Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by Sonja on zo 12/04/2015 at 10:59:13,51. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Sonja\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 12/04/2015 11:04:57 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~2\Apowersoft deleted successfully C:\PROGRA~2\DigiDNA deleted successfully C:\PROGRA~2\DLLSuite deleted successfully C:\PROGRA~2\Skype deleted successfully C:\PROGRA~2\VideoLAN deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\Program Files\log deleted successfully C:\PROGRA~3\CanonEPP deleted successfully C:\PROGRA~3\CanonIJEPPEX2 deleted successfully C:\PROGRA~3\CanonIJScan deleted successfully C:\PROGRA~3\ioloGovernor deleted successfully C:\PROGRA~3\Spybot - Search & Destroy deleted successfully C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully C:\Users\Paul\AppData\Roaming\Apple Computer deleted successfully C:\Users\Paul\AppData\Roaming\LastPass deleted successfully C:\Users\Sonja\AppData\Roaming\FileAdvisor deleted successfully C:\Users\Sonja\AppData\Roaming\Google deleted successfully C:\Users\Paul\AppData\Local\HP Quick Start deleted successfully C:\Users\Paul\AppData\Local\VirtualStore deleted successfully C:\Users\Sonja\AppData\Local\com deleted successfully C:\Users\Sonja\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4182331514-222226932-2793567021-1002\Software\Microsoft\Internet Explorer\SearchScopes\{07295BF5-4DEA-4DC9-8B72-A170EC5E1609} deleted successfully HKEY_USERS\S-1-5-21-4182331514-222226932-2793567021-1002\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe c:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\CppWindowsService.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe C:\Program Files (x86)\Multifunctional Wireless Mouse Driver\StartMonitor.exe C:\Program Files (x86)\Multifunctional Wireless Mouse Driver\KMProcess.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Sonja\Downloads\zoek.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\w7t3kbye.default-1410698837574 user.js not found ---- Lines mystart removed from prefs.js ---- user_pref("browser.search.searchengine.alias", "mystartsearch"); user_pref("browser.search.searchengine.iconURL", "http://www.mystartsearch.com/web/favicon.ico"); user_pref("browser.search.searchengine.name", "mystartsearch"); user_pref("browser.search.searchengine.url", "http://www.mystartsearch.com/web/?type=dspp&ts=1428571133&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432 ---- FireFox user.js and prefs.js backups ---- prefs_20151204_1116_.backup ProfilePath: C:\Users\Sonja\AppData\Roaming\Thunderbird\Profiles\ki58jbzj.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20151204_1116_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not found C:\PROGRA~2\Apowersoft not found C:\PROGRA~2\DigiDNA not found C:\PROGRA~2\DLLSuite not found C:\PROGRA~2\Skype not found C:\PROGRA~2\VideoLAN not found C:\Program Files (x86)\WinThruster not found C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found "C:\WINDOWS\Installer\533f6.msi" not found C:\ProgramData\IHProtectUpDate deleted C:\Program Files (x86)\XTab deleted C:\ProgramData\WindowsMangerProtect deleted C:\Users\Sonja\AppData\LocalLow\{7AA944EC-E4DC-206E-11AD-F24F399114F9} deleted C:\Users\Sonja\AppData\LocalLow\{9885AB83-6D68-D12B-B6AC-99D3F2219DF5} deleted C:\Users\Sonja\AppData\LocalLow\{BD48F1B4-AE9A-36AD-ADB5-F33C562F7F19} deleted C:\Users\Sonja\AppData\LocalLow\{E64CEBA3-0428-E130-9CFA-7202C48D2FED} deleted C:\Users\Sonja\AppData\Local\Packages\windows_ie_ac_001\AC\{7AA944EC-E4DC-206E-11AD-F24F399114F9} deleted C:\Users\Sonja\AppData\Local\Packages\windows_ie_ac_001\AC\{9885AB83-6D68-D12B-B6AC-99D3F2219DF5} deleted C:\Users\Sonja\AppData\Local\Packages\windows_ie_ac_001\AC\{BD48F1B4-AE9A-36AD-ADB5-F33C562F7F19} deleted C:\Users\Sonja\AppData\Local\Packages\windows_ie_ac_001\AC\{E64CEBA3-0428-E130-9CFA-7202C48D2FED} deleted C:\Users\Sonja\.android deleted C:\Users\Paul\AppData\Roaming\ProductData deleted C:\Users\Sonja\AppData\Roaming\appdataFr2.bin deleted C:\Users\Sonja\AppData\Roaming\Solvusoft deleted C:\Users\Sonja\AppData\Roaming\bitlord_log.txt deleted C:\Users\Sonja\AppData\Roaming\BitLord deleted C:\Users\Sonja\AppData\Roaming\ProductData deleted C:\PROGRA~3\Micro Application deleted C:\PROGRA~3\ProductData deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\SysNative\roboot64.exe deleted C:\Users\Sonja\Downloads\driver_booster_v2_1_cnet.exe deleted C:\Users\Sonja\AppData\LocalLow\IObit Apps deleted C:\Users\Sonja\AppData\LocalLow\ADSRemoval deleted C:\WINDOWS\wininit.ini deleted C:\WINDOWS\tasks\WinThruster_DEFAULT.job deleted C:\WINDOWS\tasks\WinThruster_UPDATES.job deleted C:\windows\SysNative\tasks\WinThruster deleted C:\windows\SysNative\tasks\WinThruster_DEFAULT deleted C:\windows\SysNative\tasks\WinThruster_UPDATES deleted C:\WINDOWS\SysNative\config\systemprofile\Searches deleted C:\WINDOWS\Syswow64\InstallUtil.InstallLog deleted C:\Users\Sonja\Documents\BitLord deleted "C:\DelFix.txt" deleted "C:\windows\SysNative\SETB13D.tmp" deleted "C:\WINDOWS\Installer\618cdb0.msi" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 6015 MB CPU Info: Intel(R) Core(TM) i5-3330S CPU @ 2.70GHz CPU Speed: 2761,0 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | Intel(R) HD Graphics | NVIDIA GeForce 710A Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Bluetooth-apparaat (Personal Area Network) | Realtek PCIe GBE Family Controller | Broadcom BCM943228HMB 802.11abgn 2x2 Wi-Fi Adapter CD / DVD Drives: 1x (F: | ) F: hp DVD A DS8A9SH Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 914,3GB | D: 14,9GB Hard Disks - Free: C: 781,7GB | D: 1,8GB Manufacturer *: AMI BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1072009 Time Zone: Romance (standaardtijd) Motherboard *: Hewlett-Packard 2AF9 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: Windows Defender On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Default Browser: Google Chrome 41.0.2272.118 Internet Explorer Version: 11.0.9600.17690 Mozilla Firefox version: 36.0.4 (x86 nl) Google Chrome version: 41.0.2272.118 Adobe Reader version: 15.7.20033.133275 Sun Java version: 1.8.0_31 (32-bit) Sun Java version: 1.8.0_31 (64-bit) Flash Player version: 17.0.0.134 ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Sonja\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== 2015-03-31 06:38:25 46DE9C72EE0F23B9AB6A625214C16FE3 1124352 ----a-w- C:\WINDOWS\SysWOW64\msctf.dll ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== 2015-03-31 19:07:16 293C21F0EE9720B9B710DDA40A545CFD 128288 ----a-w- C:\WINDOWS\Sysnative\IObitSmartDefragExtension.dll 2015-03-31 06:38:25 3E9BB985DF2FF26CCE840DE1D24E9381 1385256 ----a-w- C:\WINDOWS\Sysnative\msctf.dll ====== C:\WINDOWS\Sysnative\drivers ===== 2015-03-31 19:07:16 E77CB3736A702D46A6FB15FB4A9894E3 21184 ----a-w- C:\WINDOWS\Sysnative\drivers\SmartDefragDriver.sys ====== C:\WINDOWS\Tasks ====== 2015-04-11 09:39:16 9F3D093A37E3470D70994657C21C5971 3354 ----a-w- C:\WINDOWS\Sysnative\Tasks\Uninstaller_SkipUac_Sonja 2015-04-10 05:10:26 B63AD96D5AB77552EFDB7D2277C3B0CB 3886 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Acrobat Update Task 2015-04-04 04:42:34 B939E91E2D0C58CA1956956FDFAF7C2C 3596 ----a-w- C:\WINDOWS\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4182331514-222226932-2793567021-1005 2015-04-04 04:42:05 C11B6FDA4DEA7FE9A20CD9FCC0F059E0 3354 ----a-w- C:\WINDOWS\Sysnative\Tasks\Uninstaller_SkipUac_Paul 2015-03-31 19:07:16 6E00C2A1541988473944450193CCE5D2 3176 ----a-w- C:\WINDOWS\Sysnative\Tasks\SmartDefrag4_Update 2015-03-20 08:27:36 B1D61C402408BD5F2988A67C5ED66D14 414 ----a-w- C:\WINDOWS\Tasks\HP Photo Creations Communicator.job ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2015-04-10 05:10:50 -------- d-----w- C:\Program Files\Google 2015-03-19 07:46:14 -------- d-----w- C:\Program Files\paint.net ======= C:\PROGRA~2 ===== 2015-04-10 05:09:55 -------- d-----w- C:\PROGRA~2\Adobe ======= C: ===== 2015-03-31 19:02:43 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\asc_rdflag ====== C:\Users\Sonja\AppData\Roaming ====== 2015-04-10 05:23:28 5A6AD703A4E106A25CBE94F04D148A12 2519232 ----a-w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2015-04-09 09:18:02 -------- d-----w- C:\Users\Sonja\AppData\Roaming\PANASONIC NN-CS894SEPG user guide 2015-04-08 16:03:01 -------- d-----w- C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth 2015-04-05 09:21:56 -------- d-----w- C:\Users\Sonja\AppData\Locallow\Google 2015-04-04 04:36:09 -------- d-----w- C:\Users\Paul\AppData\Roaming\Origin 2015-04-04 04:36:03 -------- d-----w- C:\Users\Paul\AppData\Local\Origin 2015-04-04 04:35:52 -------- d-----w- C:\Users\Paul\AppData\Roaming\Local 2015-04-04 04:34:27 -------- d-----w- C:\Users\Paul\AppData\Local\Power2Go8 2015-04-04 04:34:26 -------- d-----w- C:\Users\Paul\AppData\Roaming\ioloGovernor 2015-04-04 04:34:07 -------- d-----w- C:\Users\Paul\AppData\Roaming\Adobe 2015-04-04 04:33:45 -------- d-----w- C:\Users\Paul\AppData\Roaming\iolo 2015-04-04 04:33:38 -------- d-----w- C:\Users\Paul\AppData\Local\NVIDIA Corporation 2015-04-04 04:33:38 -------- d-----w- C:\Users\Paul\AppData\Local\NVIDIA 2015-04-04 04:33:37 -------- d-----w- C:\Users\Paul\AppData\Local\AVerMedia 2015-03-31 12:21:18 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Locallow\Temp 2015-03-20 07:57:35 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft 2015-03-19 07:45:55 -------- d-----w- C:\Users\Sonja\AppData\Local\paint.net 2015-03-19 07:24:21 8DE9F588DFB1641F2C0EA05BD4B60605 218 ----a-w- C:\Users\Sonja\AppData\Local\recently-used.xbel 2015-03-19 07:01:32 -------- d-----w- C:\Users\Sonja\AppData\Roaming\inkscape ====== C:\Users\Sonja ====== 2015-04-12 09:06:36 -------- d-----w- C:\ProgramData\ioloGovernor 2015-04-12 04:27:52 61FFBA8DB97D6F32C87E61123B7A9B49 755142088 ----a-w- C:\Users\Sonja\Downloads\ESDPK-FP02-CraftArtist2-Pro-GB.exe 2015-04-10 11:47:55 C7969516D87176867BD5AE772967006F 3894696 ----a-w- C:\Users\Sonja\Downloads\Setup_WinThruster_2015.exe 2015-04-10 09:43:46 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Sonja\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.146352088366273705.2.2.Run.exe 2015-04-10 09:37:32 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Sonja\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.146352088366273705.2.1.Run.exe 2015-04-10 05:10:44 -------- d-----w- C:\ProgramData\Google 2015-04-09 09:16:49 03CEEC8D84F62FE0C5C076F0332A671B 935864 ----a-w- C:\Users\Sonja\Downloads\PANASONIC NN-CS894SEPG user guide provided through pdfretriever.com.exe 2015-04-04 05:19:09 A163AF12EBC6E30E35E48597E8D46F6C 30424208 ----a-w- C:\Users\Sonja\Downloads\mp68-win-mg5200-1_05-ea24 (7).exe 2015-04-04 04:33:35 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\Paul\ntuser.ini ====== C: exe-files == 2015-04-12 07:01:37 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Sonja\AppData\Local\Microsoft\Windows\INetCache\IE\8P7LLL2V\RSITx64.exe 2015-04-12 05:22:02 F15945323AF428B653330E725EB93B7C 3750512 ----a-w- C:\Program Files (x86)\File Type Advisor\fileadvisor.exe 2015-04-12 05:22:01 4D161E5B816B3B7913C7A58C690E78A9 1177712 ----a-w- C:\Program Files (x86)\File Type Advisor\unins000.exe 2015-04-12 04:27:52 61FFBA8DB97D6F32C87E61123B7A9B49 755142088 ----a-w- C:\Users\Sonja\Downloads\ESDPK-FP02-CraftArtist2-Pro-GB.exe 2015-04-11 04:29:35 D0DBF760E14DD8E073C65894BEBA4559 448352 ----a-w- C:\Users\Sonja\AppData\Local\NVIDIA\NvBackend\Packages\000073e8\CoProc update.19480396.exe 2015-04-11 04:29:35 AC16DE56C389C57D3BAD8FB91C17BF52 5373408 ----a-w- C:\Users\Sonja\AppData\Local\NVIDIA\NvBackend\Packages\000073d3\DAO.19477205.exe 2015-04-10 11:47:55 C7969516D87176867BD5AE772967006F 3894696 ----a-w- C:\Users\Sonja\Downloads\Setup_WinThruster_2015.exe 2015-04-10 09:43:46 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Sonja\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.146352088366273705.2.2.Run.exe 2015-04-10 09:37:32 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\Sonja\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.146352088366273705.2.1.Run.exe 2015-04-10 06:28:28 78206B34BD050DB564BF5B4B8C697925 1617224 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_6F4EEAE8D7FCDAD8.exe 2015-04-10 06:28:24 211F96EB417FF837A70F5130E63A1A45 400840 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_4D9709C1FA1422BA.exe 2015-04-10 06:28:20 E8B7FD67DA14A7BE57A5CB80E3139E60 309704 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_52E818EF81C83A9B.exe 2015-04-10 06:28:16 327C893AA5966AC436CA275F8D64C8C0 1072072 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_BA9226F4C70BECC2.exe 2015-04-10 06:27:16 D15EE16B871FE911D8D7C91FD5F57EBA 532312 ----a-w- C:\Program Files (x86)\Google\Update\Install\{BF31B2FF-D34B-457C-994F-898A60B35D7E}\GoogleToolbarInstaller_updater_signed.exe 2015-04-10 06:27:16 D15EE16B871FE911D8D7C91FD5F57EBA 532312 ----a-w- C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.6227.252\GoogleToolbarInstaller_updater_signed.exe 2015-04-10 05:14:50 A30351F539D71D6199BD2295CC234E96 531424 ----a-w- C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe 2015-04-10 05:10:50 5D61BE7DB55B026A5D61A3EED09D0EAD 39408 ----a-w- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2015-04-10 05:10:50 5D4BC124FAAE6730AC002CDB67BF1A1C 194032 ----a-w- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 2015-04-10 05:10:49 E8B7FD67DA14A7BE57A5CB80E3139E60 309704 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe 2015-04-10 05:10:49 211F96EB417FF837A70F5130E63A1A45 400840 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_64.exe 2015-04-10 05:10:48 1F2AFAB903C0D48480561F3BBD4539C2 739640 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdateSetup_5CC4B0F53D73AD88.exe 2015-04-10 05:10:47 4BEAF576CB43358C4DB9F45AC7C09CDB 194032 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleUpdaterService_B33FC4DD36A473C6.exe 2015-04-10 05:10:41 2040B57C08F7A97E4E44ACB324647CF2 6110688 ----atw- C:\Program Files (x86)\Google\Update\Install\{F8007B0D-093C-4F8F-B561-F226A48B86B2}\googletoolbarinstaller_full_signed.exe 2015-04-10 05:10:39 2040B57C08F7A97E4E44ACB324647CF2 6110688 ----atw- C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\0.0.0.0\googletoolbarinstaller_full_signed.exe 2015-04-09 15:37:02 9AE6D64808CCC61E312D5E93A7A68B6E 675256 ----a-w- C:\Users\Sonja\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2015-04-09 15:36:58 0DEF0E22B19B4BCC66E0C0F91EE00CA8 172984 ----a-w- C:\Users\Sonja\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2015-04-09 09:16:49 03CEEC8D84F62FE0C5C076F0332A671B 935864 ----a-w- C:\Users\Sonja\Downloads\PANASONIC NN-CS894SEPG user guide provided through pdfretriever.com.exe 2015-04-08 16:14:06 DE395ADB369470A953A11B8C300697E2 35680 ----a-w- C:\Program Files\Samsung\Samsung Link\.install4j\i4jdel.exe 2015-04-08 16:14:04 6E5DBE0D641BD6304873EEE83A635533 389984 ----a-w- C:\Program Files\Samsung\Samsung Link\utils\setup.exe 2015-04-08 16:14:03 F72DB23288C49092E31272E4CAF281C8 23392 ----a-w- C:\Program Files\Samsung\Samsung Link\utils\VideoSnapper.exe 2015-04-08 16:14:02 FF91BD7A836556EC8244D0340009A765 1562976 ----a-w- C:\Program Files\Samsung\Samsung Link\utils\SocketTranscoder.exe 2015-04-08 16:13:53 F51C6B5377271E6F317D84FD0230F7CD 607584 ----a-w- C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe 2015-04-08 16:13:53 0BA134F4C582D5C7FEE19599813FE7B6 616288 ----a-w- C:\Program Files\Samsung\Samsung Link\Samsung Link.exe 2015-04-08 16:13:52 6A1B6A55BFECBD7D5FE8E38DB1C6A1EE 607072 ----a-w- C:\Program Files\Samsung\Samsung Link\Samsung Link Stop.exe 2015-04-08 16:13:52 141EA95ED6EB402C86B977840AEAAD94 607072 ----a-w- C:\Program Files\Samsung\Samsung Link\Samsung Link Menu Start.exe 2015-04-08 16:13:52 0177BAF8A5CEB4120449C4AF47755D4C 607072 ----a-w- C:\Program Files\Samsung\Samsung Link\Samsung Link Start.exe 2015-04-08 16:13:50 CD927996F9D87C857C629A627A0E5151 607072 ----a-w- C:\Program Files\Samsung\Samsung Link\InstallerLauncher.exe 2015-04-08 16:13:50 485BC4134AE50051D15AA45A2ACB2B8E 607072 ----a-w- C:\Program Files\Samsung\Samsung Link\uninstall.exe 2015-04-08 16:13:50 2E832495A84677535054C66620D05902 607072 ----a-w- C:\Program Files\Samsung\Samsung Link\ChangeProperty.exe 2015-04-08 15:38:34 FDB6BB53EFDE59ADE652188DB37CF2F9 77104 ----a-w- C:\Users\Sonja\AppData\Local\Apple\Apple Software Update\SetupAdmin.exe 2015-04-06 10:15:19 58A07163780DFCCA0E8F82886750AAB5 787968 ----a-w- C:\Users\Sonja\AppData\Local\Packages\CapsuleDigital.PhotoFunia_yede6ekgzbztc\AC\Microsoft\CLR_v4.0_32\NativeImages\PhotoFunia.Win8\6139486b05da3fd3c8ea37d95c5216f7\PhotoFunia.Win8.ni.exe === C: other files == 2015-04-11 05:26:48 85EFFE9A1785ADE4E529BFBA02E9F9CF 896979 ----a-w- C:\ProgramData\iolo\logs\iolo_bugreport_04_11_2015_07_26.zip 2015-04-11 05:04:01 AC140005381F99CE73A17D2FDC76D310 896976 ----a-w- C:\ProgramData\iolo\logs\iolo_bugreport_04_11_2015_07_04.zip 2015-04-10 06:41:09 11F90306660E7C9996DB8817CEB9AFAF 385 ----a-w- C:\Users\Sonja\AppData\Roaming\Serif\CraftArtist\2.0\Data\AutoCorrectOptions.zip 2015-04-10 06:35:46 BC5A2B2928D2734A2FD5978EB8398BDE 786 ----a-w- C:\Users\Sonja\AppData\Roaming\Serif\CraftArtist\2.0\Data\AutoCorrect.zip 2015-04-10 05:48:11 DB9467F30A358F2CA900F79D9F3FF454 5011 ----a-w- C:\Users\Sonja\AppData\Roaming\Serif\PagePlus\15.0\Data\ColourSchemes.zip 2015-04-10 05:48:11 D38AD8CC5EF33901C56BB9964AF73CBD 3570 ----a-w- C:\Users\Sonja\AppData\Roaming\Serif\PagePlus\15.0\Data\Attributes.zip 2015-04-10 05:48:11 76CDB2BAD9582D23C1F6F4D868218D6C 22 ----a-w- C:\Users\Sonja\AppData\Roaming\Serif\PagePlus\15.0\Data\Variables.zip 2015-04-10 05:48:11 6BBF3BEAA369334D7185F6C620E5F16D 651 ----a-w- C:\Users\Sonja\AppData\Roaming\Serif\PagePlus\15.0\Data\FillTableSolid.zip 2015-04-10 05:48:11 43CD423A10E8DA3B65507AC147754D8F 598 ----a-w- C:\Users\Sonja\AppData\Roaming\Serif\PagePlus\15.0\Data\Transparency.zip 2015-04-10 05:48:11 30D8B31449B83BA0CEF1FEF110644857 11023 ----a-w- C:\Users\Sonja\AppData\Roaming\Serif\PagePlus\15.0\Data\AutoCorrect.zip 2015-04-10 05:47:45 6EA35F996093BF485B0BF793DFF5D3CA 7492 ----a-w- C:\Users\Sonja\AppData\Roaming\Serif\PagePlus\15.0\Data\Font Panose Numbers.zip 2015-04-08 16:13:54 E7B2B0424B7BB5F11C32AF9B11C16C85 130 ----a-w- C:\Program Files\Samsung\Samsung Link\bin\moveASPInfo.bat 2015-04-08 16:13:54 B7DBE89A7736ECEA573A0360388CAB9A 65 ----a-w- C:\Program Files\Samsung\Samsung Link\bin\configService.bat 2015-04-08 16:13:54 425ABD81784F3909B41B24453FF655AA 1866 ----a-w- C:\Program Files\Samsung\Samsung Link\bin\logLevelChange.bat 2015-04-08 16:13:54 3F1FFE0343472138D63274B287DF7589 43 ----a-w- C:\Program Files\Samsung\Samsung Link\bin\filePlay.bat 2015-04-08 16:13:54 3C75DF47479CFB8D43302034B7F93BD7 114 ----a-w- C:\Program Files\Samsung\Samsung Link\bin\UnRegistWebPlugin.bat 2015-04-08 16:13:54 0FE2616A8A0A33552C2006EA7B48EDFE 358 ----a-w- C:\Program Files\Samsung\Samsung Link\bin\RegistHLS.bat 2015-04-08 16:13:54 0F9E59586D9962D6D0A872EC09BF61F0 374 ----a-w- C:\Program Files\Samsung\Samsung Link\bin\UnRegistHLS.bat 2015-04-08 04:31:21 7DDC9F91B6BD312A4BA3F8DBB7EE1BA3 596533 ----a-w- C:\Users\Sonja\Downloads\Panasonic Dimension 4 Microwav Downloader.zip 2015-04-06 14:04:03 4AD1D86D720A70D0A33C8EDA2E49C7F5 1263145 ----a-w- C:\Users\Sonja\AppData\Roaming\Serif\PagePlus\15.0\Data\PhotoLab.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto" [HKEY_USERS\S-1-5-21-4182331514-222226932-2793567021-1002\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_F5ACE9CBA9B961B5FA5F1BC0A67E7A66"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "Facebook Update"="C:\Users\Sonja\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "SkyDrive"="C:\Users\Sonja\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background" "Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun" [HKEY_USERS\S-1-5-21-4182331514-222226932-2793567021-1002\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup" "Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun" [HKEY_USERS\S-1-5-21-4182331514-222226932-2793567021-1002\Software\Microsoft\Windows\CurrentVersion\Run] "EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart" "HP ENVY 4500 series (NET)"="C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe -deviceID CN4A7142VC060D:NW -scfn HP ENVY 4500 series (NET) -AutoStart 1" "GoogleChromeAutoLaunch_F5ACE9CBA9B961B5FA5F1BC0A67E7A66"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 8"="C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe /Auto" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wireless Mouse"="C:\Program Files (x86)\Multifunctional Wireless Mouse Driver\StartMonitor.exe KMProcess.exe" "HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart" "HP ENVY 4500 series (NET)"="C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe -deviceID CN4A7142VC060D:NW -scfn HP ENVY 4500 series (NET) -AutoStart 1" "GoogleChromeAutoLaunch_F5ACE9CBA9B961B5FA5F1BC0A67E7A66"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\WINDOWS\\SysWOW64\\nvinit.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "Samsung Link"="C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" "BoxSync"="c:\Program Files\Box\Box Sync\BoxSync.exe -m" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /ANDREA_BF_BYPASS" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="0Z, C:\\WINDOWS\\system32\\nvinitx.dll" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvUpdatusService] ==== Startup Folders ====================== 2015-03-29 12:41:38 1190 ----a-w- C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2013-06-21 06:48:01 2361 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk 2014-12-04 10:12:22 2131 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk 2014-12-04 10:12:14 2131 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/04/2015 08:19] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4182331514-222226932-2793567021-1002Core1d001b825d80f0b.job --a-------- C:\Users\Sonja\AppData\Local\Facebook\Update\FacebookUpdate.exe [16/11/2014 18:12] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [06/04/2014 11:28] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [06/04/2014 11:28] C:\WINDOWS\tasks\HP Photo Creations Communicator.job --a-------- C:\Users\Sonja\AppData\Roaming\HP Photo Creations\Communicator.exe [12/03/2011 12:11] C:\WINDOWS\tasks\HPCeeScheduleForSonja.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13/09/2010 23:15] C:\WINDOWS\tasks\Uninstaller_SkipUac_Administrator.job --a-------- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [25/01/2015 11:08] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe] "C:\WINDOWS\SysNative\tasks\CLVDLauncher" [c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe] "C:\WINDOWS\SysNative\tasks\FileAdvisorCheck" ["C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe"] "C:\WINDOWS\SysNative\tasks\FileAdvisorUpdate" ["C:\Program Files (x86)\File Type Advisor\fileadvisor.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\HPCustParticipation HP ENVY 4500 series" ["C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe"] "C:\WINDOWS\SysNative\tasks\iolo Process Governor" [C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe] "C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe] "C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"] "C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\WINDOWS\SysNative\tasks\SmartDefrag4_Update" [C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe] "C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Paul" ["C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"] "C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Sonja" ["C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{172F16A2-59EB-45A4-A698-675688C853A2}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN4A7142VC" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\w7t3kbye.default-1410698837574 user_pref("browser.search.selectedEngine", "Google"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\w7t3kbye.default-1410698837574 - LastPass - %ProfilePath%\extensions\support@lastpass.com - Addictive Typing Lessons - %ProfilePath%\extensions\addictive_typing_lessons@tomkennedy.net.xpi - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi - Numpad Typing Drills - %ProfilePath%\extensions\numpadtyping@tomkennedy.xpi - WhatsApp Panel - %ProfilePath%\extensions\whatsapppanel@alejandrobrizuela.com.ar.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\w7t3kbye.default-1410698837574 C8B4AB4EC6BC1AD7B68E7EB832927927 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013 43583AB4DFD406F4C188342F41B1F91C - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll - Shockwave Flash E3D40D344C196E66D4346CCECED7AC1C - C:\Users\Sonja\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll - HPDetect 3CD19649B2C3023D65E67C056457A2BC - C:\Users\Sonja\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin 77B6DD23DCA19A217D5A4C4CAF962895 - C:\Users\Sonja\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Paul\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db] HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions hdokiejnpimakedhajhdlcegeplioahd - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\Sonja\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[26/10/2014 14:53] Angry Birds - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj Google Docs - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Calendar - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn Digital Clock - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkjifoifglkpcdffkenpinlbjgephlo Stopwatch - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh HP Smart Print - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi LastPass - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd Caroline Gardner - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlajhhigpcohfpjjmnbifacfbdoponci Webcam Toy - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade Mysites - the best speed dial and start page - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lincjlelmbjdjchibigfedhoekfkjkad Untitled event - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\loopacbjaigjkjdhjfkhebdhfgdmgjdc Google Wallet - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Chrome to Phone Extension - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco Gmail - Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Slides - C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Docs - C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf LastPass - C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd Google Wallet - C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://search.conduit.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MBB26B5C4-407B-4C1D-9C5B-274D393CBDC7&SearchSource=55&CUI=&UM=5&UP=SP1E2107F7-45F8-43E3-A816-777DE0A88559&SSPV=", "startup_urls": [ "http://www.google.com/", "?type=hppp", "?type=hppppp" ] ==== Chromium Fix ====================== C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage deleted successfully C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mystartsearch.com_0.localstorage-journal deleted successfully C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lincjlelmbjdjchibigfedhoekfkjkad deleted successfully C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lincjlelmbjdjchibigfedhoekfkjkad_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com/" "Search Bar"="http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.google.com/" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS" {33BB0A4E-99AF-4226-BDF6-49120163DE86} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RVEA_nlBE635" {875D232A-84B5-4673-95D2-BF949685DC04} Unknown Url="Not_Found" {D944BB61-2E34-4DBF-A683-47E505C587DC} Unknown Url="Not_Found" ==== Reset Google Chrome ====================== C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4182331514-222226932-2793567021-1002\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_USERS\S-1-5-21-4182331514-222226932-2793567021-1002\Software\Microsoft\Internet Explorer\SearchScopes\{875D232A-84B5-4673-95D2-BF949685DC04} deleted successfully HKEY_USERS\S-1-5-21-4182331514-222226932-2793567021-1002\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{875D232A-84B5-4673-95D2-BF949685DC04} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{875D232A-84B5-4673-95D2-BF949685DC04} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\Gast\Desktop\EnterImage.lnk - C:\Program Files (x86)\EnterImage\EnterImage.exe C:\Users\Paul\Desktop\EnterImage.lnk - C:\Program Files (x86)\EnterImage\EnterImage.exe C:\Users\Sonja\Desktop\AA_v3.5 - Snelkoppeling.lnk - C:\Users\Sonja\Pictures\Cards\AA_v3.5.exe C:\Users\Sonja\Desktop\App-opstartprogramma van Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 C:\Users\Sonja\Desktop\Box Sync.lnk - C:\Users\Sonja\Box Sync C:\Users\Sonja\Desktop\Dropbox.lnk - C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Sonja\Desktop\EnterImage.lnk - C:\Program Files (x86)\EnterImage\EnterImage.exe C:\Users\Sonja\Desktop\Free M4a to MP3 Converter.lnk - C:\Program Files (x86)\Free M4a to MP3 Converter\m4a_converter.exe C:\Users\Sonja\Desktop\Funny Photo Maker.lnk - C:\Program Files (x86)\AnvSoft\Funny Photo Maker\FunnyPhoto.exe C:\Users\Sonja\Desktop\HP Photo Creations.lnk - C:\Users\Sonja\AppData\Roaming\HP Photo Creations\PhotoProduct.exe C:\Users\Sonja\Desktop\My Music Tools.lnk - C:\Program Files (x86)\Free M4a to MP3 Converter\mymusictools.url C:\Users\Sonja\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe C:\Users\Sonja\Desktop\PTLITE10 - Snelkoppeling.lnk - E:\PTLITE10.EXE C:\Users\Sonja\Desktop\Sam Sonja - Snelkoppeling.lnk - C:\Users\Sonja\Desktop\Samsung Link sonja.campaert@telenet.be.lnk - C:\Galaxy S 5 C:\Users\Sonja\Desktop\shutdown.lnk - C:\Windows\System32\shutdown.exe -s -t 00 C:\Users\Sonja\Desktop\sonja.campaert@telenet.be (sonja) - Snelkoppeling.lnk - C:\Users\Sonja\Desktop\System Mechanic.lnk - C:\Program Files (x86)\iolo\System Mechanic\SysMech.exe C:\Users\Sonja\Desktop\System Mechanic® LiveBoost™.lnk - C:\Users\Sonja\Desktop\Uitvoeren.lnk - C:\Users\Sonja\Desktop\Beveiliging\Duplicate Cleaner Free.lnk - C:\Program Files (x86)\Duplicate Cleaner\DuplicateCleaner.exe C:\Users\Sonja\Desktop\Beveiliging\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe C:\Users\Sonja\Desktop\Beveiliging\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Sonja\Desktop\Beveiliging\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe C:\Users\Sonja\Desktop\Beveiliging\Wifi-fikser.lnk - C:\Program Files (x86)\Wifi-fikser\Wifi-fikser.exe C:\Users\Sonja\Desktop\De sims\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe C:\Users\Sonja\Desktop\Google\App-opstartprogramma van Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --show-app-list C:\Users\Sonja\Desktop\Google\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document C:\Users\Sonja\Desktop\Google\Google Drive.lnk - C:\Users\Sonja\Google Drive C:\Users\Sonja\Desktop\Google\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet C:\Users\Sonja\Desktop\Google\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation C:\Users\Sonja\Desktop\HP\Benodigdheden kopen - HP ENVY 4500 series.lnk - C:\Program Files (x86)\HP\HP ENVY 4500 series\Bin\hpqDTSS.exe C:\Users\Sonja\Desktop\HP\HP ENVY 4500 series.lnk - C:\Program Files (x86)\HP\HP ENVY 4500 series\Bin\HP ENVY 4500 series.exe -Start UDCDevicePage C:\Users\Sonja\Desktop\HP\HP Photo Creations.lnk - C:\Users\Sonja\AppData\Roaming\HP Photo Creations\PhotoProduct.exe C:\Users\Sonja\Desktop\HP\HP Print and Scan Doctor.lnk - C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\AVerMedia TV Player.lnk - C:\Program Files (x86)\AVerMedia\AVerMedia TV Player\AVerMedia TV Player.exe C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\Bezoek eBay.be.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=nl_be&bd=all&c=131 C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\BitLord.lnk - C:\Program Files (x86)\BitLord 2\Bitlord files\bitlord.exe C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\De Sims™ 3.lnk - C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\Easy Duplicate Finder 4.lnk - C:\Program Files\Easy Duplicate Finder 4\EasyDuplicateFinder.exe C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\HP Connected Music.lnk - C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\Intel(R) WiDi.lnk - C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\IObit Unlocker.lnk - C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\iTunes Agent.lnk - C:\Program Files (x86)\iTunes Agent\iTunes Agent.exe C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\Snapfish foto's.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://www.snapfish.com/hp_desktop_desktopicon_2013_nl_be ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\De Sims 4 Creëer-een-Sim Demo.lnk - C:\Users\Public\Desktop\De Sims 4.lnk - C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe C:\Users\Public\Desktop\eID Viewer.lnk - C:\Program Files (x86)\Belgium Identity Card\EidViewer\eID Viewer.exe C:\Users\Public\Desktop\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe C:\Users\Public\Desktop\GIMP 2.lnk - C:\Program Files\GIMP 2\bin\gimp-2.8.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk - C:\Program Files (x86)\HP\Diagnostics\PSDR\HPPSDr.exe C:\Users\Public\Desktop\HP Quick Start.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 C:\Users\Public\Desktop\My LastPass Vault.lnk - C:\Users\Public\Desktop\paint.net.lnk - C:\Program Files (x86)\paint.net\PaintDotNet.exe C:\Users\Public\Desktop\PC Drukkerij Wenskaarten & Uitnodigingen.lnk - C:\Program Files (x86)\Easy Computing\PC Drukkerij Wenskaarten & Uitnodigingen\PrintPratic.exe C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files (x86)\PowerISO\PowerISO.exe C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Users\Public\Desktop\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe C:\Users\Public\Desktop\Serif PagePlus X5.lnk - C:\Program Files (x86)\Serif\PagePlus\X5\Program\PagePlus.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth\Sam Sonja.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTWUIExt.exe /deviceAddr=b43a28e876e1 C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\App-opstartprogramma van Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations verwijderen.lnk - C:\Users\Sonja\AppData\Roaming\HP Photo Creations\remove.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk - C:\Users\Sonja\AppData\Roaming\HP Photo Creations\PhotoProduct.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk - C:\Program Files (x86)\paint.net\PaintDotNet.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif CraftArtist 2.lnk - C:\WINDOWS\Installer\{D0BE8477-6206-4588-8148-971EDAB6BBAD}\CraftArtist.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex\CDex.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor\File Type Advisor.lnk - C:\Program Files (x86)\File Type Advisor\fileadvisor.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect\Fitbit Connect Website.lnk - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect website.URL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect\Fitbit Connect.lnk - C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect\Uninstall Fitbit Connect.lnk - C:\Windows\SysWOW64\msiexec.exe /x {D626E72A-ED95-489A-9B8B-0B2A7B649A85} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk - C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP ENVY 4500 series\HP ENVY 4500 series.lnk - C:\Program Files (x86)\HP\HP ENVY 4500 series\Bin\HP ENVY 4500 series.exe -Start UDCDevicePage C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallDisplay.exe uninstall_start C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec\1.0b beta\Uninstall.lnk - C:\Program Files (x86)\MyFree Codec\1.0b beta\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin Error Reporter.lnk - C:\Program Files (x86)\Origin\OriginER.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Link.lnk - C:\Program Files (x86)\Samsung\Samsung Link\Samsung Link Menu Start.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Uninstall Kies 3.lnk - C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe /removeonly C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications\CraftArtist 2\CraftArtist 2 User Guide.lnk - C:\WINDOWS\Installer\{D0BE8477-6206-4588-8148-971EDAB6BBAD}\ShortcutPDF.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications\CraftArtist 2\CraftArtist 2.lnk - C:\WINDOWS\Installer\{D0BE8477-6206-4588-8148-971EDAB6BBAD}\CraftArtist.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sharepod\Sharepod.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sharepod\Uninstall Sharepod.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic\System Mechanic Help.lnk - C:\Program Files (x86)\iolo\System Mechanic\System_Mechanic_nl.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic\System Mechanic.lnk - C:\Program Files (x86)\iolo\System Mechanic\SysMech.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic\System Mechanic® LiveBoost™.lnk - ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Gast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk - C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free M4a to MP3 Converter.lnk - C:\Program Files (x86)\Free M4a to MP3 Converter\m4a_converter.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk - C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\App-opstartprogramma van Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CyberLink Media Suite.lnk - C:\Program Files (x86)\CyberLink\Media Suite\PS.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CyberLink YouCam.lnk - C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Quick Start.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Quick Start\HPQuickstart.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&ts=1428571092&from=sien&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S432990429904 ==== shortcuts After Repair ====================== C:\Users\Sonja\Desktop\App-opstartprogramma van Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\Bezoek eBay.be.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe C:\Users\Sonja\Desktop\ongebruikte bureaubladpictogrammen\Snapfish foto's.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\App-opstartprogramma van Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\App-opstartprogramma van Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Sonja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75590D9D1EC046A45BE94326B4657E44 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\584BDAAB5A0573E4EA23403FD5EC1CB4 deleted successfully HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\75590D9D1EC046A45BE94326B4657E44 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\584BDAAB5A0573E4EA23403FD5EC1CB4 deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll O4 - HKLM\..\Run: [Wireless Mouse] "C:\Program Files (x86)\Multifunctional Wireless Mouse Driver\StartMonitor.exe" KMProcess.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart O4 - HKCU\..\Run: [HP ENVY 4500 series (NET)] "C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN4A7142VC060D:NW" -scfn "HP ENVY 4500 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F5ACE9CBA9B961B5FA5F1BC0A67E7A66] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Startup: Dropbox.lnk = Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: LastPass - file://C:\Users\Sonja\AppData\LocalLow\LastPass\context.html?cmd=lastpass O8 - Extra context menu item: LastPass Invulformulieren - file://C:\Users\Sonja\AppData\LocalLow\LastPass\context.html?cmd=fillforms O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {55A2C0CD-3DE8-4264-9637-A0B40B05714E} - https://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=1278230545 O17 - HKLM\System\CCS\Services\Tcpip\..\{24D736AB-D55E-4E68-8139-ADC8B324F545}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVerScheduleService - Unknown owner - c:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe O23 - Service: @oem102.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\WINDOWS\system32\BtwRSupportService.exe (file missing) O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Box Sync Update Service (BoxSyncUpdateService) - Box, Inc. - C:\Program Files\Box\Box Sync\SyncUpdaterService.exe O23 - Service: BrcmSetSecurity - Intel - C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: Monitor Virutal Wlan Secvice (MS_Virtual_Monitor) - Unknown owner - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\CppWindowsService.exe O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: StartMenu8 Service (StartMenuService) - Unknown owner - (no file) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Paul\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Sonja\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Sonja\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Paul\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Sonja\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Sonja\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=3068 folders=314 10929840033 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\Temp emptied successfully C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gast\AppData\Local\Temp emptied successfully C:\Users\Paul\AppData\Local\Temp emptied successfully C:\Users\Sonja\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Sonja\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not deleted ==== EOF on zo 12/04/2015 at 11:33:04,88 ======================