
Zoek.exe v5.0.0.0 Updated 14-December-2014
Tool run by Ricje20 on di 16-12-2014 at 14:45:13,97.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ricje20\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

16-12-2014 14:48:32 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Dungeon Defenders deleted successfully
C:\PROGRA~2\Dungeon Defenders 2 deleted successfully
C:\PROGRA~2\LuckyTab deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\predm deleted successfully
C:\PROGRA~2\Universal Updater deleted successfully
C:\Program Files\010 deleted successfully
C:\Program Files\0B5B57EA-D000-4946-935E-F894CC2B4581 deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\PurpleRain deleted successfully
C:\Users\Ricje20\AppData\Roaming\VOPackage deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2023514836-3265547894-3986284587-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2023514836-3265547894-3986284587-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\STab\ProtectService.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
C:\Program Files (x86)\STab\cmdshell.exe
C:\Program Files (x86)\STab\HPNotify.exe
B:\Games\Steam\Steam.exe
B:\Games\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Users\Ricje20\Desktop\zoek.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UniversalUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UniversalUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.10 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.10 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b786bdb3c67d deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\b786bdb3c67d deleted successfully

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
""=- 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"AVG-Secure-Search-Update_0214c"=- 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 

==== Batch Command(s) Run By Tool======================


De Winsock-catalogus is opnieuw ingesteld.
De computer dient opnieuw te worden opgestart om het opnieuw instellen te voltooien.


==== Deleting Files \ Folders ======================

C:\Users\Ricje20\AppData\Roaming\AVG 0214c Campaign not found
C:\ProgramData\PurpleRain not found
C:\Program Files (x86)\Universal Updater not found
C:\Program Files\0B5B57EA-D000-4946-935E-F894CC2B4581 not found
C:\Program Files\010 not found
C:\Program Files (x86)\LuckyTab not found
C:\Program Files (x86)\Stab deleted
C:\Program Files (x86)\0ca45c95134d deleted
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater deleted
C:\CAVEDOG\TOTALA deleted
C:\Users\Ricje20\AppData\Roaming\Mozilla\Firefox\Profiles\jpcaxgow.default\extensions\avg@toolbar deleted
C:\Users\Ricje20\AppData\Roaming\Mozilla\Firefox\Profiles\jpcaxgow.default\extensions\staged deleted
C:\ProgramData\WindowsMangerProtect deleted
C:\Program Files (x86)\ver0SpeeditUp deleted
C:\Program Files (x86)\f552dd4c52e3 deleted
C:\ProgramData\Avg_Update_1214tb deleted
C:\Users\Ricje20\AppData\Local\AVG Web TuneUp deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\webssearches.xml deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml deleted
C:\PROGRA~2\YouetubeAuduBloocke deleted
C:\PROGRA~2\COMMON~1\AVG Secure Search deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\PROGRA~3\AVG Web TuneUp deleted
C:\PROGRA~3\AVG Security Toolbar deleted
C:\PROGRA~3\YouetubeAuduBloocke deleted
C:\PROGRA~3\IHProtectUpDate deleted
C:\PROGRA~3\AVG Secure Search deleted
C:\Users\Ricje20\AppData\Local\Wondershare deleted
C:\Users\Ricje20\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage deleted
C:\windows\patsearch.bin deleted
C:\windows\SysNative\ColorMedia64.dll deleted
C:\Users\Ricje20\Downloads\avg_free_stb_all_2014_4259_cnet.exe deleted
C:\Users\Ricje20\AppData\LocalLow\AVG Web TuneUp deleted
C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\windows\wininit.ini deleted
C:\windows\SysNative\tasks\0814avUpdateInfo deleted
C:\windows\SysNative\drivers\Msft_Kernel_webinstrNewH_01009.Wdf deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\windows\SysWOW64\ColorMedia.dll deleted
C:\windows\SysWow64\AI_RecycleBin deleted
C:\Users\Ricje20\AppData\Roaming\Mozilla\Firefox\Profiles\jpcaxgow.default\searchplugins\avg-secure-search.xml deleted
"C:\windows\tasks\TA Escalation Updater.job" deleted
"C:\windows\tasks\TA Unofficial Patch Updater.job" deleted
"C:\windows\tasks\TA Zero Updater.job" deleted
"C:\PROGRA~3\455063d41f58fee\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140910230858" deleted
"C:\PROGRA~3\455063d41f58fee\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140910231206" deleted
"C:\PROGRA~3\455063d41f58fee\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20140910230906" deleted
"C:\PROGRA~3\455063d41f58fee\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140910230838" deleted
"C:\PROGRA~3\455063d41f58fee\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140910230848" deleted
"C:\PROGRA~2\AVG Web TuneUp\TBAPI.dll" deleted
"C:\PROGRA~3\455063d41f58fee" deleted
"C:\PROGRA~2\AVG Web TuneUp" not deleted
"C:\PROGRA~3\Package Cache" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8152 MB
CPU Info: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
CPU Speed: 2511,2 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: AMD Radeon HD 7500/7600 Series | AMD Radeon HD 7500/7600 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
CD / DVD Drives: 2x (D: | F: | ) D: TSSTcorpCDDVDW SN-208AB  | F: DTSOFT  BDROM
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  195,3GB
Hard Disks - Free: C:  48,7GB
Manufacturer *: Insyde Corp.
BIOS Info: AT/AT COMPATIBLE | 10/01/13 | TOSASU - 100
Time Zone: West-Europa (standaardtijd)
Motherboard *: Type2 - Board Vendor Name1 Type2 - Board Product Name1
Country: Nederland 
Language: NLD 

==== System Specs (Software) ======================

Anti-Virus: AVG AntiVirus Free Edition 2015 On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2015 disabled (Outdated)
Default Browser: Google Chrome	37.0.2062.120
Internet Explorer Version: 11.0.9600.17501 
Mozilla Firefox version: 27.0.1 (x86 nl)
Google Chrome version: 37.0.2062.120
Adobe Reader version: 10.1.13.16
Sun Java version: 1.8.0_25 (32-bit) 
Sun Java version: 1.8.0_25 (64-bit) 

==== Files Recently Created / Modified ======================

====== C:\windows ====
2014-12-08 12:39:38	205C7DC1263493904FAE5E941C53710E	1007956654	----a-w-	C:\windows\MEMORY.DMP
====== C:\Users\Ricje20\AppData\Local\Temp ====
2073-04-15 15:28:34	0F758635CA714093C2B5B944FC90BCB7	10338672	------w-	C:\Users\Ricje20\AppData\Local\Temp\age3y.exe
2014-12-15 13:30:19	D697094C248048DA4A09499BB54A87D7	105872	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\nsq8B8F.tmp.exe
2014-12-15 13:28:48	A082E5473B2A9A4D846ED7DDF637AC76	8704	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\SpOrder.dll
2014-12-15 13:28:32	F572163A60AEBA25DF769B17C51B656D	627200	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\DCEA6DF4-58E9-6DE0-134A-A7942B70E8D2.exe
2014-12-15 13:28:32	BE88A540775B777F16B51C4ADD832AAC	89088	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\EFBF6C2A-49EF-4455-C4D6-CEE92BE4EC59.dll
2014-12-15 13:28:32	96F85862DBF6C134B69609B117EF8EFF	249856	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\EFBF6C2A-49EF-4455-C4D6-CEE92BE4EC59.exe
2014-12-15 13:28:29	FC7FF72105F3D9DF1101EE9FE1E877CC	5258115	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\Setup0988111.exe
2014-12-15 13:28:29	859B2571598147FC05A25A3F9AEA378E	212520	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\AQWJbuQv5M.exe
2014-12-15 13:28:29	6F04CEDA2E7B1DE6C0DA4B5BDAFFC597	1387792	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\uGf0zqVPGk.exe
2014-12-15 13:28:25	821C4D8963A02B55569ECD8B22406577	298496	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\sdfCC72.exe
2014-12-15 13:28:24	859B2571598147FC05A25A3F9AEA378E	212520	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\EF3fNd15M1.exe
====== Java Cache =====
====== C:\windows\SysWOW64 =====
2014-12-16 13:43:14	A042349B7208BF8BED858B1E9B48B06D	98216	----a-w-	C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-15 14:35:32	4CC244A178D0470F1567D1E4F4E57142	4616	----a-w-	C:\windows\SysWOW64\LavasoftTcpService.ini
2014-12-15 14:35:32	3077254E2F7B523017A99DDC37BEFA33	2448	----a-w-	C:\windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-15 14:35:30	9E269BBFBD18E209E86D805DCC2E8C05	312424	----a-w-	C:\windows\SysWOW64\LavasoftTcpService.dll
2014-12-11 02:02:22	FF0A6E76FAE624AC74780AB008752F98	3209728	----a-w-	C:\windows\SysWOW64\mf.dll
2014-12-11 02:02:22	D17954CA6343F43B62637F51996B4E95	23040	----a-w-	C:\windows\SysWOW64\mfpmp.exe
2014-12-11 02:02:22	60FBCF033FF42A40C916C01A962A8802	50176	----a-w-	C:\windows\SysWOW64\rrinstaller.exe
2014-12-11 02:02:22	52096F5F476733F2E2725CF346FF373B	2048	----a-w-	C:\windows\SysWOW64\mferror.dll
2014-12-11 02:02:22	20257A0BFB824B49055A6EEC29C72C03	103424	----a-w-	C:\windows\SysWOW64\mfps.dll
2014-12-11 00:46:13	E1456E7396022EBE4E5434188D1AC8B0	1230336	----a-w-	C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-11 00:46:00	BB25F69463AD8E7E51B5D9D158B5F8DF	30720	----a-w-	C:\windows\SysWOW64\iernonce.dll
2014-12-11 00:46:00	2EADED07BDA52C1FC5A6D4E1CC5858F0	47616	----a-w-	C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-11 00:45:59	F98B3860BB47089EA8C1504F043E90E9	342200	----a-w-	C:\windows\SysWOW64\iedkcs32.dll
2014-12-11 00:45:59	F34F6DC38A21FCDBB50CDD1EE97B1EA3	1307136	----a-w-	C:\windows\SysWOW64\urlmon.dll
2014-12-11 00:45:59	F25284C763E728E4DAC248C211D1FC5B	76288	----a-w-	C:\windows\SysWOW64\mshtmled.dll
2014-12-11 00:45:59	D7A98A4CEA2E89F544065A00BF37FC10	688640	----a-w-	C:\windows\SysWOW64\msfeeds.dll
2014-12-11 00:45:59	69AC6FD5B0B4DC963723E1EBDEE10A2C	285696	----a-w-	C:\windows\SysWOW64\dxtrans.dll
2014-12-11 00:45:59	2ABC5587D582ACCEA30B4CF968C2A4A5	60416	----a-w-	C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 00:45:59	220505B0B3E96C857DD01729AF0CD369	19749376	----a-w-	C:\windows\SysWOW64\mshtml.dll
2014-12-11 00:45:58	F0BCBD8FCDA145EED53ED66C45CC378B	62464	----a-w-	C:\windows\SysWOW64\iesetup.dll
2014-12-11 00:45:58	EC5A3E4E21079B9D423AA0760828D678	620032	----a-w-	C:\windows\SysWOW64\jscript9diag.dll
2014-12-11 00:45:58	DEB9476A3CD1A5819DD4504BB7C6BA66	2724864	----a-w-	C:\windows\SysWOW64\mshtml.tlb
2014-12-11 00:45:58	543ADCEA31CF9C2B4EEB900D4AAFD0F9	2052096	----a-w-	C:\windows\SysWOW64\inetcpl.cpl
2014-12-11 00:45:58	41AFA61E061E98E97272AC02184C8C2C	710144	----a-w-	C:\windows\SysWOW64\ieapfltr.dll
2014-12-11 00:45:58	01777AB557997E98691E322225314E57	2277888	----a-w-	C:\windows\SysWOW64\iertutil.dll
2014-12-11 00:45:57	D90585C3BE942DAAFBDC868FDC061844	115712	----a-w-	C:\windows\SysWOW64\ieUnatt.exe
2014-12-11 00:45:57	CF9D05678B02B44FBC8D8AD8C9F30D58	478208	----a-w-	C:\windows\SysWOW64\ieui.dll
2014-12-11 00:45:57	B59E370277EDB6643083B62297175628	12836864	----a-w-	C:\windows\SysWOW64\ieframe.dll
2014-12-11 00:45:57	759E2FAD5371512C6679FA346719493E	47104	----a-w-	C:\windows\SysWOW64\jsproxy.dll
2014-12-11 00:45:57	35BD045804B67E78F4CAB72CB820AF7F	418304	----a-w-	C:\windows\SysWOW64\dxtmsft.dll
2014-12-11 00:45:55	F728E7E9937117E0F32F39840EB6D737	4299264	----a-w-	C:\windows\SysWOW64\jscript9.dll
2014-12-11 00:45:55	2E9E105037AC1274656C3D1125323352	1155072	----a-w-	C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-11 00:45:54	930F63D6BC43D4BCD937DFCECDA95F82	168960	----a-w-	C:\windows\SysWOW64\msrating.dll
2014-12-11 00:45:54	5E4E0E43E0A5BF9F089696DFA7A3D677	1888256	----a-w-	C:\windows\SysWOW64\wininet.dll
2014-12-11 00:45:54	37F078B5B435AFC6BF316F2AD14B469A	501248	----a-w-	C:\windows\SysWOW64\vbscript.dll
2014-12-11 00:45:54	29CED1A4777A43526A4ED8A7B6936883	64000	----a-w-	C:\windows\SysWOW64\MshtmlDac.dll
2014-12-11 00:45:04	9EA3783672D21817B9DF1061B54C3B3C	155136	----a-w-	C:\windows\SysWOW64\charmap.exe
2014-12-11 00:45:04	1DE9BD23AFA36150586C732D876D9B74	1177088	----a-w-	C:\windows\SysWOW64\WsmSvc.dll
2014-12-11 00:45:03	B975C202F590BBC5AA63225FBD148791	198656	----a-w-	C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 00:45:03	B6AC69FFBAA159DD5CEED814245A286D	214016	----a-w-	C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-11 00:45:03	5D9A1A3E5824CECE65871C60E5A08A1A	145920	----a-w-	C:\windows\SysWOW64\WsmAuto.dll
2014-12-11 00:45:03	2C28FEC61C4AC68480A99CB7AA197FA9	248832	----a-w-	C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 00:45:01	50C73E54062BA252350F3F29580E28DA	2048	----a-w-	C:\windows\SysWOW64\tzres.dll
2014-12-09 18:52:09	CE264DCB3C45C06F6F04CBB37F9EB948	3540144	----a-w-	C:\windows\SysWOW64\FlashPlayerInstaller.exe
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2014-12-15 14:35:32	FCBDBA47480EE2F60321A91107188ECD	2448	----a-w-	C:\windows\Sysnative\LavasoftTcpServiceOff.ini
2014-12-15 14:35:31	5DEB00F260E8E5D6409F344C71957AFF	358736	----a-w-	C:\windows\Sysnative\LavasoftTcpService64.dll
2014-12-11 02:02:22	AB2EB93A982A2C26BA3E4D2D65328804	24576	----a-w-	C:\windows\Sysnative\mfpmp.exe
2014-12-11 02:02:22	9797A23F773C0782A0D91BEC44054166	206848	----a-w-	C:\windows\Sysnative\mfps.dll
2014-12-11 02:02:22	68E09E7CD4DC52F132A4B492ACE8C243	55808	----a-w-	C:\windows\Sysnative\rrinstaller.exe
2014-12-11 02:02:22	63578DB847FCC40883CB8F303E785D46	2048	----a-w-	C:\windows\Sysnative\mferror.dll
2014-12-11 02:02:21	6E1DDE0E72FB8268F42F6777CE4C5036	4121600	----a-w-	C:\windows\Sysnative\mf.dll
2014-12-11 00:46:28	F0356290BA3940F31AFF5566501495F7	192000	----a-w-	C:\windows\Sysnative\aepic.dll
2014-12-11 00:46:28	D257AF48934D2167BE15AA4008176381	1083392	----a-w-	C:\windows\Sysnative\aeinv.dll
2014-12-11 00:46:28	985558125FEEC89AB4AD142158B066D7	830976	----a-w-	C:\windows\Sysnative\appraiser.dll
2014-12-11 00:46:28	8E64BB62AB3810D3C29ED50C405AD3BD	1232040	----a-w-	C:\windows\Sysnative\aitstatic.exe
2014-12-11 00:46:27	E00981CF227CEEBE7B5A8D99C76D1116	741376	----a-w-	C:\windows\Sysnative\invagent.dll
2014-12-11 00:46:27	DAF13A81A5FC895D68B1D9A72F65F4CB	413184	----a-w-	C:\windows\Sysnative\generaltel.dll
2014-12-11 00:46:27	4253086737D81D7C9C160FDE6C037F44	396800	----a-w-	C:\windows\Sysnative\devinv.dll
2014-12-11 00:46:26	5CD6E919CE938A98AB25A2EA2C8C4EDA	227328	----a-w-	C:\windows\Sysnative\aepdu.dll
2014-12-11 00:46:14	A9A0BFD706B3A24C403EEFEB0790D011	1424384	----a-w-	C:\windows\Sysnative\WindowsCodecs.dll
2014-12-11 00:46:00	0FABE2AB8CA2D5CC7C95798533B4D057	114688	----a-w-	C:\windows\Sysnative\ieetwcollector.exe
2014-12-11 00:45:59	F987718A5CA053DC23E94A531F1754A4	34304	----a-w-	C:\windows\Sysnative\iernonce.dll
2014-12-11 00:45:59	D471F7A428C21DB04D810445D12D68E0	48640	----a-w-	C:\windows\Sysnative\ieetwproxystub.dll
2014-12-11 00:45:59	9F07E8FC75C5F98A783ABFD3005EFC22	77824	----a-w-	C:\windows\Sysnative\JavaScriptCollectionAgent.dll
2014-12-11 00:45:59	39B512C643812FC2D4843C0D4206C759	718848	----a-w-	C:\windows\Sysnative\ie4uinit.exe
2014-12-11 00:45:59	077AEB068A51B396F25BBCAB0944FC3A	2724864	----a-w-	C:\windows\Sysnative\mshtml.tlb
2014-12-11 00:45:58	E7A2061ADF0F4D430FECDA1E8D6B7BA6	1548288	----a-w-	C:\windows\Sysnative\urlmon.dll
2014-12-11 00:45:58	B4E481E9498CE22113628C4E9EA24427	4096	----a-w-	C:\windows\Sysnative\ieetwcollectorres.dll
2014-12-11 00:45:58	5BF0BAA1E5EF724287565E97C9219254	389296	----a-w-	C:\windows\Sysnative\iedkcs32.dll
2014-12-11 00:45:57	EFBA893429814EA3244C87C2D1256618	800768	----a-w-	C:\windows\Sysnative\ieapfltr.dll
2014-12-11 00:45:57	EBC8C9F61F4C148B8C6A28EDE80C51E4	968704	----a-w-	C:\windows\Sysnative\MsSpellCheckingFacility.exe
2014-12-11 00:45:57	23AE7A3B44D5C550B81347288CE3230E	66560	----a-w-	C:\windows\Sysnative\iesetup.dll
2014-12-11 00:45:57	14BA910E7731FC84EB85328BD0F1EE81	800768	----a-w-	C:\windows\Sysnative\msfeeds.dll
2014-12-11 00:45:57	0AF0AEF0BA9EF6169E61C78504DCAE55	316928	----a-w-	C:\windows\Sysnative\dxtrans.dll
2014-12-11 00:45:56	3FE71E2A5BD3EC652E64FC8BCEFEDD2C	2125312	----a-w-	C:\windows\Sysnative\inetcpl.cpl
2014-12-11 00:45:55	982B871A25B5078093FAD82D0AB0E3FC	2885120	----a-w-	C:\windows\Sysnative\iertutil.dll
2014-12-11 00:45:54	F7CCA58B973FB5EAED8D1F12DD3E51F6	490496	----a-w-	C:\windows\Sysnative\dxtmsft.dll
2014-12-11 00:45:54	DFECAE6D925FBC9078870E16F98C471F	54784	----a-w-	C:\windows\Sysnative\jsproxy.dll
2014-12-11 00:45:54	5F24313333AB409251152CAFADA40015	144384	----a-w-	C:\windows\Sysnative\ieUnatt.exe
2014-12-11 00:45:53	DB10D681314714E0D4623E4C0CF6654A	92160	----a-w-	C:\windows\Sysnative\mshtmled.dll
2014-12-11 00:45:53	8EF01E2EF21D41A23FF70B28179F9ABE	633856	----a-w-	C:\windows\Sysnative\ieui.dll
2014-12-11 00:45:53	7AC115968B8856004920057B2271224C	1359360	----a-w-	C:\windows\Sysnative\mshtmlmedia.dll
2014-12-11 00:45:53	556D271F4243B273EDA353512BF3608A	14412800	----a-w-	C:\windows\Sysnative\ieframe.dll
2014-12-11 00:45:52	8D64466AD12CA5677CD0099C43C58569	6039552	----a-w-	C:\windows\Sysnative\jscript9.dll
2014-12-11 00:45:52	4AF089160FE082E5EA5C4AA72782DCA2	2358272	----a-w-	C:\windows\Sysnative\wininet.dll
2014-12-11 00:45:52	1D294810D3A8A8F722E86AA001F54DCC	580096	----a-w-	C:\windows\Sysnative\vbscript.dll
2014-12-11 00:45:52	17A157A4225CF562202AC71DB8103177	88064	----a-w-	C:\windows\Sysnative\MshtmlDac.dll
2014-12-11 00:45:52	021DFF3CB0ADCD19B3AAA00A650FDEE2	814080	----a-w-	C:\windows\Sysnative\jscript9diag.dll
2014-12-11 00:45:51	D478A4CF07FB8ADF72FB16B88E8030B8	25059840	----a-w-	C:\windows\Sysnative\mshtml.dll
2014-12-11 00:45:51	89296EF4A3729A049DA25B7D67A04078	199680	----a-w-	C:\windows\Sysnative\msrating.dll
2014-12-11 00:45:04	D929ABD465A2DED963DA8B30946A8D5C	2020352	----a-w-	C:\windows\Sysnative\WsmSvc.dll
2014-12-11 00:45:04	5C642B7B0365305451D579F3EFAD57D4	310272	----a-w-	C:\windows\Sysnative\WsmWmiPl.dll
2014-12-11 00:45:04	36E5E9D0400475230A7F57F274B88321	165888	----a-w-	C:\windows\Sysnative\charmap.exe
2014-12-11 00:45:03	FDEB5EE2E4DB9DE9251DDAF6A5BCA070	346624	----a-w-	C:\windows\Sysnative\WSManMigrationPlugin.dll
2014-12-11 00:45:03	9B44CABE3536D0E3BF627176318AAFC9	181248	----a-w-	C:\windows\Sysnative\WsmAuto.dll
2014-12-11 00:45:03	41457C1909F6D1100C0F9B9CFF7960FC	266240	----a-w-	C:\windows\Sysnative\WSManHTTPConfig.exe
2014-12-11 00:45:01	A026998E927FD2095505154CBD72F35B	2048	----a-w-	C:\windows\Sysnative\tzres.dll
====== C:\windows\Sysnative\drivers =====
2014-12-16 13:40:18	33497249626E7787AA5CEA99B226CCA6	94720	----a-w-	C:\windows\Sysnative\drivers\AtihdW76.sys
2014-12-11 00:46:13	70988118145F5F10EF24720B97F35F65	119296	----a-w-	C:\windows\Sysnative\drivers\tdx.sys
====== C:\windows\Tasks ======
2014-12-15 13:29:01	--------	d-----w-	C:\windows\Sysnative\Tasks\PurpleRain
====== C:\windows\Temp ======
======= C:\Program Files =====
2014-12-15 21:07:44	--------	d-----w-	C:\Program Files\trend micro
2014-12-10 14:17:42	--------	d-----w-	C:\Program Files\AMD
2014-12-10 14:16:29	--------	d-----w-	C:\Program Files\ATI
======= C:\PROGRA~2 =====
2014-12-16 13:43:18	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
2014-12-15 14:40:02	--------	d-----w-	C:\PROGRA~2\AMD APP
2014-12-11 23:38:46	--------	d-----w-	C:\PROGRA~2\LOLReplay
2014-12-10 14:18:25	--------	d-----w-	C:\PROGRA~2\AMD AVT
2014-12-05 22:29:27	--------	d-----w-	C:\PROGRA~2\COMMON~1\Skype
======= C: =====
====== C:\Users\Ricje20\AppData\Roaming ======
2014-12-16 13:36:24	--------	d-----w-	C:\windows\sysWoW64\config\systemprofile\AppData\Locallow\Sun
2014-11-26 14:24:24	--------	d-sh--w-	C:\Users\Ricje20\AppData\Local\EmieBrowserModeList
2014-11-26 14:24:21	--------	d-sh--w-	C:\Users\Ricje20\AppData\Locallow\EmieBrowserModeList
====== C:\Users\Ricje20 ======
2014-12-16 13:33:33	3A582BF6FD39DC6A52AAF316126B40BA	638888	----a-w-	C:\Users\Ricje20\Downloads\chromeinstall-8u25.exe
2014-12-15 21:07:09	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Ricje20\Downloads\RSITx64.exe
2014-12-15 14:38:01	66F00EB3FFB35C0C6BF2FA83F2A68EC2	212932152	----a-w-	C:\Users\Ricje20\Downloads\TCA0079100B.exe
2014-12-15 14:20:02	BBB737F106683B90CC466EB601DBD3FC	8107656	----a-w-	C:\Users\Ricje20\Downloads\WebCompanionInstaller.exe
2014-12-15 13:27:07	E750689E486E1C69A8E6FD571A386236	3855736	----a-w-	C:\Users\Ricje20\Downloads\lenovo_thinkvantage_toolbox_windows_7_64_bit_downloader.exe
2014-12-11 23:38:20	B1D1D184F028BCB846481F286D906D55	1528656	----a-w-	C:\Users\Ricje20\Downloads\LOLReplay-0.8.9.16.exe
2014-12-10 14:18:57	--------	d-----w-	C:\ProgramData\ATI
2014-12-10 14:18:25	--------	d-----w-	C:\ProgramData\AMD
2014-12-10 14:18:07	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-08 12:44:18	D5AFB3268EDA4EEB33890E65EC6F15AA	891224	----a-w-	C:\Users\Ricje20\Downloads\amddriverdownloader.exe
2014-12-08 12:24:16	9ED757A283E9FC6ADF598C85BBB41056	286582040	----a-w-	C:\Users\Ricje20\Downloads\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
2014-12-05 22:29:28	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

====== C: exe-files ==
2073-04-15 15:28:34	0F758635CA714093C2B5B944FC90BCB7	10338672	------w-	C:\Users\Ricje20\AppData\Local\Temp\age3y.exe
2014-12-16 13:43:01	AA3520FB0133A56BEE1DB34D74DBEF64	0	----a-we	C:\ProgramData\Oracle\Java\javapath\java.exe
2014-12-16 13:43:01	75D477E868CA51EC1B09D730570F322B	0	----a-we	C:\ProgramData\Oracle\Java\javapath\javaw.exe
2014-12-16 13:43:01	691D49FB44EDE9788288CABE4F7E0DAF	0	----a-we	C:\ProgramData\Oracle\Java\javapath\javaws.exe
2014-12-16 13:42:57	E3E6B18458FFB07CB24D7A0BA77C9FDF	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe
2014-12-16 13:42:57	DC197DCE6325CBAC905DE0D0E3BA3E8E	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe
2014-12-16 13:42:57	BB8C890E3E6372F2720709262BD42BF4	30632	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe
2014-12-16 13:42:57	B719E0F43166037DF46B5CFBE60A5118	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe
2014-12-16 13:42:57	AA3520FB0133A56BEE1DB34D74DBEF64	176552	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe
2014-12-16 13:42:57	A458E2535E46151690E53E2A03FAA711	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe
2014-12-16 13:42:57	9BFAEF308D50779F6B255CB7BA7DCA5A	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe
2014-12-16 13:42:57	7AB1F1B3FB6C3DACA34EA2F988CDF5AC	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe
2014-12-16 13:42:57	75EE99C7F0038C746D82C76221ECA4EF	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe
2014-12-16 13:42:57	75D477E868CA51EC1B09D730570F322B	176552	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
2014-12-16 13:42:57	74713E9C1B01B152DDD3A1A3519A3647	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe
2014-12-16 13:42:57	70E67429D2C011FD0419AF899A8D0D70	68520	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe
2014-12-16 13:42:57	691D49FB44EDE9788288CABE4F7E0DAF	272296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe
2014-12-16 13:42:57	67F763B09F4BC8689E6FA9761E068D74	159656	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe
2014-12-16 13:42:57	57E1F756FAA787623DFCD2C1B2AACC68	51112	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe
2014-12-16 13:42:57	4367C05B0CF5553E71B34F51003D0615	76200	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
2014-12-16 13:42:57	4109C4DB4BD48F5BF8115C7523A6B6F8	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe
2014-12-16 13:42:57	33D2AF53E209DA3E2BA939EB89801DC0	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe
2014-12-16 13:42:57	29E65AC6AFD8A0A9CAA361FF6F7B4886	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe
2014-12-16 13:42:57	28FC00F89631B0F6E1E9CA386FADD566	16296	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe
2014-12-16 13:42:57	26C7F32186B1F0364CD06EA69227A79D	15784	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe
2014-12-16 13:33:33	3A582BF6FD39DC6A52AAF316126B40BA	638888	----a-w-	C:\Users\Ricje20\Downloads\chromeinstall-8u25.exe
2014-12-15 21:27:29	CA727262FE90457CA80F47E3787E56CD	10694192	----a-w-	C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
2014-12-15 21:07:46	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Ricje20.exe
2014-12-15 21:07:09	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Ricje20\Downloads\RSITx64.exe
2014-12-15 14:38:01	66F00EB3FFB35C0C6BF2FA83F2A68EC2	212932152	----a-w-	C:\Users\Ricje20\Downloads\TCA0079100B.exe
2014-12-15 14:34:29	29F1AC77C50FB0E32353340DD560055B	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-2023514836-3265547894-3986284587-1000\$IVSRW9C.exe
2014-12-15 14:20:22	BBB737F106683B90CC466EB601DBD3FC	8107656	----a-w-	C:\$Recycle.Bin\S-1-5-21-2023514836-3265547894-3986284587-1000\$RVSRW9C.exe
2014-12-15 14:20:02	BBB737F106683B90CC466EB601DBD3FC	8107656	----a-w-	C:\Users\Ricje20\Downloads\WebCompanionInstaller.exe
2014-12-15 13:47:16	1E6D338741F00BA5946029253299A3B7	299448	----a-w-	C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFO4HHGY\stormwatch2_0[1].exe
2014-12-15 13:47:14	0903E1ED024CB91F46FCFB2D2BE81E13	479656	----a-w-	C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFO4HHGY\StormWatchSetup[1].exe
2014-12-15 13:30:19	D697094C248048DA4A09499BB54A87D7	105872	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\nsq8B8F.tmp.exe
2014-12-15 13:29:00	8ABC33FD0A238BA15835A5A3C1EA7E4A	2607656	----a-w-	C:\Windows\Temp\0B5B57EA-D000-4946-935E-F894CC2B4581n.exe
2014-12-15 13:28:32	F572163A60AEBA25DF769B17C51B656D	627200	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\DCEA6DF4-58E9-6DE0-134A-A7942B70E8D2.exe
2014-12-15 13:28:32	96F85862DBF6C134B69609B117EF8EFF	249856	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\EFBF6C2A-49EF-4455-C4D6-CEE92BE4EC59.exe
2014-12-15 13:28:29	FC7FF72105F3D9DF1101EE9FE1E877CC	5258115	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\Setup0988111.exe
2014-12-15 13:28:29	FC7FF72105F3D9DF1101EE9FE1E877CC	5258115	----a-w-	C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQGP7II1\Setup[1].exe
2014-12-15 13:28:29	859B2571598147FC05A25A3F9AEA378E	212520	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\AQWJbuQv5M.exe
2014-12-15 13:28:29	6F04CEDA2E7B1DE6C0DA4B5BDAFFC597	1387792	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\uGf0zqVPGk.exe
2014-12-15 13:28:25	821C4D8963A02B55569ECD8B22406577	298496	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\sdfCC72.exe
2014-12-15 13:28:25	821C4D8963A02B55569ECD8B22406577	298496	----a-w-	C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I1J1EPL\OfferInstaller[1].exe
2014-12-15 13:28:24	859B2571598147FC05A25A3F9AEA378E	212520	----a-w-	C:\Users\Ricje20\AppData\Local\Temp\EF3fNd15M1.exe
2014-12-15 13:27:07	E750689E486E1C69A8E6FD571A386236	3855736	----a-w-	C:\Users\Ricje20\Downloads\lenovo_thinkvantage_toolbox_windows_7_64_bit_downloader.exe
2014-12-11 23:38:46	5D099717488063484123446AD57C3991	131783	----a-w-	C:\Program Files (x86)\LOLReplay\uninstall.exe
2014-12-11 23:38:20	B1D1D184F028BCB846481F286D906D55	1528656	----a-w-	C:\Users\Ricje20\Downloads\LOLReplay-0.8.9.16.exe
2014-12-11 02:02:22	D17954CA6343F43B62637F51996B4E95	23040	----a-w-	C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 02:02:22	AB2EB93A982A2C26BA3E4D2D65328804	24576	----a-w-	C:\Windows\System32\mfpmp.exe
2014-12-11 02:02:22	68E09E7CD4DC52F132A4B492ACE8C243	55808	----a-w-	C:\Windows\System32\rrinstaller.exe
2014-12-11 02:02:22	60FBCF033FF42A40C916C01A962A8802	50176	----a-w-	C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 00:46:28	8E64BB62AB3810D3C29ED50C405AD3BD	1232040	----a-w-	C:\Windows\System32\aitstatic.exe
2014-12-11 00:46:28	65536EB5F53B76562BBE0DE332A8BA3C	66216	----a-w-	C:\Windows\System32\CompatTel\diagtrackrunner.exe
2014-12-11 00:46:26	CCEE34CF7D700825AD839FAB298A0129	46760	----a-w-	C:\Windows\System32\CompatTel\wicainventory.exe
2014-12-11 00:46:25	A192555B09BD2A45940D7E449F311AF6	161960	----a-w-	C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-12-11 00:46:00	0FABE2AB8CA2D5CC7C95798533B4D057	114688	----a-w-	C:\Windows\System32\ieetwcollector.exe
2014-12-11 00:45:59	A8A8FD02E3A9264A603892DE1F522166	221184	----a-w-	C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-12-11 00:45:59	39B512C643812FC2D4843C0D4206C759	718848	----a-w-	C:\Windows\System32\ie4uinit.exe
2014-12-11 00:45:58	B7BCC767AC0E76384BCDC292184DD8C8	222720	----a-w-	C:\Program Files\Internet Explorer\ielowutil.exe
2014-12-11 00:45:58	A24BFBAE8B50A6780B68FF3673FAB52F	815280	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-12-11 00:45:58	43CE0C99DBC0F96DB2B7259B0BE0930E	468992	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-12-11 00:45:57	EBC8C9F61F4C148B8C6A28EDE80C51E4	968704	----a-w-	C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-11 00:45:57	D90585C3BE942DAAFBDC868FDC061844	115712	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 00:45:56	C3D17F3199D39A2AB85956A63731F188	484352	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2014-12-11 00:45:55	2A9DA9E7462EBA3F6D2036E8D18FF773	813744	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2014-12-11 00:45:54	5F24313333AB409251152CAFADA40015	144384	----a-w-	C:\Windows\System32\ieUnatt.exe
2014-12-11 00:45:04	9EA3783672D21817B9DF1061B54C3B3C	155136	----a-w-	C:\Windows\SysWOW64\charmap.exe
2014-12-11 00:45:04	36E5E9D0400475230A7F57F274B88321	165888	----a-w-	C:\Windows\System32\charmap.exe
2014-12-11 00:45:03	B975C202F590BBC5AA63225FBD148791	198656	----a-w-	C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 00:45:03	41457C1909F6D1100C0F9B9CFF7960FC	266240	----a-w-	C:\Windows\System32\WSManHTTPConfig.exe
2014-12-11 00:45:01	BE8F985609BE0809B7E29960AC997511	49664	----a-w-	C:\Windows\servicing\GC64\tzupd.exe
2014-12-10 11:47:08	D3AC8B90796EE8EF3B91465664F634A6	7141064	----a-w-	C:\Program Files (x86)\AVG\AVG2015\Notification\Launcher.exe
2014-12-09 18:52:09	CE264DCB3C45C06F6F04CBB37F9EB948	3540144	----a-w-	C:\Windows\SysWOW64\FlashPlayerInstaller.exe
=== C: other files ==
2014-12-16 13:42:57	CE44A9D4918DCDC7CCCF5503BF4D7A3D	14130	----a-w-	C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip
2014-12-16 13:40:18	33497249626E7787AA5CEA99B226CCA6	94720	----a-w-	C:\Windows\System32\drivers\AtihdW76.sys
2014-12-16 13:40:15	33497249626E7787AA5CEA99B226CCA6	94720	----a-w-	C:\Windows\LastGood\system32\drivers\AtihdW76.sys
2014-12-15 13:42:39	4A9530FD5168D58D6D1B58AC33B08DCD	212603682	----a-w-	C:\Users\Ricje20\Downloads\display-20130924150426.zip
2014-12-15 13:28:59	4847D1342D29AAC591C0BCC1C2D41CF9	2503489	----a-w-	C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6T5ZHER\2[1].zip
2014-12-15 13:28:29	3C488F6184107ACBB4EDD1596CBC8BC8	2140117	----a-w-	C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQN3QXTE\1[1].zip
2014-12-11 00:46:13	70988118145F5F10EF24720B97F35F65	119296	----a-w-	C:\Windows\System32\drivers\tdx.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2023514836-3265547894-3986284587-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR"
"Steam"="B:\Games\Steam\steam.exe -silent"
"Web Companion"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2023514836-3265547894-3986284587-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR"
"Steam"="B:\Games\Steam\steam.exe -silent"
"Web Companion"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"SRS Premium Sound HD"="C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe  /f=C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip /h"
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aeria Ignite]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Aeria Ignite"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Aeria Games\\Ignite\\aeriaignite.exe\" silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Akamai NetSession Interface"
"hkey"="HKCU"
"command"="\"C:\\Users\\Ricje20\\AppData\\Local\\Akamai\\netsession_win.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUS EPM tray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EaseUS EPM tray"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\EaseUS\\EaseUS Partition Master 9.3.0\\bin\\EpmNews.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mbot_nl_132]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mbot_nl_132"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\mbot_nl_132\\mbot_nl_132.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcui_exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcui_exe"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe\" /runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Nero\\Nero 11\\Nero BackItUp\\NBAgent.exe\" /WinStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RGSC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RGSC"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe /silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TCrdMain]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TCrdMain"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\FlashCards\\TCrdMain.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Teco]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Teco"
"hkey"="HKLM"
"command"="\"%ProgramFiles%\\TOSHIBA\\TECO\\Teco.exe\" /r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba Registration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Toshiba Registration"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\Registration\\ToshibaReminder.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba TEMPRO]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Toshiba TEMPRO"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Toshiba TEMPRO\\TemproTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ToshibaServiceStation]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ToshibaServiceStation"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\TOSHIBA\\TOSHIBA Service Station\\ToshibaServiceStation.exe /hide:60"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosSENotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosSENotify"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\TOSHIBA HDD SSD Alert\\TosWaitSrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosWaitSrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosWaitSrv"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\TPHM\\TosWaitSrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wondershare Helper Compact.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Wondershare Helper Compact.exe"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\LOLRecorder.lnk"
"backup"="C:\\windows\\pss\\LOLRecorder.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\LOLREP~1\\LOLREC~1.EXE -minimize"
"item"="LOLRecorder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Toshiba Places Icon Utility.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Toshiba Places Icon Utility.lnk"
"backup"="C:\\windows\\pss\\Toshiba Places Icon Utility.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\TOSHIBA\\TOSHIB~2\\TOSDIM~1.EXE "
"item"="Toshiba Places Icon Utility"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Ricje20^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]
"path"="C:\\Users\\Ricje20\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\TRDCReminder.lnk"
"backup"="C:\\windows\\pss\\TRDCReminder.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\TOSHIBA\\TRDCRE~1\\TRDCRE~1.EXE "
"item"="TRDCReminder"


==== Startup Folders ======================

2014-02-03 22:57:40	1262	----a-w-	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
2014-02-03 22:57:40	1262	----a-w-	C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09-12-2014 19:52]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\windows\SysNative\tasks\{247E74C3-2FEE-4032-BC22-0F61D5B73554}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\windows\SysNative\tasks\PurpleRain\PurpleRain3" ["C:\ProgramData\PurpleRain\PurpleRain.exe"]

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{6ABE04B9-0450-020E-1BC5-845679A0AE82}"="C:\Program Files (x86)\ver0SpeeditUp\184.xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Ricje20\AppData\Roaming\Mozilla\Firefox\Profiles\jpcaxgow.default
- SQLite Manager - %ProfilePath%\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ricje20\AppData\Roaming\Mozilla\Firefox\Profiles\jpcaxgow.default
492100C9050D4B6A10EAB7F3AE60A552	- C:\Users\Ricje20\AppData\Roaming\raidcall\plugins\nprcplugin.dll -	Raidcall plugin


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Gast\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Gast\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Gast\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Ricje20\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Ricje20\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

YouTube - Ricje20\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Ricje20\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Ricje20\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Ricje20\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Ricje20\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": [ "http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA", "http://home.sweetim.com/?crg=3.1010000.10011&barid={FAC17B81-BC67-11E1-90A1-E840F2AA0493}", "http://search.babylon.com/?affID=109217&tt=4212_7&babsrc=HP_ss&mntrId=8c15aafb000000000000701a04a95605", "http://nl.msn.com/?pc=UP97&ocid=UP97DHP", "http://istart.webssearches.com/?type=hp&ts=1418650118&from=exp&uid=TOSHIBAXMK5075GSX_32K6PFLZTXX32K6PFLZT", "http://istart.webssearches.com/?type=hppp&ts=1418650146&from=exp&uid=TOSHIBAXMK5075GSX_32K6PFLZTXX32K6PFLZT\t/verysilent /hideuninstall" ],


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Default_Page_URL"="http://istart.webssearches.com/?type=hppp&ts=1418650146&from=exp&uid=TOSHIBAXMK5075GSX_32K6PFLZTXX32K6PFLZT	/verysilent /hideuninstall"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://istart.webssearches.com/web/?type=dspp&ts=1418650146&from=exp&uid=TOSHIBAXMK5075GSX_32K6PFLZTXX32K6PFLZT	/verysilent /hideuninstall&q={searchTerms}"
"Default_Page_URL"="http://istart.webssearches.com/?type=hppp&ts=1418650146&from=exp&uid=TOSHIBAXMK5075GSX_32K6PFLZTXX32K6PFLZT	/verysilent /hideuninstall"
"Start Page"="http://istart.webssearches.com/?type=hppp&ts=1418650146&from=exp&uid=TOSHIBAXMK5075GSX_32K6PFLZTXX32K6PFLZT	/verysilent /hideuninstall"
"Search Page"="http://istart.webssearches.com/web/?type=dspp&ts=1418650146&from=exp&uid=TOSHIBAXMK5075GSX_32K6PFLZTXX32K6PFLZT	/verysilent /hideuninstall&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://istart.webssearches.com/web/?type=dspp&ts=1418650146&from=exp&uid=TOSHIBAXMK5075GSX_32K6PFLZTXX32K6PFLZT	/verysilent /hideuninstall&q={searchTerms}"
"Default_Page_URL"="http://istart.webssearches.com/?type=hppp&ts=1418650146&from=exp&uid=TOSHIBAXMK5075GSX_32K6PFLZTXX32K6PFLZT	/verysilent /hideuninstall"
"Start Page"="http://istart.webssearches.com/?type=hppp&ts=1418650146&from=exp&uid=TOSHIBAXMK5075GSX_32K6PFLZTXX32K6PFLZT	/verysilent /hideuninstall"
"Search Page"="http://istart.webssearches.com/web/?type=dspp&ts=1418650146&from=exp&uid=TOSHIBAXMK5075GSX_32K6PFLZTXX32K6PFLZT	/verysilent /hideuninstall&q={searchTerms}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{85A60A59-D3D8-468F-B598-FB4393789EF4}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{85A60A59-D3D8-468F-B598-FB4393789EF4} Google  Url="https://www.google.nl/search?q={searchTerms}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2023514836-3265547894-3986284587-1000\Software\Mozilla\Firefox\Extensions\{6ABE04B9-0450-020E-1BC5-845679A0AE82} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mbot_nl_132 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
O4 - HKCU\..\Run: [Steam] "B:\Games\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1418737238
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Ricje20\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\636TR2ER will be deleted at reboot
C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6T5ZHER will be deleted at reboot
C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQGP7II1 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Ricje20\AppData\Local\Mozilla\Firefox\Profiles\jpcaxgow.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Ricje20\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1008 folders=418 2892481466 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ricje20\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Ricje20\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\AVG Web TuneUp"  not found
"C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\636TR2ER" not found
"C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6T5ZHER" not found
"C:\Users\Ricje20\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQGP7II1" not found

==== EOF on di 16-12-2014 at 15:16:15,96 ======================