Zoek.exe v5.0.0.0 Updated 17-February-2015 Tool run by Vera De Wever on wo 18/02/2015 at 14:03:26,70. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Vera De Wever\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 18/02/2015 14:07:24 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\NewTech Infosystems deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\Babylon deleted successfully C:\Users\Vera De Wever\AppData\Roaming\DigitalSites deleted successfully C:\Users\Vera De Wever\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Vera De Wever\AppData\Roaming\SendSpace deleted successfully C:\Users\Vera De Wever\AppData\Local\Conduit deleted successfully C:\Users\Vera De Wever\AppData\Local\MigWiz deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-4300-76A7-7A786E7484D7} deleted successfully HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-4300-76A7-7A786E7484D7} deleted successfully HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3f7f35b-fce5-4a6a-8b40-4c9e4fd6be55} deleted successfully HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a3f7f35b-fce5-4a6a-8b40-4c9e4fd6be55} deleted successfully HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Internet Explorer\SearchScopes\{763A1E13-DB75-436B-B095-81058A979D20} deleted successfully HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9E284897-CEFE-41E1-84D5-BA8185CEEFD3} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully HKEY_CLASSES_ROOT\CLSID\{4F524A2D-5637-4300-76A7-7A786E7484D7} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4F524A2D-5637-4300-76A7-7A786E7484D7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a3f7f35b-fce5-4a6a-8b40-4c9e4fd6be55} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a3f7f35b-fce5-4a6a-8b40-4c9e4fd6be55} deleted successfully HKEY_CLASSES_ROOT\CLSID\{a3f7f35b-fce5-4a6a-8b40-4c9e4fd6be55} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{a3f7f35b-fce5-4a6a-8b40-4c9e4fd6be55} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3f7f35b-fce5-4a6a-8b40-4c9e4fd6be55} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3f7f35b-fce5-4a6a-8b40-4c9e4fd6be55} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4F524A2D-5637-4300-76A7-7A786E7484D7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4F524A2D-5637-4300-76A7-7A786E7484D7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{4F524A2D-5637-4300-76A7-7A786E7484D7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully ==== Installed Programs ====================== 64 Bit HP CIO Components Installer 7-Zip 9.20 (x64 edition) Acer Crystal Eye Webcam Adobe AIR Adobe Flash Player 16 ActiveX Adobe Flash Player 16 NPAPI Adobe Photoshop CS6 Adobe Reader XI (11.0.10) - Nederlands Adobe Refresh Manager AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Albelli.be Fotoboeken Alcor Micro USB Card Reader ALPS Touch Pad Driver Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar Audio Converter Audio Converter Packages Audio Converter Packages 95 Belgium e-ID middleware 4.0.7 (build 7438) Bonjour Broadcom Gigabit NetLink Controller BufferChm Canon MP250 series MP Drivers CCleaner Copy CyberLink PowerDVD 9 D3DX10 Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition Destinations DeviceDiscovery DocProc Dropbox F300 F300_Help F300Trb FastPictureViewer Professional 1.9.298.0 (64-bit) Fax Goodware Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply Identity Card Intel(R) Graphics Media Accelerator Driver Intel(R) Management Engine Components Intel(R) Rapid Storage Technology iTunes Java 8 Update 31 Java Auto Updater Junk Mail filter update Launch Manager Malwarebytes Anti-Malware versie 2.0.4.1028 MarketResearch Microsoft .NET Framework 4.5.1 Microsoft Antimalware Service NL-NL Language Pack Microsoft Application Error Reporting Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared 64-bit MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Security Client Microsoft Security Client NL-NL Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD Microsoft_VC80_CRT_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 28.0 (x86 nl) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network64 OCR Software by I.R.I.S. 13.0 PDF Settings CS6 Picasa 3 Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft Excel 2010 (KB2956081) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2956066) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Share on Tumblr Shop for HP Supplies Skype Click to Call SkypeT 7.0 SmartWebPrinting SolutionCenter Status Stuurprogrammapakket voor Windows - Fedict SmartCard (02/05/2014 4.0.7.3) Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD Toolbox TotalAudioConverter TrayApp UniDeals UnloadSupport Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition Update for Microsoft Office 2010 (KB2956054) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2956129) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition VLC media player 2.1.3 WebReg WinDjView 2.0.2 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources youtubeadblocker ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Windows\PLFSetI.exe C:\ProgramData\{bde2e32e-fdc6-c690-bde2-2e32efdc8cbb}\9042.exe C:\Users\Vera De Wever\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\SysWOW64\svchost.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Vera De Wever\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\APNMCP deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\VERADE~1\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default ---- Lines BabylonToolbar removed from prefs.js ---- user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); user_pref("extensions.BabylonToolbar.autoRvrt", "false"); user_pref("extensions.BabylonToolbar.dfltLng", "en"); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.ffxUnstlRst", true); user_pref("extensions.BabylonToolbar.id", "9edf5ef30000000000004c0f6e43ffb9"); user_pref("extensions.BabylonToolbar.instlDay", "15741"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.newTab", false); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.rvrt", "false"); user_pref("extensions.BabylonToolbar.smplGrp", "none"); user_pref("extensions.BabylonToolbar.tlbrId", "uninst"); user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=9edf5ef30000000000004c0f6e43ffb9&q="); user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10"); user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1016:31:48"); user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119849&tt=040213_9105_2"); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); ---- Lines BabylonToolbar removed from user.js ---- user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=9edf5ef30000000000004c0f6e43ffb9&q="); user_pref("extensions.BabylonToolbar.id", "9edf5ef30000000000004c0f6e43ffb9"); user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); user_pref("extensions.BabylonToolbar.instlDay", "15741"); user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10"); user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10"); user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1016:31:48"); user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); user_pref("extensions.BabylonToolbar.aflt", "babsst"); user_pref("extensions.BabylonToolbar.smplGrp", "none"); user_pref("extensions.BabylonToolbar.tlbrId", "uninst"); user_pref("extensions.BabylonToolbar.instlRef", "sst"); user_pref("extensions.BabylonToolbar.dfltLng", "en"); user_pref("extensions.BabylonToolbar.excTlbr", false); user_pref("extensions.BabylonToolbar.ffxUnstlRst", true); user_pref("extensions.BabylonToolbar.admin", false); user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119849&tt=040213_9105_2"); user_pref("extensions.BabylonToolbar_i.babExt", ""); user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); user_pref("extensions.BabylonToolbar.autoRvrt", "false"); user_pref("extensions.BabylonToolbar.rvrt", "false"); user_pref("extensions.BabylonToolbar.newTab", false); ---- FireFox user.js and prefs.js backups ---- user_20151802_1432_.backup prefs_20151802_1432_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3f7f35b-fce5-4a6a-8b40-4c9e4fd6be55}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ApnTBMon"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}] [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a3f7f35b-fce5-4a6a-8b40-4c9e4fd6be55}] ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\BabylonToolbar not found "C:\$Recycle.Bin\S-1-5-18\$4be9c2a8d8500162e55b77622f16c645" not found C:\PROGRA~2\UniDeals deleted C:\PROGRA~2\youtubeadblocker deleted C:\PROGRA~2\Share on Tumblr deleted C:\Program Files (x86)\UnniiDealsa deleted C:\PROGRA~3\cmpmcigdogobpapeflincfkenngpnbhn deleted C:\PROGRA~3\17276764796636493230 deleted C:\Users\Vera De Wever\AppData\LocalLow\Conduit deleted C:\PROGRA~2\DealPly deleted C:\PROGRA~2\FoxTabPDFConverter deleted C:\PROGRA~2\Conduit deleted C:\Users\Vera De Wever\AppData\Roaming\WB.CFG deleted C:\Users\Vera De Wever\AppData\Roaming\Fighters\DRIVERfighter deleted C:\Users\Vera De Wever\AppData\Roaming\Funmoods deleted C:\Users\Vera De Wever\AppData\Roaming\Babylon deleted C:\Users\Vera De Wever\AppData\Roaming\DSite deleted C:\PROGRA~3\APN deleted C:\PROGRA~3\Partner deleted C:\PROGRA~3\boost_interprocess deleted C:\PROGRA~3\Fighters\DRIVERfighter deleted C:\PROGRA~3\Tarma Installer deleted C:\Users\Vera De Wever\AppData\Local\AskPartnerNetwork deleted C:\windows\SysNative\Tasks\DSite deleted C:\Users\Vera De Wever\AppData\LocalLow\WiseConvert_B deleted C:\Users\Vera De Wever\AppData\LocalLow\PriceGong deleted C:\Windows\wininit.ini deleted C:\windows\SysNative\tasks\Funmoods deleted C:\windows\SysNative\tasks\Digital Sites deleted C:\Windows\tasks\Digital Sites.job deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\Users\VERADE~1\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\searchplugins\BrowserProtect.xml deleted C:\Users\VERADE~1\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\Invalidprefs.js deleted C:\Users\VERADE~1\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\staged deleted "C:\Users\Vera De Wever\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9042.lnk" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\addon@bazaarfriend.com\chrome.manifest" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\addon@bazaarfriend.com\install.rdf" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\support@bostonmarketone.com\chrome.manifest" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\support@bostonmarketone.com\install.rdf" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}\chrome.manifest" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}\install.rdf" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\chrome.manifest" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\install.rdf" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\addon@bazaarfriend.com\content\bazaarfriend.xul" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\addon@bazaarfriend.com\content\images\32.png" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\addon@bazaarfriend.com\defaults\preferences\defaults.js" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\support@bostonmarketone.com\content\bostonmarketone.xul" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\support@bostonmarketone.com\content\images\32.png" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\support@bostonmarketone.com\defaults\preferences\defaults.js" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}\content\bargainworkbench.xul" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}\content\images\32.png" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}\defaults\preferences\defaults.js" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\content\webtosave.xul" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\content\images\32.png" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\defaults\preferences\defaults.js" deleted "C:\PROGRAM Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\addon@bazaarfriend.com" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\support@bostonmarketone.com" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}" deleted "C:\$Recycle.Bin\S-1-5-21-1355414592-1724769771-2583581791-1001\$4be9c2a8d8500162e55b77622f16c645" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\addon@bazaarfriend.com\content" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\addon@bazaarfriend.com\defaults" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\addon@bazaarfriend.com\content\images" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\addon@bazaarfriend.com\defaults\preferences" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\support@bostonmarketone.com\content" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\support@bostonmarketone.com\defaults" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\support@bostonmarketone.com\content\images" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\support@bostonmarketone.com\defaults\preferences" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}\content" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}\defaults" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}\content\images" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{8eaa2500-4118-4c33-9927-988702ba63bd}\defaults\preferences" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\content" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\defaults" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\content\images" deleted "C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}\defaults\preferences" deleted "C:\$Recycle.Bin\S-1-5-21-1355414592-1724769771-2583581791-1001\$4be9c2a8d8500162e55b77622f16c645\L" deleted "C:\$Recycle.Bin\S-1-5-21-1355414592-1724769771-2583581791-1001\$4be9c2a8d8500162e55b77622f16c645\U" deleted "C:\PROGRAM Files (x86)\AskPartnerNetwork" deleted "C:\PROGRA~2\AskPartnerNetwork" deleted "C:\PROGRA~3\AskPartnerNetwork" deleted "C:\PROGRAM Files (x86)\AskPartnerNetwork\Toolbar" deleted "C:\PROGRAM Files (x86)\AskPartnerNetwork\Toolbar\Updater" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar" deleted "C:\PROGRA~2\AskPartnerNetwork\Toolbar\Updater" deleted ==== Registry Search Results for "$4be9c2a8d8500162e55b77622f16c645" ====================== No instances of string "$4be9c2a8d8500162e55b77622f16c645" found. ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 2805 MB CPU Info: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz CPU Speed: 2454,0 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Broadcom 802.11n-netwerkadapter | Broadcom NetLink (TM) Gigabit Ethernet CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW TS-L633C Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 219,6GB | F: 596,0GB Hard Disks - Free: C: 148,0GB | F: 460,7GB Manufacturer *: Phoenix Technologies LTD BIOS Info: AT/AT COMPATIBLE | 06/21/10 | ACRSYS - 6040000 Time Zone: Romance (standaardtijd) Motherboard *: Acer Aspire 7741 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 40.0.2214.111 Internet Explorer Version: 11.0.9600.17633 Mozilla Firefox version: 28.0 (x86 nl) Google Chrome version: 40.0.2214.111 Adobe Reader version: 11.0.10.32 Sun Java version: 1.8.0_31 (32-bit) Sun Java version: 1.8.0_31 (64-bit) Flash Player version: 16.0.0.305 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\VERADE~1\AppData\Local\Temp ==== 2015-02-18 12:42:08 057631047016A448B842B96E872B132B 43008 ----a-w- C:\Users\Vera De Wever\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyakv2j.dll 2015-02-16 16:51:09 1130412392BDAC84C4A0EFC1E32B5438 1097216 ----a-w- C:\Users\Vera De Wever\AppData\Local\Temp\cd0b3232d33\temp\9042.exe 2015-02-16 16:50:55 1130412392BDAC84C4A0EFC1E32B5438 1097216 ----a-w- C:\Users\Vera De Wever\AppData\Local\Temp\9042.exe 2015-02-04 13:58:05 B82994CB256839F3F404CAFB29060EC6 86528 ----a-w- C:\Users\Vera De Wever\AppData\Local\Temp\FastDownload.exe ====== Java Cache ===== 2015-02-14 14:01:52 49FC5FAB892701452611D12595C1C24F 37 ----a-w- C:\Users\Vera De Wever\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\4ad3cb28-59b3d9b04fa8e92076b2776f0fb650caa979622b426c9e61f7c86ebc967e490a-6.0.lap ====== C:\Windows\SysWOW64 ===== 2015-02-12 09:42:43 4FD3763F3917201856B0CBCE310003EA 4300800 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-02-12 09:42:43 01BD2653F2185218837CF4A175617F8A 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-02-11 10:07:36 DDE994E9159497D0D5AB2CDF66D1EAD6 76800 ----a-w- C:\Windows\SysWOW64\wdi.dll 2015-02-11 10:07:20 7C893DBA0A58855A99DA68B751FD223B 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-02-11 10:07:19 B63A6FF4339C9B701A93D3973C7FB6D2 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-02-11 10:07:19 7D94A9161E8432B8521E60E064B1D737 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-02-11 10:07:18 F3F6BE20A03215209B61CA85B4A83E1F 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-02-11 10:07:18 A12D64A94EC57079C2D96A741CB4FF53 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-02-11 10:07:18 3BB446DE24501FEA5FDB9A9DB23A22AE 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-02-11 10:07:17 C256EFD3655EC782F8094E96094E8F9E 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-02-11 10:06:59 E1A4D24281526DDFEA418F729CDA9DC6 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-02-11 10:06:59 D87759889FE7BCAE4461439139E62BAA 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 10:06:59 B0F7BD3492C2D60A70F15AEADCE1E2A6 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-11 10:06:58 3B9EF1B8E154D202D32A7765E2F33554 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 10:06:57 94B1F7CE1AAA5542923E0AD63C4D0050 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-11 10:06:57 8E8137569741D3693F88DDF94CC38C20 1307136 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-02-11 10:06:57 74EA6C792F57E453261DA210C1BCEB53 342712 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 10:06:56 8FBC9680719ACDA9351B67D906C682F4 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 10:06:56 6FA05244FD2E40A3DC08337146B3C425 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 10:06:56 61C74D794C14E9FC94D93F5F0F72A3F9 19740160 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-02-11 10:06:54 47B26D89EF9973E2DD586D0C827F61A9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 10:06:53 FD6AF61AF029B9BC2CF4EFF57CDD5821 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 10:06:53 AD3F5926EC2C1F21FB45D1CDED6E2A47 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 10:06:53 5FB7E9786F70F4072663746072C9E6CE 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-02-11 10:06:52 9A91F9B5035F54C2D0BA92CF9B16EE34 2277888 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-02-11 10:06:52 55A84600EAAF8F1D3F0E6206E2EF6D48 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 10:06:52 28B2D3CB1B4306D476200D80AF7D87AD 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 10:06:51 EF05E63ACC834470A07A2E73D519B5FA 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 10:06:50 994E7459260D315573DD72783D1B78A7 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-02-11 10:06:50 78A1A938D51D4F83A772123B93EE1612 12829184 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-02-11 10:06:45 180168942E4A133C55E7BBF17DA3C142 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-11 10:06:44 F285D499EC42969D963CA49EADA63218 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-02-11 10:06:44 9DEE691C8FDBC2DE6957F1AE873C78FC 503296 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-02-11 10:06:43 6F10743069DFFC56DEE079204960844E 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-02-11 10:06:17 793F6658ED65839FDB2957A4884CB63C 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 10:06:12 F2A743912D404A8866362836CFE7A648 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-02-11 10:06:11 F312300F29620F74E3AF3AF018151935 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-02-11 10:06:11 F29BC66CE4A5507A49FB20744A056E61 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-02-11 10:06:11 4E6934926B4C923CC0FF61C6D77814EF 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-02-11 10:06:11 43791D2F736C4E9BE9FE0B33A1E92A5D 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-02-11 10:06:11 36F152AE2F64B12771A44EA77124332B 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-02-11 10:05:49 0C96A745A76C7DD75C5503E86D968E49 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2015-02-11 10:05:28 A208DAC2932649CFF82A6A684D8BB1F6 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 10:04:43 B3BC38B886CA53C92D52EF724A9F0D45 308224 ----a-w- C:\Windows\SysWOW64\scesrv.dll 2015-02-11 10:04:35 6D227897A458DA8A9518DACDC88F1947 3917760 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 10:04:35 62C93E47A424A8EC79F3CF1719A2DCC6 3972544 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 10:04:31 97B7E7E3356F7F7FE5B948AB3ED707DD 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-02-05 15:47:25 252536AC43206F69B785CD0FDE96D813 5070512 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-02-12 09:42:42 16ACAA0C01F31B39F39446188F6A3593 6041600 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-02-12 09:42:41 D363FBB2D0223956FF61ADBDBF5499B1 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-02-11 10:07:36 D713D6446DDBB474D801F361B4B186EA 950272 ----a-w- C:\Windows\Sysnative\perftrack.dll 2015-02-11 10:07:36 C6F7473B55510F0B93961DA03D8E3B38 91136 ----a-w- C:\Windows\Sysnative\wdi.dll 2015-02-11 10:07:36 AA7079AD52B8BFBAE94167D54C32F84F 29696 ----a-w- C:\Windows\Sysnative\powertracker.dll 2015-02-11 10:07:28 64EAD6C9D342E7E0CFCA3559FCBFDDAC 894976 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-02-11 10:07:28 47709F1B718859ED8AB5EA3EA3974BEB 609280 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-02-11 10:07:27 B5746809407BDEB18D9D4769CD9FF24E 414720 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-02-11 10:07:27 7150E809474BBD4D4AD24B13FA2454E5 1239720 ----a-w- C:\Windows\Sysnative\aitstatic.exe 2015-02-11 10:07:27 5C09611AB8D508CC252BB2D5A069D1AC 1098752 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-02-11 10:07:27 5632EB9633EACCC323CEA2C03A0B4133 762368 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-02-11 10:07:26 7F2F9AACF457CE48CDDBD643FC53487C 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2015-02-11 10:07:25 EF4FA1D31D146EA0C04D16E75FCA6BCF 192000 ----a-w- C:\Windows\Sysnative\aepic.dll 2015-02-11 10:07:20 DDACB408E607655EC64269706BFD504C 341504 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-02-11 10:07:19 C1F9E139B8AE80803CE44DC0377CA342 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-02-11 10:07:19 6A06BCED1DF1CFE8A32E7D10ABAA7188 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-02-11 10:07:19 5350A548BEC957978B7014CDFF091542 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-02-11 10:07:18 A46A6C5AD462071B718EBF3C9E117849 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-02-11 10:07:18 8F33880F1863BE3925D3A0121FAC5E8F 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-02-11 10:07:17 22E30E28865C32C3CF4F4E0E7E277FDC 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-02-11 10:06:59 71EBA93C5322A52A7E177E03E1AE7161 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-02-11 10:06:59 01A314677CC80041A63ED109B56A76B0 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-02-11 10:06:58 68A2B96528F58D995882FBEB4D9658A5 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-02-11 10:06:57 F42B1DAAB5B7621341243878180446CD 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-02-11 10:06:57 92BD5080B81EDFA32B0CEE8B923D62C3 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-02-11 10:06:57 8076BB31004C1D763D5D4AEF9F0BDD4B 718848 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-02-11 10:06:53 1D824B5A200C284E1A546C2C50704471 389808 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-02-11 10:06:52 CB2528D522FF1F5A7BF9B27D2FB250FF 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-02-11 10:06:52 2E4F8664B54426C2F5523665B279E984 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-02-11 10:06:51 DF39C79DFC1C063493D2DB9B3237B29F 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-02-11 10:06:51 97F037E09A706ACDA681D740DEE16AE4 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-02-11 10:06:50 76DB5845E168173BBA2D3CCC4B363E42 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-02-11 10:06:49 512DD29CE6CDCB22EA615286DA7022E7 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-02-11 10:06:48 7A388AFC6885D22F4D988EE9B8D1291A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-02-11 10:06:47 A7A3775B0014B165D75A00A1F632E4B5 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-02-11 10:06:47 15842FB41A3BF2A2F5071518B38C957A 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-02-11 10:06:44 A7814E76ED4ACE0694A83F6E4B6A7272 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-02-11 10:06:44 6916B0663357B183B120D1A4DD7DDAB0 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-02-11 10:06:42 D7922F3AC6BF1EA77240E0061D648174 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-02-11 10:06:42 CA3F410410DE9E5234217D33B9628224 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-02-11 10:06:41 E0F76B5B904E4F448641B2B506496351 14401024 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-02-11 10:06:39 A04F0C4A0B80C92F92E854E7157D6466 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-02-11 10:06:39 4CE68D160D80AF6C9FDB5C60BA087DA5 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-02-11 10:06:37 BF57C911895454A8874E9DFA5716C624 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-02-11 10:06:37 9DFE41A69DF70AAB75CB5BA8C1109EA2 2358272 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-02-11 10:06:36 47162151E35EA0B7152B7C841FA21FDB 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-02-11 10:06:35 4701399F7BA312353ADE8225F6EB512B 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-02-11 10:06:34 CD726C899BD9A398E8420564A957320B 25056256 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-02-11 10:06:18 4861B9AF67E1B0154A55FDE4B3A61EB9 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll 2015-02-11 10:06:12 C97662B6752BFEF07C565D96E8ECC98F 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-02-11 10:06:12 857CED230A6B87E84FCA04B472A3CB1A 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-02-11 10:06:12 6EAD88B508E4785F4AFDFD24F76E8839 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-02-11 10:06:11 E0105F3B5B1C4B0F5B3D788A13504EC6 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-02-11 10:06:11 BE4927689BA39E18A104986CB1363C97 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-02-11 10:06:11 94C6BCF9212E20866AC1558A32E9F228 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-02-11 10:06:11 51BB93FF96AE3882B4AF7CA11000D3A3 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-02-11 10:06:11 2EE57F4491A402C04FCAA7D012493884 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-02-11 10:06:11 1798826FE9FFEA9E93E74A5868559D4A 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-02-11 10:05:49 E5AF792AB409F600D416CB257C84305D 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll 2015-02-11 10:05:28 AE4FEDD98096C09A8A86E021FC5E9D67 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll 2015-02-11 10:04:43 FE72C89986E1BA32AD926A820491F23F 406528 ----a-w- C:\Windows\Sysnative\scesrv.dll 2015-02-11 10:04:38 9819614CA9EFB5A96493B379170B9D89 5554112 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-02-11 10:04:32 F7A3018D8F1825427BC11E912D5287CD 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-02-11 10:04:32 0147AA370862201A443752351F135D31 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-02-11 10:04:31 D6CDCAF84810641D1D2B455750825ACA 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-02-11 10:04:10 DF07110F77639E73D0537188703F44F6 3201536 ----a-w- C:\Windows\Sysnative\win32k.sys ====== C:\Windows\Sysnative\drivers ===== 2015-02-17 23:50:05 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-02-17 23:49:24 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2015-02-17 23:49:23 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-02-11 10:06:12 E45CDE1C8340DFEDF1D6724263F39E5B 458824 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2015-02-11 10:06:12 C60C6B9A2E50B0404F6789C62B428C03 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-02-11 10:06:12 78D152A9FD5747FF6AA89C79F0346F62 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-02-18 11:37:14 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2015-02-18 12:45:41 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-02-16 16:55:37 -------- d-----w- C:\PROGRA~2\SystemRaise ======= C: ===== ====== C:\Users\Vera De Wever\AppData\Roaming ====== ====== C:\Users\Vera De Wever ====== 2015-02-18 12:36:16 6AF69BF32D84229FF9A8904AB8ED28D7 639400 ----a-w- C:\Users\Vera De Wever\Desktop\chromeinstall-8u31.exe 2015-02-18 11:35:57 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Vera De Wever\Desktop\RSITx64.exe 2015-02-16 16:51:07 -------- d-----w- C:\ProgramData\{bde2e32e-fdc6-c690-bde2-2e32efdc8cbb} 2015-02-14 14:37:41 -------- d-----w- C:\ProgramData\Google ====== C: exe-files == 2015-02-18 12:45:13 B0D46640968F989830413EB88F43E0D0 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-02-18 12:45:13 52C8B9FD016E6317FDB151296FF90877 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-02-18 12:45:13 3E72E1AB196855916E2065C604674631 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-02-18 12:45:03 DBB5C8AE19ACFA2857CFB90C7305AC56 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssvagent.exe 2015-02-18 12:45:03 CDB1FE0DCF2ADB755EBF65C8AEBBC871 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\servertool.exe 2015-02-18 12:45:03 8B6DF9CD28359C5E819446FD79CE3948 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\rmiregistry.exe 2015-02-18 12:45:03 7479DA0BED071427A3F0017AC51CC27B 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\unpack200.exe 2015-02-18 12:45:03 577F5DCBA4DE4C345631873670F84E79 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\tnameserv.exe 2015-02-18 12:45:03 0FB2ACAC796B166F6486B593B604A3FF 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\rmid.exe 2015-02-18 12:45:02 F9D744CD9BC58F287F8FA59D32508EDD 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\orbd.exe 2015-02-18 12:45:02 5F7C51E0DCA813D647F14FC12AE675F2 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\policytool.exe 2015-02-18 12:45:02 39685FC75B6FB2144E793595F1AB111D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\pack200.exe 2015-02-18 12:45:01 DA34E76DE9CD93471F24E7BD43139958 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\kinit.exe 2015-02-18 12:45:01 AF82EA1498FEC5C49B8A1AE5AA0A5F6C 77224 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe 2015-02-18 12:45:01 A8884FB8246655C84F110E77DF5E1B4A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\ktab.exe 2015-02-18 12:45:01 69BD74EE834B5629226BF89468B8020B 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\keytool.exe 2015-02-18 12:45:01 2F77C9862B1A2401278C4A5B932DA69D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\klist.exe 2015-02-18 12:45:00 90C02BD6D01BBC1C620323F9E330E89C 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\jjs.exe 2015-02-18 12:45:00 52C8B9FD016E6317FDB151296FF90877 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaws.exe 2015-02-18 12:45:00 3E72E1AB196855916E2065C604674631 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe 2015-02-18 12:44:59 F5EA785B2BCC08DC28CBC2D96E05F2C1 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe 2015-02-18 12:44:59 DF1C8EDDAF14D2960A06A9DF7B2D0A89 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\java-rmi.exe 2015-02-18 12:44:59 B0D46640968F989830413EB88F43E0D0 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\java.exe 2015-02-18 12:44:59 063A1044A451660B159426B9C5E75957 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\bin\jabswitch.exe 2015-02-18 12:36:16 6AF69BF32D84229FF9A8904AB8ED28D7 639400 ----a-w- C:\Users\Vera De Wever\Desktop\chromeinstall-8u31.exe 2015-02-18 11:37:14 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Vera De Wever.exe 2015-02-18 11:35:57 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Vera De Wever\Desktop\RSITx64.exe 2015-02-16 16:51:09 1130412392BDAC84C4A0EFC1E32B5438 1097216 ----a-w- C:\Users\Vera De Wever\AppData\Local\Temp\cd0b3232d33\temp\9042.exe 2015-02-16 16:51:07 1130412392BDAC84C4A0EFC1E32B5438 1097216 ----a-w- C:\ProgramData\{bde2e32e-fdc6-c690-bde2-2e32efdc8cbb}\9042.exe 2015-02-16 16:50:55 1130412392BDAC84C4A0EFC1E32B5438 1097216 ----a-w- C:\Users\Vera De Wever\AppData\Local\Temp\9042.exe 2015-02-14 19:16:43 211F96EB417FF837A70F5130E63A1A45 400840 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_4D9709C1FA1422BA.exe 2015-02-14 19:16:39 E8B7FD67DA14A7BE57A5CB80E3139E60 309704 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe 2015-02-14 19:16:35 4C401FCC6D0C95E1A5D989E403E18F2F 1072072 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_8CA8B41417E66DEB.exe 2015-02-14 19:15:46 107A176FF25E2BA8016A92C301844839 532312 ----a-w- C:\Program Files (x86)\Google\Update\Install\{05CBC773-E66D-4063-B25B-4C18A970026E}\GoogleToolbarInstaller_updater_signed.exe 2015-02-14 19:15:46 107A176FF25E2BA8016A92C301844839 532312 ----a-w- C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.5111.1712\GoogleToolbarInstaller_updater_signed.exe 2015-02-14 14:39:15 A30351F539D71D6199BD2295CC234E96 531424 ----a-w- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe 2015-02-14 14:37:58 5D61BE7DB55B026A5D61A3EED09D0EAD 39408 ----a-w- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2015-02-14 14:37:46 E8B7FD67DA14A7BE57A5CB80E3139E60 309704 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe 2015-02-14 14:37:46 211F96EB417FF837A70F5130E63A1A45 400840 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_64.exe 2015-02-14 14:37:44 4B78E9AE06F7C310E30EE2FA5B7EBC3C 1721296 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_C993F490EED40C1B.exe 2015-02-14 14:37:43 4BEAF576CB43358C4DB9F45AC7C09CDB 194032 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe 2015-02-14 14:37:43 1F2AFAB903C0D48480561F3BBD4539C2 739640 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe 2015-02-14 14:37:32 2040B57C08F7A97E4E44ACB324647CF2 6110688 ----atw- C:\Program Files (x86)\Google\Update\Install\{30D3CEF7-5218-4324-862E-31406393118F}\googletoolbarinstaller_full_signed.exe 2015-02-14 14:37:28 2040B57C08F7A97E4E44ACB324647CF2 6110688 ----atw- C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_full_signed.exe === C: other files == 2015-02-18 12:45:04 3315140254247E248C3531F159C79109 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_31\lib\deploy\ffjcext.zip 2015-02-17 23:50:05 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-02-17 23:49:24 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-02-17 23:49:23 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Windows\CurrentVersion\Run] [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "PLFSetI"="C:\Windows\PLFSetI.exe" "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acer ePower Management] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acer ePower Management" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acrobat Assistant 8.0" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe_ID0EYTHM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe_ID0EYTHM" "hkey"="HKLM" "command"="C:\\PROGRA~2\\COMMON~1\\Adobe\\ADOBEV~1\\Server\\bin\\VERSIO~2.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmIcoSinglun64] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AmIcoSinglun64" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\AmIcoSingLun\\AmIcoSinglun64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BackupManagerTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCSSync" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpqSRMon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpqSRMon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqSRMon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mwlDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mwlDaemon" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\EgisTec MyWinLocker\\x86\\mwlDaemon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Snelle start.lnk] "item"="Adobe Acrobat Snelle start" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Acrobat Snelle start.lnk" "backup"="C:\\Windows\\pss\\Adobe Acrobat Snelle start.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\Windows\\INSTAL~1\\{AC76B~2\\_SC_AC~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] "item"="Adobe Reader Synchronizer" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk" "backup"="C:\\Windows\\pss\\Adobe Reader Synchronizer.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\Adobe\\ACROBA~1.0\\Acrobat\\ADOBEC~1.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] "item"="HP Digital Imaging Monitor" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk" "backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\HP\\DIGITA~1\\bin\\hpqtra08.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] "item"="McAfee Security Scan Plus" "path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk" "backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup" "backupExtension"=".CommonStartup" "command"="C:\\PROGRA~2\\MCAFEE~1\\307523~1.318\\SSSCHE~1.EXE" ==== Startup Folders ====================== 2013-09-26 13:59:05 1165 ----a-w- C:\Users\Vera De Wever\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [05/02/2015 16:47] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/09/2013 14:08] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/09/2013 14:08] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\0" [c:\program files (x86)\internet explorer\iexplore.exe] "C:\Windows\SysNative\tasks\4795" [wscript.exe C:\Users\VERADE~1\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-laptopVera-Vera De Wever" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B6867F10-9701-4EDC-B0D8-DEA8559965B8}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{1981FCA7-8021-4DDA-BA7D-0248D634FF0A}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404] "C:\Windows\SysNative\tasks\{58CB5B4F-73B6-423D-AF97-54A02C690AF6}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/4.1.0.179.367/nl/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded] "C:\Windows\SysNative\tasks\{8664CC0E-DA0B-4A08-9BC8-BA826D635C22}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/4.1.0.179.367/nl/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded] "C:\Windows\SysNative\tasks\{F761ABD0-26EF-46B0-A36C-612B98D06554}" ["C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [06/02/2013 15:57] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [06/02/2013 15:57] ==== Firefox Extensions ====================== ProfilePath: C:\Users\VERADE~1\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default - Undetermined - C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\addon@bazaarfriend.com - Undetermined - C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\support@bostonmarketone.com - Undetermined - C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{8eaa2500-4118-4c33-9927-988702ba63bd} - Undetermined - C:\Users\Vera De Wever\AppData\Roaming\Mozilla\Firefox\Profiles\g6w1ge7d.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976} AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 40.0.2214.111 (Up to date, latest Stable version: 40.0.2214.111) YouTube - Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Share on Tumblr - Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkpjkniknhaojcebeaallaglkmhlcno Google Wallet - Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage deleted successfully C:\Users\Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage-journal deleted successfully C:\Users\Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkpjkniknhaojcebeaallaglkmhlcno deleted successfully C:\Users\Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipkpjkniknhaojcebeaallaglkmhlcno_0.localstorage deleted successfully C:\Users\Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ipkpjkniknhaojcebeaallaglkmhlcno_0.localstorage-journal deleted successfully C:\Users\Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ipkpjkniknhaojcebeaallaglkmhlcno deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" "Default_Page_URL"="http://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7741&r=273601121006l0498z175t5741k469" "Search Page"="http://www.google.com" "Search Bar"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{9E284897-CEFE-41E1-84D5-BA8185CEEFD3}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E284897-CEFE-41E1-84D5-BA8185CEEFD3}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.be/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7" {80c554b9-c7f8-4a21-9471-06d606da78a2} Bing Url="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE" {DCC30FBA-CE68-44A9-A5E3-E7E52373B6CB} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c1fa4f69-a304-4f89-8e17-b4507271d82a} deleted successfully HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c1fa4f69-a304-4f89-8e17-b4507271d82a} deleted successfully HKEY_USERS\S-1-5-21-1355414592-1724769771-2583581791-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c1fa4f69-a304-4f89-8e17-b4507271d82a} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c1fa4f69-a304-4f89-8e17-b4507271d82a} deleted successfully HKEY_CLASSES_ROOT\CLSID\{c1fa4f69-a304-4f89-8e17-b4507271d82a} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c1fa4f69-a304-4f89-8e17-b4507271d82a} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c1fa4f69-a304-4f89-8e17-b4507271d82a} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c1fa4f69-a304-4f89-8e17-b4507271d82a} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11F6D5AB-263F-388E-74DE-E3DECD390E3F} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Vera De Wever\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Vera De Wever\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Vera De Wever\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Vera De Wever\AppData\Local\Mozilla\Firefox\Profiles\g6w1ge7d.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Vera De Wever\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3241 folders=1050 79610461 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Vera De Wever\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\VERADE~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on wo 18/02/2015 at 14:50:50,94 ======================