tmp deleted C:\Windows\Syswow64\sho6C3A.tmp deleted C:\Windows\Syswow64\shoAC6B.tmp deleted C:\Windows\Syswow64\shoB56B.tmp deleted C:\Windows\Syswow64\shoBB1C.tmp deleted C:\Windows\Syswow64\shoC32.tmp deleted C:\Windows\Syswow64\shoE30F.tmp deleted C:\Windows\Syswow64\RegistryHelperLM.ocx deleted C:\Windows\SysWow64\searchplugins deleted C:\Windows\SysWow64\Extensions deleted C:\Users\Theo\iLividSetup-r394-n-bo.exe deleted C:\Users\Theo\jre-7u10-windows-x64.exe deleted C:\Users\Theo\setup.exe deleted C:\Users\Theo\SopCast-3.5.0.exe deleted C:\Users\Theo\spotnet181-Duken-nl.exe deleted C:\Users\Theo\spotnet_v1811.exe deleted C:\Users\Theo\VLC_Media_Player.exe deleted C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\9pffxtbr@OnlineMapFinder_9p.com deleted C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions\9pffxtbr@OnlineMapFinder_9p.com deleted C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0\extensions\j2ffxtbr@SoccerInferno.com deleted "C:\Windows\Installer\a90902b.msi" deleted "C:\Users\Theo\AppData\Local\{B4F2FB4C-30ED-4A20-B209-3CD95B82479D}" deleted "C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\AppIntegrator64.exe" deleted "C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\AppIntegratorStub64.dll" deleted "C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\Hpg64.dll" deleted "C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin\T8RES.DLL" deleted "C:\Program Files (x86)\Music App\Datamngr\apcrtldr.dll" not deleted "C:\Program Files (x86)\Music App\Datamngr\Datamngr.dll" not deleted "C:\Program Files (x86)\Music App\Datamngr\DatamngrCoordinator.exe" not deleted "C:\Program Files (x86)\Music App\Datamngr\DatamngrUI.exe" not deleted "C:\Program Files (x86)\Music App\Datamngr\favicon.ico" not deleted "C:\Program Files (x86)\Music App\Datamngr\Helper.dll" not deleted "C:\Program Files (x86)\Music App\Datamngr\IEBHO.dll" not deleted "C:\Program Files (x86)\Music App\Datamngr\Internet Explorer Settings.exe" not deleted "C:\Program Files (x86)\Music App\Datamngr\mgrldr.dll" not deleted "C:\Program Files (x86)\Music App\Datamngr\setmgrc2.cfg" not deleted "C:\Program Files (x86)\Music App\Datamngr\Uninstall.exe" not deleted "C:\Program Files (x86)\Music App\Datamngr\x64\apcrtldr.dll" not deleted "C:\Program Files (x86)\Music App\Datamngr\x64\Datamngr.dll" not deleted "C:\Program Files (x86)\Music App\Datamngr\x64\IEBHO.dll" not deleted "C:\Program Files (x86)\Music App\Datamngr\x64\Internet Explorer Settings.exe" not deleted "C:\Program Files (x86)\Music App\Datamngr\x64\mgrldr.dll" not deleted "C:\Program Files (x86)\Music App\Datamngr\x64\setmgrc2.cfg" not deleted "C:\Program Files (x86)\OnlineMapFinder_9p" not deleted "C:\Program Files (x86)\Music App" not deleted "C:\Program Files (x86)\OnlineMapFinder_9p\bar" not deleted "C:\Program Files (x86)\OnlineMapFinder_9p\bar\1.bin" not deleted "C:\Program Files (x86)\Music App\Datamngr" not deleted "C:\Program Files (x86)\Music App\Datamngr\x64" not deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3561 MB CPU Info: AMD A6-3400M APU with Radeon(tm) HD Graphics CPU Speed: 1420,6 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: AMD Radeon HD 6520G | AMD Radeon HD 6520G | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller | Microsoft Virtual WiFi Miniport Adapter | Atheros AR9285 Wireless Network Adapter CD / DVD Drives: 1x (E: | ) E: MATSHITADVD-RAM UJ8B0 Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 200,3GB | D: 240,5GB | Q: 0,0MB Hard Disks - Free: C: 77,0GB | D: 100,2GB | Q: 0,0MB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 07/05/11 | _ASUS_ - 1072009 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK Computer Inc. K73TA Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Basis On-access scanning disabled (Outdated) Anti-Spyware: Basis disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Opera Internet Browser 25.0.1614.71 Internet Explorer Version: 11.0.9600.17420 Opera Browser version: 25.0.1614.71 Adobe Reader version: 10.1.12.15 Sun Java version: 1.8.0_25 (32-bit) Sun Java version: 1.8.0_25 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Theo\AppData\Local\Temp ==== 2014-11-20 13:15:54 3A467FC7D05145F25706867A0CFC1D13 14760 ----a-w- C:\Users\Theo\AppData\Local\Temp\AcDeltree.exe 2014-11-20 13:09:16 908A9863355AF5EB5FF317BB0D6EB4CF 1977168 ----a-w- C:\Users\Theo\AppData\Local\Temp\FNP_ACT_InstallerCA.dll 2014-11-18 14:57:03 EB4686F6F4BE2B00AA40978D551F66C4 43008 ------w- C:\Users\Theo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphjk0vq.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2014-11-20 13:45:11 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-11-12 09:10:27 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2014-11-12 09:10:11 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2014-11-12 09:10:10 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2014-11-12 09:10:10 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2014-11-12 09:09:19 5D5640C34C4A97467F77489DBB157568 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 09:09:18 B6273619A3DF28F03B64E911E45A6AB2 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2014-11-12 09:09:17 A6E51BDCB8F4B84E874F918F0452763D 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 09:09:16 FB56C76FEA44693752BD99D7D9930ABA 341168 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 09:09:15 4772DB007FFBD4BBE3F526704BCA67FE 1310208 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2014-11-12 09:09:14 843BD9DAF03ABB6761DEE6D155301F28 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 09:09:13 66F4FFDBCD501260ABC198317D2B0D10 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 09:09:13 26EE6C9780A8FC872C60F9E35D7EBD4B 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 09:09:12 93074C4FA92A8399404D032F6AF72C1B 19781632 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2014-11-12 09:09:10 5972510EF1C6097D9C14C17387A5EDB2 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 09:09:09 5E01004CBC35A78FE2AB4016CCAD4760 708096 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 09:09:09 19D68FDEE62519C5A0387EB4E88A01EF 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2014-11-12 09:09:08 7748B3DDDC92C7FC11F7462DB872E8E7 2051072 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 09:09:07 FA310BD4A5DE904445DDDE54C5A654F2 2277376 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2014-11-12 09:09:05 8A46404AC1AEB22AA2D4C906D0FC86C2 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 09:09:04 6DDC0F44A70976C492CB1666BA9A7912 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 09:09:04 4F8CD74CD69A94ED1A5D7E837A356F4E 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 09:09:03 A1A2EE55A2C69F79AED00973E604B9C4 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 09:09:02 8585BC27224F97458C186AA085B754A7 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2014-11-12 09:09:01 36EE0A2A981617610F921BCBB997DB06 12819456 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2014-11-12 09:08:56 AE39939F1E25401B9A4952A7A8D372AC 4298240 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2014-11-12 09:08:56 4169C6A6613856D69224498620F0C2B5 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-12 09:08:55 9ED3132B7F0D36FA9911721E8B2CB968 501248 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2014-11-12 09:08:54 6DD7D61A8EF3DFEC4FAEFEB395E77424 1892864 ----a-w- C:\Windows\SysWOW64\wininet.dll 2014-11-12 09:08:53 755D0A90CFC4BCB178D7070B0351F0AE 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-12 09:08:49 139E85C4E5DF322AE1BF6544D8C32B0A 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2014-11-12 09:08:23 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2014-11-12 09:08:22 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 09:08:18 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 09:08:11 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 09:08:09 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 09:08:09 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 09:07:34 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 09:07:34 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2014-11-12 09:07:32 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 09:07:32 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2014-11-12 09:07:31 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2014-11-12 09:07:30 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 09:07:28 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2014-11-12 09:06:11 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll 2014-11-12 09:05:48 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll 2014-11-12 09:05:18 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2014-11-20 12:52:03 856CB5D90AE80EBF971809DEC9B7F549 493208 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT 2014-11-12 09:11:02 F992AAE3F2DF1D7D2A75B681B0C5280E 304640 ----a-w- C:\Windows\Sysnative\generaltel.dll 2014-11-12 09:11:02 9F1FA4F36406693C77CC5779AA7E532D 228864 ----a-w- C:\Windows\Sysnative\aepdu.dll 2014-11-12 09:11:00 6021CF6A11DE9B5FC1BD210B6855C497 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll 2014-11-12 09:10:29 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- C:\Windows\Sysnative\termsrv.dll 2014-11-12 09:10:27 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2014-11-12 09:10:27 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- C:\Windows\Sysnative\adtschema.dll 2014-11-12 09:10:11 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2014-11-12 09:09:18 7293701905DF1F40760C851F20DDC9EC 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2014-11-12 09:09:18 1F3794CE1AEA5DA12ACF90210EAE4ECB 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2014-11-12 09:09:17 854B230F5D77486B67D809FFB8A10C7E 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2014-11-12 09:09:16 4E47ABA3C6C5032446A2AF7EFD026037 716800 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2014-11-12 09:09:16 26BC4EC95E363DD59171710E22108F15 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2014-11-12 09:09:14 33098C85B789630865CD3F5D22FB0DFC 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2014-11-12 09:09:08 1C216980E7D21100A357B52B3C45F78D 388272 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2014-11-12 09:09:07 56651A76C63DAF2C593F1F767FC8A856 1550336 ----a-w- C:\Windows\Sysnative\urlmon.dll 2014-11-12 09:09:05 E17C34BECCD1388E9B386A9F82F01222 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2014-11-12 09:09:03 C6A719FD0B07B2DD0ADACD07636F4BAD 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2014-11-12 09:09:03 2A1A7F17C906941334C6A67E935F214B 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2014-11-12 09:09:02 1E30BECF0DB35481588FB72C9CF97CA2 800768 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2014-11-12 09:09:00 BD708EBEDB35E474F1A19747154ACC47 799232 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2014-11-12 09:09:00 6507CA9349500A535AF70670F248E525 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2014-11-12 09:08:59 5C9D58591D0091630452B04F35527240 2124288 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2014-11-12 09:08:58 BA4EC6139B8830BBA9CC5D065CA5796C 2884096 ----a-w- C:\Windows\Sysnative\iertutil.dll 2014-11-12 09:08:54 31F2A5ECFD2C75F970A3007ACD5627C7 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2014-11-12 09:08:54 08BCDD6C9E23D00309F359620461DFE8 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2014-11-12 09:08:45 69602F6259598A7837CB83D3608FE293 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2014-11-12 09:08:45 277A4735954F1BF29EE3D138A5251BFE 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2014-11-12 09:08:44 154B8555A118BCFD95F358390E418B00 14390272 ----a-w- C:\Windows\Sysnative\ieframe.dll 2014-11-12 09:08:43 7EE5FBD190BF5B27F7977EA6CBF0DCAC 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2014-11-12 09:08:42 F208D7FB40FD80EA9F123BABF687359C 6040064 ----a-w- C:\Windows\Sysnative\jscript9.dll 2014-11-12 09:08:42 98088A13F65BE35DA3693F264740CEEC 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2014-11-12 09:08:42 7EC80DB959695D4F927D2D601DA59F35 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2014-11-12 09:08:41 B6DC4597FF946B0C8B29650A71F52D4E 580096 ----a-w- C:\Windows\Sysnative\vbscript.dll 2014-11-12 09:08:40 6FC2819A4F80AAB2DADEDFC1EFEE3C3F 2365440 ----a-w- C:\Windows\Sysnative\wininet.dll 2014-11-12 09:08:39 EE3592B010E3F69D141323E592C01A1A 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2014-11-12 09:08:39 4B6D9AB2ECD11AF5F6B1C42D938E0A85 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2014-11-12 09:08:37 BBD6A636AAA65D874F3863280CD8373D 25110016 ----a-w- C:\Windows\Sysnative\mshtml.dll 2014-11-12 09:08:23 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll 2014-11-12 09:08:22 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2014-11-12 09:08:18 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\Windows\Sysnative\IMJP10K.DLL 2014-11-12 09:08:12 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll 2014-11-12 09:08:10 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll 2014-11-12 09:08:10 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll 2014-11-12 09:08:10 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll 2014-11-12 09:08:09 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll 2014-11-12 09:07:36 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\Windows\Sysnative\schannel.dll 2014-11-12 09:07:35 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2014-11-12 09:07:32 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2014-11-12 09:07:32 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2014-11-12 09:07:32 028D99F83CBB31DB7995530B89EA13CF 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2014-11-12 09:07:31 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2014-11-12 09:07:29 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2014-11-12 09:06:11 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll 2014-11-12 09:06:07 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys 2014-11-12 09:05:49 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- C:\Windows\Sysnative\msi.dll 2014-11-12 09:05:19 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll ====== C:\Windows\Sysnative\drivers ===== 2014-11-12 09:10:28 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2014-11-03 18:44:25 91310683D7B6B292B746D60734B59322 206080 ----a-w- C:\Windows\Sysnative\drivers\ssudmdm.sys 2014-11-03 18:44:25 30710AEFCE721CEEE0F35EB6A01C263C 110336 ----a-w- C:\Windows\Sysnative\drivers\ssudbus.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-11-20 10:15:42 -------- d-----w- C:\Program Files\iPod 2014-11-20 10:15:40 -------- d-----w- C:\Program Files\iTunes 2014-11-19 18:02:32 -------- d-----w- C:\Program Files\trend micro 2014-10-23 15:36:39 -------- d-----w- C:\Program Files\gs ======= C:\PROGRA~2 ===== 2014-11-20 13:45:25 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2014-11-20 10:15:40 -------- d-----w- C:\PROGRA~2\iTunes 2014-11-20 09:57:28 -------- d-----w- C:\PROGRA~2\Java 2014-10-23 17:01:22 -------- d-----w- C:\PROGRA~2\EPSViewer ======= C: ===== ====== C:\Users\Theo\AppData\Roaming ====== 2014-11-20 13:03:22 9136858ECB995BE0127B189ECC1849E7 142040 ----a-w- C:\Users\Theo\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-20 10:12:40 -------- d-----w- C:\Users\Theo\AppData\Roaming\Oracle 2014-11-18 20:18:44 -------- d-sh--w- C:\Users\Theo\AppData\Local\EmieBrowserModeList 2014-11-18 20:18:26 -------- d-sh--w- C:\Users\Theo\AppData\Locallow\EmieBrowserModeList 2014-10-22 19:25:38 -------- d-----w- C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-10-22 19:23:16 -------- d-----w- C:\Users\Theo\AppData\Roaming\Dropbox ====== C:\Users\Theo ====== 2014-11-20 13:44:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-20 13:28:53 -------- d-----w- C:\ProgramData\Sun 2014-11-20 13:24:29 92F975B07E65EF3AE67D89A016FDAACC 638888 ----a-w- C:\Users\Theo\Downloads\JavaSetup8u25.com 2014-11-20 10:25:29 3EF4572BE7614F1BC2B28666266DB3C4 4976456 ----a-w- C:\Users\Theo\Desktop\ccsetup419.exe 2014-11-20 10:18:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-11-20 10:15:40 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-11-20 09:57:45 -------- d-----w- C:\ProgramData\Oracle 2014-11-20 09:16:09 E27EDF049C74C967171BF56A0185BAEE 618992 ----a-w- C:\Users\Theo\Downloads\Opera_NI_stable.exe 2014-11-19 18:01:37 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Theo\Downloads\RSITx64.exe 2014-11-18 21:58:53 D39DE79CDFA47E8653ADD98E3CFC97CC 11428372 ----a-w- C:\Users\Theo\Downloads\PCStreams_Setup (1).exe 2014-11-18 21:37:27 D39DE79CDFA47E8653ADD98E3CFC97CC 11428372 ----a-w- C:\Users\Theo\Downloads\PCStreams_Setup.exe 2014-11-18 21:22:33 2FECF810C20333BC11C69C0F1216FE69 11645848 ----a-w- C:\Users\Theo\Downloads\4shared_Desktop_4.0.13.27129.exe 2014-10-23 17:01:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSViewer 2014-10-23 15:37:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript 2014-10-22 19:29:37 -------- d-----r- C:\Users\Theo\Dropbox ====== C: exe-files == 2014-11-20 13:44:16 691D49FB44EDE9788288CABE4F7E0DAF 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2014-11-20 13:44:15 AA3520FB0133A56BEE1DB34D74DBEF64 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2014-11-20 13:44:15 75D477E868CA51EC1B09D730570F322B 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2014-11-20 13:43:52 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe 2014-11-20 13:43:52 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe 2014-11-20 13:43:50 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe 2014-11-20 13:43:50 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe 2014-11-20 13:43:50 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe 2014-11-20 13:43:50 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe 2014-11-20 13:43:49 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe 2014-11-20 13:43:46 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe 2014-11-20 13:43:46 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe 2014-11-20 13:43:44 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe 2014-11-20 13:43:44 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe 2014-11-20 13:43:44 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe 2014-11-20 13:43:44 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe 2014-11-20 13:43:43 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe 2014-11-20 13:43:42 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe 2014-11-20 13:43:34 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe 2014-11-20 13:43:34 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe 2014-11-20 13:43:34 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe 2014-11-20 13:43:34 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe 2014-11-20 13:43:32 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe 2014-11-20 13:43:32 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe 2014-11-20 13:15:54 3A467FC7D05145F25706867A0CFC1D13 14760 ----a-w- C:\Users\Theo\AppData\Local\Temp\AcDeltree.exe 2014-11-20 10:25:29 3EF4572BE7614F1BC2B28666266DB3C4 4976456 ----a-w- C:\Users\Theo\Desktop\ccsetup419.exe 2014-11-20 10:00:57 2BF25BB82936758771C99A2C70754E09 77104 ----a-w- C:\Users\Theo\AppData\Local\Apple\Apple Software Update\SetupAdmin.exe 2014-11-20 10:00:57 2BF25BB82936758771C99A2C70754E09 77104 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 12.0.1.26\SetupAdmin.exe 2014-11-20 09:38:47 AA83C31718B220754BC6F8AF3458C8A9 73336 ----a-w- C:\Program Files (x86)\Opera\25.0.1614.71_0\wow_helper.exe 2014-11-20 09:38:46 EF00EADBD525D9729CF5F25D747F07DA 3190392 ----a-w- C:\Program Files (x86)\Opera\25.0.1614.71_0\opera_autoupdate.exe 2014-11-20 09:38:46 29AEC024F38816DE1AD6597126913A10 500344 ----a-w- C:\Program Files (x86)\Opera\25.0.1614.71_0\opera_crashreporter.exe 2014-11-20 09:38:43 9682D24AD3EB29306C33FF9A9BA884CE 50073208 ----a-w- C:\Program Files (x86)\Opera\25.0.1614.71_0\opera.exe 2014-11-20 09:38:42 949E2B8AAF7D1431F1779298E4AAD6A8 1118328 ----a-w- C:\Program Files (x86)\Opera\25.0.1614.71_0\installer.exe 2014-11-20 09:18:06 AA83C31718B220754BC6F8AF3458C8A9 73336 ----a-w- C:\Program Files (x86)\Opera\25.0.1614.71\wow_helper.exe 2014-11-20 09:18:05 EF00EADBD525D9729CF5F25D747F07DA 3190392 ----a-w- C:\Program Files (x86)\Opera\25.0.1614.71\opera_autoupdate.exe 2014-11-20 09:18:05 29AEC024F38816DE1AD6597126913A10 500344 ----a-w- C:\Program Files (x86)\Opera\25.0.1614.71\opera_crashreporter.exe 2014-11-20 09:18:03 9682D24AD3EB29306C33FF9A9BA884CE 50073208 ----a-w- C:\Program Files (x86)\Opera\25.0.1614.71\opera.exe 2014-11-20 09:18:02 949E2B8AAF7D1431F1779298E4AAD6A8 1118328 ----a-w- C:\Program Files (x86)\Opera\25.0.1614.71\installer.exe 2014-11-20 09:16:09 E27EDF049C74C967171BF56A0185BAEE 618992 ----a-w- C:\Users\Theo\Downloads\Opera_NI_stable.exe 2014-11-19 18:02:40 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Theo.exe 2014-11-19 18:01:37 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Theo\Downloads\RSITx64.exe 2014-11-18 21:58:53 D39DE79CDFA47E8653ADD98E3CFC97CC 11428372 ----a-w- C:\Users\Theo\Downloads\PCStreams_Setup (1).exe 2014-11-18 21:37:27 D39DE79CDFA47E8653ADD98E3CFC97CC 11428372 ----a-w- C:\Users\Theo\Downloads\PCStreams_Setup.exe 2014-11-18 21:22:33 2FECF810C20333BC11C69C0F1216FE69 11645848 ----a-w- C:\Users\Theo\Downloads\4shared_Desktop_4.0.13.27129.exe === C: other files == 2014-11-20 13:43:53 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip 2014-11-20 13:24:29 92F975B07E65EF3AE67D89A016FDAACC 638888 ----a-w- C:\Users\Theo\Downloads\JavaSetup8u25.com 2014-11-18 11:04:43 6E581D4423335153F587FC98D6C9C652 88569 ----a-w- C:\Users\Theo\Downloads\76691_peoplesilhouettesballoons.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "F-Secure Hoster (45123)"="C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe -app -hosterid:1" "F-Secure Manager"="C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE /splash" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [25-09-2014 08:25] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13-04-2011 03:33] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [13-04-2011 03:33] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-877332967-1682096262-2292442786-1001Core.job --a------ C:\Users\Theo\AppData\Local\Google\Update\GoogleUpdate.exe [12-07-2013 21:44] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-877332967-1682096262-2292442786-1001UA.job --a------ C:\Users\Theo\AppData\Local\Google\Update\GoogleUpdate.exe [12-07-2013 21:44] C:\Windows\tasks\RMAutoUpdate.job --a------ C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe [23-07-2012 15:37] C:\Windows\tasks\RMSchedule.job --a------ C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [23-07-2012 15:37] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\ACMON" [C:\Program Files (x86)\ASUS\Splendid\ACMON.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe] "C:\Windows\SysNative\tasks\ASUS P4G" [C:\Program Files\P4G\BatteryLife.exe] "C:\Windows\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe] "C:\Windows\SysNative\tasks\AsusVibeSchedule" ["C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe"] "C:\Windows\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-877332967-1682096262-2292442786-1001Core" [C:\Users\Theo\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-877332967-1682096262-2292442786-1001UA" [C:\Users\Theo\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Launch HTC Sync Loader" [C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe] "C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1398925816" [C:\Program Files (x86)\Opera\launcher.exe] "C:\Windows\SysNative\tasks\RMAutoUpdate" [C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\SULauncher.exe] "C:\Windows\SysNative\tasks\RMSchedule" [C:\Program Files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{FDC5C084-E349-42F0-9EAA-CBF64A669086}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{11D7A3EF-CC33-4A93-87C7-B606FBAA3A6A}" [C:\Program Files (x86)\AutoCAD 2007\acad.exe] "C:\Windows\SysNative\tasks\{23377ED5-5429-4F08-9CFC-DD1FFDA0E761}" [C:\Program Files (x86)\PCLeden6\bin\PCLeden.exe] "C:\Windows\SysNative\tasks\{E35BB15C-25F1-47F7-8A96-4D39056559CC}" [C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFMgr.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "magicplayer@torrentstream.org"="C:\Users\Theo\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org" [25-08-2014 18:32] ==== Firefox Extensions ====================== ExtDir: C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions - FreeHDSport TV 3 - %ExtDir%\fhdp3@freehdsp.tv.xpi ==== Firefox Plugins ====================== ==== Deleted Firefox Extensions ====================== C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\fhdp3@freehdsp.tv.xpi deleted ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions jpmbfleldcgkldadpdinhjjopdfpjfjp - C:\Users\Theo\AppData\Local\Wajam\Chrome\wajam.crx[] nbdbmopeebalgaeghmjoegpkngglikgn - C:\Program Files (x86)\FreeHDSport.TV\freehdsporttv10.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions ochbjojkpcmlfeagbaahkofepalngihg - C:\Users\Theo\AppData\Roaming\TorrentStream\extensions\chrome\magicplayer.crx[12-10-2012 13:18] Ask Toolbar - Theo\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne Docs - Theo\AppData\Local\Torch\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake DropToS - Theo\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo Torch Music - Theo\AppData\Local\Torch\User Data\Default\Extensions\gcjbdjlojcomlphfchhihkigepfabcad FaceLift - Theo\AppData\Local\Torch\User Data\Default\Extensions\gimjmfipknpppbpmkdenjjpfhobiiojk Wajam - Theo\AppData\Local\Torch\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Torch Helper - Theo\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg Torch Music - Theo\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed Hola - Theo\AppData\Local\Torch\User Data\Default\Extensions\pdehmppfilefbolgganhfihpbmjlgebh ==== Chromium Startpages ====================== C:\Users\Theo\AppData\Local\Torch\User Data\Default\Preferences "homepage": "http://home.torchbrowser.com/?systemid=406&appid=394&ua=Torch&clid={E3AFCDD5-634D-4246-BF18-82AE46EB771D}", "urls_to_restore_on_startup": [ "http://home.torchbrowser.com/?systemid=406&appid=394&ua=Torch&clid={E3AFCDD5-634D-4246-BF18-82AE46EB771D}" ] ==== Chromium Fix ====================== C:\Users\Theo\AppData\Local\Torch\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully C:\Users\Theo\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" "Search Bar"="http://feed.snapdo.com/?publisher=Bundlore&dpid=Bundlore&co=NL&userid=b4e61000-3988-a029-a45f-668c099e9472&searchtype=ds&q={searchTerms}&installDate=20/10/2013" "Default_Page_URL"="http://start.qone8.com/?type=hp&ts=1382270367&from=amt&uid=WDCXWD5000BPVT-80HXZT1_WD-WX51A61L6579L6579" "Start Default_Page_URL"="http://isearch.nation.com/ofa2/" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://isearch.nation.com/ofa2/" "Start Default_Page_URL"="http://isearch.nation.com/ofa2/" "Default_Search_URL"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Bar"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Page"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://isearch.nation.com/ofa2/" "Start Default_Page_URL"="http://isearch.nation.com/ofa2/" "Default_Search_URL"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Bar"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Page"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Default_Page_URL"="http://start.qone8.com/?type=hp&ts=1382270367&from=amt&uid=WDCXWD5000BPVT-80HXZT1_WD-WX51A61L6579L6579" "Start Page"="http://isearch.nation.com/ofa2/" "Search Page"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Start Default_Page_URL"="http://isearch.nation.com/ofa2/" "Search Bar"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Default_Page_URL"="http://start.qone8.com/?type=hp&ts=1382270367&from=amt&uid=WDCXWD5000BPVT-80HXZT1_WD-WX51A61L6579L6579" "Start Page"="http://isearch.nation.com/ofa2/" "Search Page"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Start Default_Page_URL"="http://isearch.nation.com/ofa2/" "Search Bar"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=Bundlore&dpid=Bundlore&co=NL&userid=b4e61000-3988-a029-a45f-668c099e9472&searchtype=ds&q={searchTerms}&installDate=20/10/2013" "(Default)"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=Bundlore&dpid=Bundlore&co=NL&userid=b4e61000-3988-a029-a45f-668c099e9472&searchtype=ds&q={searchTerms}&installDate=20/10/2013" "(Default)"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=Bundlore&dpid=Bundlore&co=NL&userid=b4e61000-3988-a029-a45f-668c099e9472&searchtype=ds&q={searchTerms}&installDate=20/10/2013" "(Default)"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://isearch.nation.com/ofa2/" "Start Default_Page_URL"="http://isearch.nation.com/ofa2/" "Default_Search_URL"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Bar"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Page"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://isearch.nation.com/ofa2/" "Start Default_Page_URL"="http://isearch.nation.com/ofa2/" "Default_Search_URL"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Bar"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Page"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Start Page"="http://isearch.nation.com/ofa2/" "Start Default_Page_URL"="http://isearch.nation.com/ofa2/" "Default_Search_URL"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Bar"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Page"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Start Page"="http://isearch.nation.com/ofa2/" "Start Default_Page_URL"="http://isearch.nation.com/ofa2/" "Default_Search_URL"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Bar"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Page"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Start Page"="http://isearch.nation.com/ofa2/" "Start Default_Page_URL"="http://isearch.nation.com/ofa2/" "Search Bar"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" "Search Page"="http://isearch.nation.com/ofa2/search/web?fcoid=417&fcop=topnav&fpid=27&ql=&q=" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.nl/" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{E9DB9E7B-A275-41D1-8158-D0423FBEBDEB}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found" {33BB0A4E-99AF-4226-BDF6-49120163DE86} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found" {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Unknown Url="Not_Found" {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} Google Search Url="http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74CE9187-4B54-4D5D-8FA0-43AB5A007463} deleted successfully HKEY_CLASSES_ROOT\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully HKEY_USERS\S-1-5-21-877332967-1682096262-2292442786-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbdbmopeebalgaeghmjoegpkngglikgn deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\iMesh deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iMesh deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\imeshmusicboxtoolbar181IE deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [F-Secure Hoster (45123)] "C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe" -app -hosterid:1 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - iMesh Inc - C:\Program Files (x86)\Music App\Datamngr\DatamngrCoordinator.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\fshoster32.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Theo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Theo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Theo\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\Theo\AppData\Local\Torch\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2829 folders=374 480375063 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Theo\AppData\Local\Temp will be emptied at reboot C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Theo\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files (x86)\Music App\Datamngr\apcrtldr.dll" not found "C:\Program Files (x86)\Music App\Datamngr\Datamngr.dll" not found "C:\Program Files (x86)\Music App\Datamngr\DatamngrCoordinator.exe" not found "C:\Program Files (x86)\Music App\Datamngr\DatamngrUI.exe" not found "C:\Program Files (x86)\Music App\Datamngr\favicon.ico" not found "C:\Program Files (x86)\Music App\Datamngr\Helper.dll" not found "C:\Program Files (x86)\Music App\Datamngr\IEBHO.dll" not found "C:\Program Files (x86)\Music App\Datamngr\Internet Explorer Settings.exe" not found "C:\Program Files (x86)\Music App\Datamngr\mgrldr.dll" not found "C:\Program Files (x86)\Music App\Datamngr\setmgrc2.cfg" not found "C:\Program Files (x86)\Music App\Datamngr\Uninstall.exe" not found "C:\Program Files (x86)\Music App\Datamngr\x64\apcrtldr.dll" not found "C:\Program Files (x86)\Music App\Datamngr\x64\Datamngr.dll" not found "C:\Program Files (x86)\Music App\Datamngr\x64\IEBHO.dll" not found "C:\Program Files (x86)\Music App\Datamngr\x64\Internet Explorer Settings.exe" not found "C:\Program Files (x86)\Music App\Datamngr\x64\mgrldr.dll" not found "C:\Program Files (x86)\Music App\Datamngr\x64\setmgrc2.cfg" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\Program Files (x86)\OnlineMapFinder_9p" not found "C:\Program Files (x86)\Music App" not found ==== EOF on do 20-11-2014 at 17:10:59,73 ======================