Zoek.exe v5.0.0.0 Updated 08-April-2015 Tool run by cedric on do 23/04/2015 at 8:48:41,88. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\cedric\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 23/04/2015 8:52:35 Zoek.exe System Restore Point Created Successfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{472756f2-d919-40f2-9f2b-baa83cf4c2f5} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{472756f2-d919-40f2-9f2b-baa83cf4c2f5} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1041EC4C-EE6B-47CD-869F-B9DDF9A4624C} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1137487D-F0D-49D5-8D8F-3ECFF8725C40} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1237C0EE-C415-4540-A2CD-F644EC7647A} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19127831-6CE4-4B88-8D3C-672A2F46841A} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19BBEF8D-5D6A-41A0-8933-EB7AFBAC39BF} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26517EEA-768A-4C85-9822-1CB752F28C0} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29582166-2978-4C29-8A95-D597C8EDF060} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{370EC06B-B8DD-4280-A388-8D7B945C3D9A} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{398a7ade-4dcd-48bf-849c-e54291d29915} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A74FF11-7FBB-4BD2-839F-E01564288D7C} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B6A4AD4-D6EE-47dd-B308-0E0930A43853} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CAF7C61-3853-4F3A-83FC-8F7394A755DD} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CC5B89D-4280-4198-A7B1-708FE1EE90E6} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F575974-CC8C-4E23-8DCA-11D9131842D} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4279F68-D949-4F82-9B21-804D189ADB8C} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{468BD158-A614-4A76-8751-47607E6624C} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{491CA2CF-DEBD-4D39-B7CF-BAC58CBE5C2} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{496BBE81-8C3C-4B68-8D1F-D5C2F0F6F1} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C4B7ADB-C4FC-41D6-92A6-37ACDCEA9D3} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CDE028E-3939-4B3F-A2D2-5CACCA6D38FE} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50D84990-50DE-4A3C-91B7-7D767B14295D} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{514D9926-BC2D-4A50-9542-66EBB6181F5E} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{532B5FCA-926B-4A9A-BFB2-12A1FE55817} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54A635AB-76A8-4496-9C2A-35D8E75A24BB} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{565EDE2E-A739-4479-B343-7865BF599BA6} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56EDE992-E96B-4E2C-B0BD-761A755AB1DB} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59037698-524E-45F7-BB22-405A651F9D9} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5951AEE7-9694-444A-99D-F1F2C45E6D53} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59EAF6A1-FA7D-4B7F-9476-48145533DC3F} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E8C6B53-49C4-421D-841A-82D205E78AB} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{673AADF6-B158-4039-A52D-E4E6F68844B} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69722442-33C-4415-955D-A7FA8D69851D} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CC3047A-1898-400B-8BB4-6FFF8CD2BBD2} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{782D592E-1A20-40C4-A2CF-9FBDB72AAFC} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C853828-319D-426E-8531-794172F1AB25} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F240D14-4D4-47AB-BADD-5102280437A} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82D04856-87EC-42E6-A223-B2D2ADD2DF7} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{847F7078-76D4-4651-8958-D62141DC728F} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88779EB8-6DF6-4C6C-8AEA-7131C5AD5E1B} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8ABA6E4E-E271-45F6-8543-BF2454B02B1} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B1310C1-64C8-403F-91DB-658CE756539} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94AE3997-4774-4D88-AC32-C3902B834} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{982594ED-EAFC-4EBF-808B-ED15DBDD1FDE} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98C86DE7-560F-4CBC-AAE8-17919219BCD3} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D775FB-2452-41D5-B8EF-9872E5A15C78} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DA26157-BFF8-44CC-9948-4D6A925BED89} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A642E0DD-BDF-424A-BC4D-D61E28FFD21} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6FDA8E-DA5E-4FB8-A599-3CD7796ABB5C} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8399550-6CB5-41C8-BEBF-F5B3A691D30} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B22211B0-6CF8-4D08-8234-4427D8178565} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b30463f8-b6d0-4e4e-a369-6a9539dabad7} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9F26260-45CD-4258-B25E-212D983381} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCF0710A-5B4D-4881-ACFF-36AC9CB8C0A6} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF17C01-6DCA-4404-A84A-BB56468E5E17} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C28A604B-E3FA-4B5B-AB5A-294617411DF} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D05F752-1ED4-4BC4-9E64-C1F26021BAAA} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3082DB5-9998-43BE-8FC9-D8CB689F29ED} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9751B41-41F7-4355-A0ED-A9F096373890} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E17EA533-6F70-42E1-BFF0-F5351485B2E} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E30E9C33-A130-4F95-97AE-5FA573E440} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E337ED69-A60D-49E6-8939-915AFBBB5DF} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3E3590D-FBCE-42AE-B89B-5896A36685EA} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F704A928-B7D-4EE8-B9A3-5601257A697} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F780643-50A6-410A-A93F-C7FE7985775} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F97F503-AC3E-45C8-8A6C-3B49DC94DF4E} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAEF0ADA-1D05-477F-ACF3-C710346399B0} deleted successfully HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE37FE54-3280-41B0-9B28-465F4D8F5150} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{472756f2-d919-40f2-9f2b-baa83cf4c2f5} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{472756f2-d919-40f2-9f2b-baa83cf4c2f5} deleted successfully HKEY_CLASSES_ROOT\CLSID\{472756f2-d919-40f2-9f2b-baa83cf4c2f5} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{472756f2-d919-40f2-9f2b-baa83cf4c2f5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{472756f2-d919-40f2-9f2b-baa83cf4c2f5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{472756f2-d919-40f2-9f2b-baa83cf4c2f5} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{398a7ade-4dcd-48bf-849c-e54291d29915} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b30463f8-b6d0-4e4e-a369-6a9539dabad7} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Isabel\isa_kbc_certupdate.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe C:\Users\cedric\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdateSvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LiveUpdateSvc deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\cedric\AppData\Roaming\Mozilla\Firefox\Profiles\m1r89vlm.default-1376402822709 user.js not found ---- Lines aquinnreillyaolcom61862 removed from prefs.js ---- user_pref("extensions.aquinnreillyaolcom61862.61862.InstallationThankYouPage", false); user_pref("extensions.aquinnreillyaolcom61862.61862.InstallationTime", 1410373782); user_pref("extensions.aquinnreillyaolcom61862.61862.active", true); user_pref("extensions.aquinnreillyaolcom61862.61862.addressbar", "NA"); user_pref("extensions.aquinnreillyaolcom61862.61862.addressbarenhanced", ""); user_pref("extensions.aquinnreillyaolcom61862.61862.asyncdb.was_copied", "true"); user_pref("extensions.aquinnreillyaolcom61862.61862.asyncinternaldb.was_copied", "true"); user_pref("extensions.aquinnreillyaolcom61862.61862.backgroundver", 1); user_pref("extensions.aquinnreillyaolcom61862.61862.certdomaininstaller", ""); user_pref("extensions.aquinnreillyaolcom61862.61862.changeprevious", false); user_pref("extensions.aquinnreillyaolcom61862.61862.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zomertijd))"); user_pref("extensions.aquinnreillyaolcom61862.61862.cookie.InstallationTime.value", "%221410373782%22"); user_pref("extensions.aquinnreillyaolcom61862.61862.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zomertijd))"); user_pref("extensions.aquinnreillyaolcom61862.61862.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22verticals-%2 user_pref("extensions.aquinnreillyaolcom61862.61862.domain", ""); user_pref("extensions.aquinnreillyaolcom61862.61862.enablesearch", false); user_pref("extensions.aquinnreillyaolcom61862.61862.homepage", ""); user_pref("extensions.aquinnreillyaolcom61862.61862.iframe", false); user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zomertij user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%226E9A178F90AC432A8FCC7A211B4F8 user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zomertijd))") user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22vertical user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zomertij user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22ver user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%226E9A178F90AC432A8FCC user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zomertijd))" user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.Resources_appVer.value", "34"); user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zomerti user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.Resources_lastVersion.value", "1"); user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zomertijd))"); user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.Resources_nextCheck.expiration", "Tue Sep 16 2014 12:35:09 GMT+0200 (Romance (standaard user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.Resources_nextCheck.value", "true"); user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zomertijd))") user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.Resources_queue.value", "%7B%7D"); user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zo user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D"); user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.Resources_resource_751883.expiration", "Mon Dec 15 2014 10:01:53 GMT+0100 (Romance (zom user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zomertijd user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.__defualt_browser__.value", "%22ff%22"); user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zo user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B9%2C-2147483387%2C67108864%5D%2C% user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romance (zomertijd))"); user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%226E9A178F user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Romanc user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Ro user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.monetization_plugin_bundledWithHash.value", "null"); user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (Rom user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D"); user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 00:00:00 GMT+0 user_pref("extensions.aquinnreillyaolcom61862.61862.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D"); user_pref("extensions.aquinnreillyaolcom61862.61862.lastDailyReport", "1410841945018"); user_pref("extensions.aquinnreillyaolcom61862.61862.lastUpdate", "1410842109421"); user_pref("extensions.aquinnreillyaolcom61862.61862.manifesturl", ""); user_pref("extensions.aquinnreillyaolcom61862.61862.name", "The weDownload Pro"); user_pref("extensions.aquinnreillyaolcom61862.61862.newtab", ""); user_pref("extensions.aquinnreillyaolcom61862.61862.opensearch", ""); user_pref("extensions.aquinnreillyaolcom61862.61862.pluginsurl", "http://js.newclientgenservice.com/plugin/apps/61862/plugins/na/ff/plugins.json"); user_pref("extensions.aquinnreillyaolcom61862.61862.pluginsversion", 28); user_pref("extensions.aquinnreillyaolcom61862.61862.publisher", "weDownload"); user_pref("extensions.aquinnreillyaolcom61862.61862.quinnreilly@aol.comaquinnreillyaolcom61862_dbWasSet", true); user_pref("extensions.aquinnreillyaolcom61862.61862.quinnreilly@aol.comaquinnreillyaolcom61862_dbWasSet_FF25_FIX", true); user_pref("extensions.aquinnreillyaolcom61862.61862.quinnreilly@aol.comasyncdb_dbWasSet", true); user_pref("extensions.aquinnreillyaolcom61862.61862.quinnreilly@aol.comasyncdb_dbWasSet_FF25_FIX", true); user_pref("extensions.aquinnreillyaolcom61862.61862.quinnreilly@aol.comasyncinternaldb_dbWasSet", true); user_pref("extensions.aquinnreillyaolcom61862.61862.quinnreilly@aol.comasyncinternaldb_dbWasSet_FF25_FIX", true); user_pref("extensions.aquinnreillyaolcom61862.61862.searchstatus", 0); user_pref("extensions.aquinnreillyaolcom61862.61862.setnewtab", false); user_pref("extensions.aquinnreillyaolcom61862.61862.thankyou", ""); user_pref("extensions.aquinnreillyaolcom61862.61862.updateinterval", 360); user_pref("extensions.aquinnreillyaolcom61862.61862.ver", 34); user_pref("extensions.aquinnreillyaolcom61862.apps", "61862"); user_pref("extensions.aquinnreillyaolcom61862.bic", "14865f772ac1d27b5efc08b04ed8eed8"); user_pref("extensions.aquinnreillyaolcom61862.cid", 61862); user_pref("extensions.aquinnreillyaolcom61862.firstrun", false); user_pref("extensions.aquinnreillyaolcom61862.hadappinstalled", true); user_pref("extensions.aquinnreillyaolcom61862.installationdate", 1410459989); user_pref("extensions.aquinnreillyaolcom61862.installerAdditionalInfo", "{\"asw\":[9, -2147483387, 67108864],\"browser_name\":\"ff\"}"); user_pref("extensions.aquinnreillyaolcom61862.modetype", "production"); user_pref("extensions.aquinnreillyaolcom61862.reportInstall", true); user_pref("extensions.aquinnreillyaolcom61862.statsDailyCounter", 7); ---- Lines mystart removed from prefs.js ---- user_pref("browser.search.searchengine.alias", "mystartsearch"); user_pref("browser.search.searchengine.iconURL", "http://www.mystartsearch.com/favicon.ico"); user_pref("browser.search.searchengine.name", "mystartsearch"); user_pref("browser.search.searchengine.url", "http://www.mystartsearch.com/web/?type=ds&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC0 user_pref("browser.search.selectedEngine", "mystartsearch"); ---- Lines Sweet removed from prefs.js ---- user_pref("extensions.xpiState", "{\"app-profile\":{\"adblockpopups@jessehakanen.net\":{\"d\":\"C:\\\\Users\\\\cedric\\\\AppData\\\\Roaming\\\\Mozilla ---- Lines extensions.cZcmcCkK31fnZwBb removed from prefs.js ---- user_pref("extensions.cZcmcCkK31fnZwBb.epoch", "1429857549"); user_pref("extensions.cZcmcCkK31fnZwBb.url", "http://superiend.org/sync2/?q=hfZ9ofV9CShEAen0rTwGqdsMg708BNmGWj8cmihGheDUojw8rdnFqHw7rdrGqShIC7n0rjkEqd ---- Lines extensions.egNIuzKToIdaL1Ma removed from prefs.js ---- user_pref("extensions.egNIuzKToIdaL1Ma.epoch", "1429857548"); user_pref("extensions.egNIuzKToIdaL1Ma.url", "http://progamessafecard.in/sync2/?q=hfZ9ofhUWchEAen0rTwGqdsMg708BNmGWj8cmihGheDUojw8rdnFqHw7rdsGrihIC7n0 ---- FireFox user.js and prefs.js backups ---- prefs_20152304_0942_.backup ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{472756f2-d919-40f2-9f2b-baa83cf4c2f5}] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{472756f2-d919-40f2-9f2b-baa83cf4c2f5}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\bestadblocker deleted C:\PROGRA~2\Cars 2 World Grand Prix Races deleted C:\PROGRA~2\VaUdiX deleted C:\Program Files (x86)\IObit\LiveUpdate deleted C:\Users\cedric\AppData\Roaming\Mozilla\Firefox\Profiles\m1r89vlm.default-1376402822709\extensions\ascsurfingprotection@iobit.com deleted C:\Users\cedric\AppData\Roaming\Mozilla\Firefox\Profiles\m1r89vlm.default-1376402822709\extensions\jU@J2dQ.net deleted C:\Users\cedric\AppData\Roaming\Mozilla\Firefox\Profiles\m1r89vlm.default-1376402822709\extensions\t@oo1yEAsWfy.net deleted C:\ProgramData\64b2037700007be2 deleted C:\ProgramData\1630676291562444881 deleted C:\ProgramData\hkfgokipjioolbjfdkodebnjicecmgcg deleted C:\ProgramData\{09c55859-5318-c8eb-09c5-558595316165} deleted C:\PROGRA~2\GreenTree Applications deleted C:\PROGRA~3\YTD Video Downloader deleted C:\PROGRA~3\ProductData deleted C:\Users\cedric\AppData\Local\fastplayer deleted C:\Users\cedric\AppData\Local\com deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPlayer deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader deleted C:\windows\SysNative\drivers\Msft_Kernel_webinstr_01009.Wdf deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\GPT.INI deleted C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted C:\Users\cedric\AppData\Roaming\Mozilla\Firefox\Profiles\m1r89vlm.default-1376402822709\extensions\sweetsearch@gmail.com deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 2937 MB CPU Info: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz CPU Speed: 2045,4 MHz Sound Card: Luidsprekers (Realtek High Defi | Display Adapters: Mobile Intel(R) 4 Series Express Chipset Family | Mobile Intel(R) 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC | Realtek PCIe FE Family Controller CD / DVD Drives: 1x (E: | ) E: TSSTcorpCDDVDW TS-L633C Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 149,0GB | D: 148,7GB | Q: 0,0MB Hard Disks - Free: C: 88,4GB | D: 142,1GB | Q: 0,0MB Manufacturer *: TOSHIBA BIOS Info: AT/AT COMPATIBLE | 09/03/10 | TOSCPL - 6040000 Time Zone: Romance (standaardtijd) Motherboard *: TOSHIBA PWWAM Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: AVG AntiVirus 2014 On-access scanning disabled (Outdated) Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus 2014 disabled (Outdated) Default Browser: Firefox 37.0.2 Internet Explorer Version: 11.0.9600.17728 Mozilla Firefox version: 37.0.2 (x86 nl) Google Chrome version: 42.0.2311.90 Adobe Reader version: 11.0.07.79 Sun Java version: 1.8.0_45 (32-bit) Sun Java version: 1.8.0_45 (64-bit) Flash Player version: 16.0.0.305 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\cedric\AppData\Local\Temp ==== 2015-04-22 09:11:22 88F1ACC6C88D7BC7B563F3F9515CD875 807064 ----a-w- C:\Users\cedric\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe ====== Java Cache ===== 2015-04-23 06:39:40 C82ACCD236D7E9D23BCA6203B3C69BA2 425 ----a-w- C:\Users\cedric\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-aa56bb018d5de3a531ee91cc4857f0f479656e5370ebf87789e721aaaf530ebc-6.0.lap 2015-04-23 06:39:35 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\cedric\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-45861f52 2015-04-23 06:41:45 B5484710FD46B5204FB01AE9F3F3E8BE 286754 ----a-w- C:\Users\cedric\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-6b5bd123 2015-04-23 06:41:42 67911F367EC150BDC8F2CB46397F0925 845 ----a-w- C:\Users\cedric\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-7c053506 2015-04-23 06:41:44 67911F367EC150BDC8F2CB46397F0925 845 ----a-w- C:\Users\cedric\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-5d3f1ee5 ====== C:\Windows\SysWOW64 ===== 2015-04-23 06:37:25 4E6A6CCB4A46F25CDAE35BA60B7934C2 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-04-17 16:06:28 E981C27FA6C2F45C135DB4AF78D6FE1F 92672 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2015-04-17 16:06:28 C7E498E41D92CF8C2EAED9995781A7F7 29696 ----a-w- C:\Windows\SysWOW64\wups.dll 2015-04-17 16:06:28 9D68CE45935C439D5082ECB56902124D 566784 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2015-04-17 16:06:28 751C4859FD46A1461B3FB57252F541D8 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2015-04-17 16:06:28 031C03C9639CE0D294695968C68A5775 173056 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2015-04-17 16:06:11 2B381229CCACA02AFF9D27B09073E523 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2015-04-17 16:06:09 DA5B856A037872BE089CA6967C7050C5 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2015-04-17 16:06:09 78492CF3C3697FB5AF4EAABB2BAF8595 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2015-04-17 16:05:42 32B9FEE479FF55234ED6BCF1D7976189 1309696 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2015-04-17 16:05:41 11896E75E1A118ABFAD126BEB650A189 3920824 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-17 16:05:40 A6A644BFAE31F111F35F8C3C7BA2A8A0 3976632 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-17 16:05:39 BC09159AFF6639DB2CB28058731199F0 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll 2015-04-17 16:05:39 99DE8BADC0E85C9AB4A8301A3723FFEA 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2015-04-17 16:05:37 DB7CFA08957C94F6CFAA0DBB8BE4B906 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2015-04-17 16:05:37 56977F27A96383E2A6C8BACEFC17E9CA 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2015-04-17 16:05:37 2DE438AE95C59FB33B3E4E34827C1100 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2015-04-17 16:05:36 A057B61F8A553F6DA38563597FA3676B 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2015-04-17 16:05:36 655C88135254C78E6FB66B6C2F6AC5DA 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2015-04-17 16:05:35 E6A73ED322D8D0E85589894157F81940 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-04-17 16:05:35 A169307F0105183092F2AEDA9A8BD15D 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2015-04-17 16:05:35 6F8CEB8115737D2E049804B191AE41A9 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-04-17 16:05:34 6A9FFEF19C4F8F2E9082A50BB07ECDF1 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2015-04-17 16:05:34 47A1F23EE40C2389FCD53E9D5CEA3430 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2015-04-17 16:05:34 06C69684C3730E1A31DF06D4DD4042BC 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2015-04-17 16:05:33 C2A7AEA0A0FF0E7284632902FF9BD73A 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2015-04-17 16:05:33 52C84F726B8B84634F2E666C49076CDE 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2015-04-17 16:05:33 0FF9EEFF3EFC725FD90AD2CDA5A96776 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2015-04-17 16:05:28 FC898E44379D877DE92D869E713528CD 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-04-17 16:05:28 C557EB6CD735B4EE5076EA289B02CEAC 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2015-04-17 16:05:28 53C485BC8BBD41877F58AEB89412F5D7 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-04-17 16:05:27 2E0F849B7BF17969E45881FA4EB9B487 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2015-04-17 16:05:26 C0693456929F40833B9CC36C9CF7E3A8 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2015-04-17 16:05:26 4B21D227B191A6305087BDD6BB19220F 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2015-04-17 16:04:29 8CD57250F538CFFA0D5DCA9773AEDCAB 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-04-17 16:04:28 D730BA653F9F95EC044F6636E6E45905 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-04-17 16:04:28 BA897AB3BC3DBC25829946EBA487496C 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-04-17 16:04:28 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\SysWOW64\ieuinit.inf 2015-04-17 16:04:27 DC155C2C14DC69EA400020CF92895873 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-17 16:04:26 EC442CB6F2D08F4FAA6BA68A23B82383 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-04-17 16:04:26 CD91FE4F2718A88FC1C9C9C2E73EABB2 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-04-17 16:04:26 92CF8BC1B198C01CDC55A1A91E510700 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-04-17 16:04:26 89CACDF654626F1948BF6C19A6D610BE 342704 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-04-17 16:04:26 8127C2EE2E287BB3AB7843F9923B62BD 1311232 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-04-17 16:04:25 2F42037DD6F2831332653EB7F35D7E9A 19695616 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-04-17 16:04:23 CA4F96D21BEF43DE9407210CFF76FCEA 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-04-17 16:04:23 8E30C9B4E16C23211F1DD02B517E4FA8 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-04-17 16:04:23 01C2BB4C13E6E0AF50867BCE8EE8A03E 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-04-17 16:04:22 A305BEDA0CD8304102BFBBA0EB2A48CA 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-04-17 16:04:22 8A083313C1F7F50098D1D4F2FC092BD1 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-04-17 16:04:22 77104FDBBD821F2D73338D9370675EF3 2278400 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-04-17 16:04:21 B7BFB7C2970DF5E779FF729C037BD8E4 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-04-17 16:04:21 94D64C343FE6341430A4C61BC490FEBF 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-04-17 16:04:21 2B5DD86A4B6E92E5A79C479C0652E727 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-04-17 16:04:21 1DFA1B4968C4E9E23CD6E68AF9CC063F 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-04-17 16:04:20 AE8A9FCDC135F681EFE9135929CF4A7B 12825600 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-04-17 16:04:17 C46904F2E9E121A91DDDABB48D7648C3 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-04-17 16:04:17 BDE9AA78B575CDA7C946A725926021F7 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-04-17 16:04:17 7776F3DA2B1AEDC2DA226F726B1E9A01 503296 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-04-17 16:04:17 43A5A38E45F0D4FA02A0CCD51244AA17 4305408 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-04-17 16:04:16 B55293D48979DADE6049944C252A3BDB 340992 ----a-w- C:\Windows\SysWOW64\html.iec 2015-04-17 16:04:16 2396395B6F563158BEC2E0526D7F6CD2 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-04-17 16:03:10 D824C1C235349B67E652A5CA70D1AA49 58880 ----a-w- C:\Windows\SysWOW64\clfsw32.dll 2015-04-17 10:24:28 7A8F6ECA343EC3E644580C7A7B28E507 17549488 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-04-17 16:06:28 C5D90D20035928387FE27E4485EE463F 36864 ----a-w- C:\Windows\Sysnative\wuapp.exe 2015-04-17 16:06:28 AEA602B4036CF95522818E911654F52E 135168 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2015-04-17 16:06:28 95A9A336CFF6AC51B33BBFDBEA6D848B 60416 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll 2015-04-17 16:06:28 6C21C983C1F83900DBEDE51DCA247B72 696320 ----a-w- C:\Windows\Sysnative\wuapi.dll 2015-04-17 16:06:28 21DF773EF8EFEF531E7E0BF477E03047 3298816 ----a-w- C:\Windows\Sysnative\wucltux.dll 2015-04-17 16:06:27 AECC03D0A794619E15FF1CB92D65EF9E 191488 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2015-04-17 16:06:27 6BAC8DCC6C58755A1B9E6D3B04C28FC5 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll 2015-04-17 16:06:27 2ADEA6F221BBF0992FDF9A3E25BA9F59 98304 ----a-w- C:\Windows\Sysnative\wudriver.dll 2015-04-17 16:06:27 2A77BD58F0A8D3743D4299434390922E 35328 ----a-w- C:\Windows\Sysnative\wups.dll 2015-04-17 16:06:27 21CA4277E6918B019525ECCD748EF401 37376 ----a-w- C:\Windows\Sysnative\wups2.dll 2015-04-17 16:06:27 0814A74C853F50B354F08F83DDA9F7FB 2553856 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2015-04-17 16:06:17 E72C92A252EC4B230287BC6E06F24296 957952 ----a-w- C:\Windows\Sysnative\appraiser.dll 2015-04-17 16:06:17 826A7F422014E4762C700B4254F5C588 1111552 ----a-w- C:\Windows\Sysnative\aeinv.dll 2015-04-17 16:06:17 5D0A492C42A43DCF73284F2865519712 30720 ----a-w- C:\Windows\Sysnative\acmigration.dll 2015-04-17 16:06:17 0E0723E6D064ACD3D603BEF93EE0B950 769536 ----a-w- C:\Windows\Sysnative\invagent.dll 2015-04-17 16:06:17 05ED759DD0821294F05A41F6A8F1E18F 726528 ----a-w- C:\Windows\Sysnative\generaltel.dll 2015-04-17 16:06:16 3FCD3FE7F58935A85ACC33019129358E 419840 ----a-w- C:\Windows\Sysnative\devinv.dll 2015-04-17 16:06:16 3F0FFBA1765470F979D57F88248070CA 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll 2015-04-17 16:06:16 205EE22E14A9848FB2266FF035BE0C9C 192000 ----a-w- C:\Windows\Sysnative\aepic.dll 2015-04-17 16:06:11 72098048AB8AE2CAFA4ECE35D5051D62 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll 2015-04-17 16:06:09 2AA1704C1475AD9D18560AD07BDA66DF 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2015-04-17 16:06:09 0B85F3551337FE233477DA31545DC45C 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll 2015-04-17 16:05:43 DCB7D8034C773ADB660FA8F1139AC0A0 5557696 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2015-04-17 16:05:42 E75074EFBE3C24FBC95C7C1985E08FDE 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2015-04-17 16:05:42 B47C4E8E9AF9044F9D59443196D54608 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2015-04-17 16:05:42 96C2380819EBAC0BF592A7E8977E9E8A 1727904 ----a-w- C:\Windows\Sysnative\ntdll.dll 2015-04-17 16:05:40 5EA8A53A243ED52DA1F705D000854B2A 341504 ----a-w- C:\Windows\Sysnative\schannel.dll 2015-04-17 16:05:39 CBEFBE487F0C09EE0F8AC5299447450E 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2015-04-17 16:05:39 6DEDB5E0258998C01C26280DBDB2A4B9 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2015-04-17 16:05:38 F87B5878D7621A16A0A5CF1D94BE5A53 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2015-04-17 16:05:38 B00F1AC213172C557EF84F71E4DF5EA3 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2015-04-17 16:05:38 A32CA33E8692DA882133341AF31A4C36 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2015-04-17 16:05:37 F36EF8DBE5CE842B8F04515BF422DFB4 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2015-04-17 16:05:37 EA32F4EA3AE06EDD122FBCD5A489E457 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2015-04-17 16:05:37 CB33B9F21F06764DCA561FC194823199 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2015-04-17 16:05:37 8E615D40A652999B224EDBBFA7B4035B 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll 2015-04-17 16:05:37 7220246418A40D3BF7470058A2DB939A 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll 2015-04-17 16:05:37 5E9E31A2F213E757184EB2CA4B562E6C 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2015-04-17 16:05:36 799E731B83F911A6220E678722A73DDF 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2015-04-17 16:05:36 234529666FB5BBE12343FF58380E8234 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2015-04-17 16:05:36 0B6514A14631E41DE4D6D40D1C80BE68 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2015-04-17 16:05:35 CFDA43CD05B94C4853042E4A9561B156 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2015-04-17 16:05:35 CACB6D061EAAE5CEB9203A26127843AF 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2015-04-17 16:05:35 CA4FC33FB22D92368A0B221092B46374 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2015-04-17 16:05:35 2ABF1BA930E5CE0017D6197A06B03E07 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2015-04-17 16:05:35 1150C2D3C72887571581DF6D0E58540D 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2015-04-17 16:05:34 DE328CD9E0678A55880C2189EE5BDBDC 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2015-04-17 16:05:34 C631969919195C040E135CC380018A65 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2015-04-17 16:05:34 978BC01DD41125DED32AC03925A16578 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2015-04-17 16:05:34 5905040249D279F61AE988A7F5F0D241 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2015-04-17 16:05:28 39D0217773202CF09F13C1E420CBA6CA 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2015-04-17 16:05:27 3474740668B86841E999893D9314193E 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2015-04-17 16:05:26 88B6EDA230EFEFC780AF717AA9640CAD 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2015-04-17 16:05:26 55BF60184106FCF60B999CDEB4EACB2E 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2015-04-17 16:04:28 3B69EBB762C52E8EFC127857C93CAC4F 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-04-17 16:04:28 3278499EBA0DAA54EB4B68F695F0FB43 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-04-17 16:04:27 B664D90F9BFCFBBCF520C63B17736880 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-04-17 16:04:26 9D3E174BD20A383523D5551A46C24BF6 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-04-17 16:04:26 7571102ACD8A82A55D1657CDF96A1A0E 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-04-17 16:04:26 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\Sysnative\ieuinit.inf 2015-04-17 16:04:26 0B077004AE4C2F7DE630445391360262 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-04-17 16:04:22 F36C78BC3D456BFB42A606A6B723F6DC 389808 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-04-17 16:04:22 68996E442920AD397279C3CD2AC37551 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-04-17 16:04:22 3C9D34F1F5A2C6867ECC60026F1F6CB7 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-04-17 16:04:21 B137E42258BCE4D1DA6D7F11C084983A 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-04-17 16:04:21 9171D1A18B1185A78BA33FEE884B8912 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-04-17 16:04:21 630FB85EF5FFB7441A7AFB4CC9FC9DB6 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-04-17 16:04:20 0E98ED153699741D42472B0B429B3434 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-04-17 16:04:19 3408F27ABC8B2426481306336F747949 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-04-17 16:04:18 706A56A863BD5F24FC98EF5E2D0582AD 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-04-17 16:04:18 50B2A19B2FBFEFE0FFC537C1BA6C5DD9 2886144 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-04-17 16:04:17 E935163C8AFFEB519572CEB8AA10E8E1 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-04-17 16:04:17 35B570D079F77FDE5D816CCB2FCE9C98 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-04-17 16:04:16 0DD9381BE8609D889F01812B7EFB1693 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-04-17 16:04:15 FA10EC0F44A75511D13F9D93184CFC90 14397440 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-04-17 16:04:15 8E9A5B0DA4B6DFCD3CB13A69E89417D6 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-04-17 16:04:15 3457A873B2246B36F1FF58876841D7FE 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-04-17 16:04:14 E593E891B374088572AD021431EBC38B 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-04-17 16:04:14 AA0640B3252BB6E9F90715F79EE77399 6025216 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-04-17 16:04:14 93B4EB4C7FF742BB834607B24EEF9F8F 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-04-17 16:04:14 3C9C1ADE982DB6FD77AD19FFE252B80A 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-04-17 16:04:13 899C731AF8C5FF826DFA6C19D725A355 417280 ----a-w- C:\Windows\Sysnative\html.iec 2015-04-17 16:04:13 77B35D0FC22A2D2EAC8D07C3F9784DBF 2358784 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-04-17 16:04:13 58DF183B856803E74BED39550FED0BCE 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-04-17 16:04:12 E0B5729CDAD0701839569A16DE68D311 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-04-17 16:04:12 DBC0C4554A8B2A81F68690D30F12C99E 24980480 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-04-17 16:03:10 745DE455E02693423B1B78F448D52961 79360 ----a-w- C:\Windows\Sysnative\clfsw32.dll 2015-04-17 16:03:10 404B7DF9CA4D1CB675045AF220FF3285 367552 ----a-w- C:\Windows\Sysnative\clfs.sys ====== C:\Windows\Sysnative\drivers ===== 2015-04-17 16:06:36 F61634BEC53F73702A10DE69F6DCAF57 754688 ----a-w- C:\Windows\Sysnative\drivers\http.sys 2015-04-17 16:05:37 1FA627E63195BF3BF636BFEF0D7190D4 155576 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-04-17 16:05:37 063C09DB965E3DFD6F4F08416F6DB8F5 95672 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys ====== C:\Windows\Tasks ====== 2015-04-22 08:55:20 32DF21C9EDAE33386C72F24B92D11785 3096 ----a-w- C:\Windows\Sysnative\Tasks\ASC7_PerformanceMonitor 2015-04-22 08:54:44 84725E1B8369B75E27E21BFA6665B847 2852 ----a-w- C:\Windows\Sysnative\Tasks\ASC7_SkipUac_cedric ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-04-23 06:37:31 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-04-20 07:38:47 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype ======= C: ===== ====== C:\Users\cedric\AppData\Roaming ====== 2015-04-22 09:00:46 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\cedric\AppData\Local\Temp.dat ====== C:\Users\cedric ====== 2015-04-23 06:35:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-04-23 06:28:11 2FE492CEF9188068FC87AA4F8665A564 561576 ----a-w- C:\Users\cedric\Downloads\jxpiinstall.exe 2015-04-22 21:03:43 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\cedric\Downloads\RSITx64.exe 2015-04-22 09:09:49 88F1ACC6C88D7BC7B563F3F9515CD875 807064 ----a-w- C:\Users\cedric\Downloads\adobe_flash_setup.exe 2015-04-22 08:54:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 2015-04-20 07:38:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-04-17 16:01:07 187077DF909832B788A2CB5D6BF84D11 374784 ----a-w- C:\Users\cedric\Downloads\Download.exe ====== C: exe-files == 2015-04-23 06:38:31 03D14BF1DC59130002F6B8BA3AD89DB9 148080 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe 2015-04-23 06:35:56 B175AD07294EB83FD12947B47B009D66 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe 2015-04-23 06:35:56 6045943DD4B9731735DB0774B25AE114 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe 2015-04-23 06:35:56 12F3D9FC2D1D68BB1C9AF782F94E4CF8 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe 2015-04-23 06:35:29 F65FA872AB42C3F0DBDDE26DF9609F5C 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\unpack200.exe 2015-04-23 06:35:27 EEF1E60EE8CD91EB27B465DF7D97D747 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\rmiregistry.exe 2015-04-23 06:35:27 E830232219E9156AF3E7F0ACB1B85FC8 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\ktab.exe 2015-04-23 06:35:27 D7168BCC2877E533EB32E0E00DCEEAE6 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssvagent.exe 2015-04-23 06:35:27 BDFE80354D388518D8C4E71F2734796D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\pack200.exe 2015-04-23 06:35:27 B406B32BDFDE96384C5F0A93D0090403 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\tnameserv.exe 2015-04-23 06:35:27 B2ED82B1A6ACCED29498BB9BA43D430F 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\servertool.exe 2015-04-23 06:35:27 9A78F5C33E24C55B7025416C79658759 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\orbd.exe 2015-04-23 06:35:27 90D8F0F8665DFE0F5616902F8A0E8561 76712 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2launcher.exe 2015-04-23 06:35:27 6EE11615820FCCBC8879FD86DD033515 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\rmid.exe 2015-04-23 06:35:27 57631CADE6FE87A131913D6241A5343A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\kinit.exe 2015-04-23 06:35:27 3C07B66A8BB9F028DC8EB87F84915DF0 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\jjs.exe 2015-04-23 06:35:27 33EF14CDCDD35CB53D3C3FCB3C2819CC 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\keytool.exe 2015-04-23 06:35:27 11EEA5DB4A0B073867E3DCBCDBF12118 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\klist.exe 2015-04-23 06:35:27 01E2DB324E5D3C31D1C31D7E3B9748CF 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\policytool.exe 2015-04-23 06:35:26 EECA4389069973E098AC4A167D58DC47 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\jabswitch.exe 2015-04-23 06:35:26 C885370364208460FD31001113F2B2A2 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\java-rmi.exe 2015-04-23 06:35:26 B175AD07294EB83FD12947B47B009D66 190888 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe 2015-04-23 06:35:26 7AEB4F5D482E1167E1FE9A726584BCD6 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe 2015-04-23 06:35:26 6045943DD4B9731735DB0774B25AE114 191400 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe 2015-04-23 06:35:26 12F3D9FC2D1D68BB1C9AF782F94E4CF8 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaws.exe 2015-04-23 06:28:11 2FE492CEF9188068FC87AA4F8665A564 561576 ----a-w- C:\Users\cedric\Downloads\jxpiinstall.exe 2015-04-22 21:03:43 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\cedric\Downloads\RSITx64.exe 2015-04-22 09:11:22 88F1ACC6C88D7BC7B563F3F9515CD875 807064 ----a-w- C:\Users\cedric\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe 2015-04-22 09:09:49 88F1ACC6C88D7BC7B563F3F9515CD875 807064 ----a-w- C:\Users\cedric\Downloads\adobe_flash_setup.exe 2015-04-22 08:54:53 497AF28F6231FA74DE734C9628F30FAD 1362240 ----a-w- C:\Program Files (x86)\IObit\Surfing Protection\SPUpdate.exe 2015-04-22 08:54:53 398AA8F18B72F46F40E9D42A6C714B0E 1185088 ----a-w- C:\Program Files (x86)\IObit\Surfing Protection\unins000.exe 2015-04-22 08:54:53 11ED7276A769DA7CC3511FE361C784F4 1264960 ----a-w- C:\Program Files (x86)\IObit\Surfing Protection\PluginInstall.exe 2015-04-22 08:54:33 EB11CD296594C6FDE57C9407F239BFBC 781088 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor_IObitDel.exe 2015-04-22 08:54:32 CC67CE28BCD1CE1738E64ED8ADED6588 1846560 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 7\AutoCare_IObitDel.exe 2015-04-22 08:54:32 6C856C581ACE1785CE3FC2414E9859A3 881952 ----a-w- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService_IObitDel.exe 2015-04-19 14:49:00 0D423A0CBEC984F3C08354C72E999FB1 11017296 ----a-w- C:\Program Files (x86)\Google\Update\Install\{77B33A5D-92D1-40EA-B43A-70E55B3F5020}\42.0.2311.90_41.0.2272.118_chrome_updater.exe 2015-04-19 14:49:00 0D423A0CBEC984F3C08354C72E999FB1 11017296 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\42.0.2311.90\42.0.2311.90_41.0.2272.118_chrome_updater.exe 2015-04-17 16:06:28 C5D90D20035928387FE27E4485EE463F 36864 ----a-w- C:\Windows\System32\wuapp.exe 2015-04-17 16:06:28 AEA602B4036CF95522818E911654F52E 135168 ----a-w- C:\Windows\System32\wuauclt.exe 2015-04-17 16:06:28 751C4859FD46A1461B3FB57252F541D8 33792 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2015-04-17 16:06:16 17D815AD21D4325CD589E57A9582E311 70840 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe 2015-04-17 16:05:43 DCB7D8034C773ADB660FA8F1139AC0A0 5557696 ----a-w- C:\Windows\System32\ntoskrnl.exe 2015-04-17 16:05:41 11896E75E1A118ABFAD126BEB650A189 3920824 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-17 16:05:40 A6A644BFAE31F111F35F8C3C7BA2A8A0 3976632 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-17 16:05:38 A32CA33E8692DA882133341AF31A4C36 338432 ----a-w- C:\Windows\System32\conhost.exe 2015-04-17 16:05:37 5E9E31A2F213E757184EB2CA4B562E6C 296960 ----a-w- C:\Windows\System32\rstrui.exe 2015-04-17 16:05:36 0B6514A14631E41DE4D6D40D1C80BE68 112640 ----a-w- C:\Windows\System32\smss.exe 2015-04-17 16:05:35 E6A73ED322D8D0E85589894157F81940 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2015-04-17 16:05:35 CACB6D061EAAE5CEB9203A26127843AF 64000 ----a-w- C:\Windows\System32\auditpol.exe 2015-04-17 16:05:35 CA4FC33FB22D92368A0B221092B46374 31232 ----a-w- C:\Windows\System32\lsass.exe 2015-04-17 16:05:35 6F8CEB8115737D2E049804B191AE41A9 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2015-04-17 16:05:28 FC898E44379D877DE92D869E713528CD 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2015-04-17 16:05:28 53C485BC8BBD41877F58AEB89412F5D7 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2015-04-17 16:04:28 3278499EBA0DAA54EB4B68F695F0FB43 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2015-04-17 16:04:26 9A9F2AC89AAE40A49D8D474FAD932C37 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe 2015-04-17 16:04:26 7571102ACD8A82A55D1657CDF96A1A0E 720384 ----a-w- C:\Windows\System32\ie4uinit.exe 2015-04-17 16:04:22 DACC3142BF6317B7250F319AB435D128 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe 2015-04-17 16:04:22 B91D35BF855852C997D8DD5FA4C586A9 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe 2015-04-17 16:04:22 B3581F426DC500A51091CDD5BACF0454 815288 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2015-04-17 16:04:21 B7BFB7C2970DF5E779FF729C037BD8E4 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-04-17 16:04:21 630FB85EF5FFB7441A7AFB4CC9FC9DB6 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2015-04-17 16:04:19 F452A51F4004606F714EEB5C278CD376 484864 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe 2015-04-17 16:04:17 E935163C8AFFEB519572CEB8AA10E8E1 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2015-04-17 16:04:17 7FBBF54DDE37D80777D8A42F75501B8F 813744 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2015-04-17 16:01:07 187077DF909832B788A2CB5D6BF84D11 374784 ----a-w- C:\Users\cedric\Downloads\Download.exe 2015-04-17 10:24:28 7A8F6ECA343EC3E644580C7A7B28E507 17549488 ----a-w- C:\Windows\SysWOW64\FlashPlayerInstaller.exe === C: other files == 2015-04-23 06:35:31 34AD992DE8D6023490DB5C9017FAE6E8 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_45\lib\deploy\ffjcext.zip 2015-04-22 08:54:54 032694B0FE8D2AE6EC544B989E1CBF75 341164 ----a-w- C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx 2015-04-17 16:06:36 F61634BEC53F73702A10DE69F6DCAF57 754688 ----a-w- C:\Windows\System32\drivers\http.sys 2015-04-17 16:06:16 7EBB5DAD11B1D0B12317A191C8325991 21128 ----a-w- C:\Windows\System32\appraiser\nxquery.sys 2015-04-17 16:05:37 1FA627E63195BF3BF636BFEF0D7190D4 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-04-17 16:05:37 063C09DB965E3DFD6F4F08416F6DB8F5 95672 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-04-17 16:03:10 404B7DF9CA4D1CB675045AF220FF3285 367552 ----a-w- C:\Windows\System32\clfs.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SVPWUTIL"="C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL" "KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe LPCM" "DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime" "AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "IsaKbcCertUpdate"="C:\Program Files (x86)\Common Files\Isabel\isa_kbc_certupdate.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" "MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" "SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe " "00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe " "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe " "TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivX Download Manager] "command"="\"C:\\Program Files (x86)\\DivX\\DivX Plus Web Player\\DDmService.exe\" start" "hkey"="HKLM" "item"="DivX Download Manager" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager] "command"="\"C:\\Program Files (x86)\\Epson Software\\Event Manager\\EEventManager.exe\"" "hkey"="HKLM" "item"="EEventManager" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HWSetup] "command"="C:\\Program Files\\TOSHIBA\\Utilities\\HWSetup.exe hwSetUP" "hkey"="HKLM" "item"="HWSetup" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBAgent] "command"="\"c:\\Program Files (x86)\\Nero\\Nero BackItUp & Burn\\Nero BackItUp\\NBAgent.exe\" /WinStart" "hkey"="HKLM" "item"="NBAgent" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg" "hkey"="HKLM" "command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe /FORPCEE3 " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVBg_Dolby] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVBg_Dolby" "hkey"="HKLM" "command"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVBg64.exe\" /FORPCEE3" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RtHDVCpl" "hkey"="HKLM" "command"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe\" -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba Registration] "command"="C:\\Program Files\\Toshiba\\Registration\\ToshibaReminder.exe" "hkey"="HKLM" "item"="Toshiba Registration" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Toshiba TEMPRO] "command"="C:\\Program Files (x86)\\Toshiba TEMPRO\\TemproTray.exe" "hkey"="HKLM" "item"="Toshiba TEMPRO" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosNC] "command"="C:\\Program Files\\Toshiba\\BulletinBoard\\TosNcCore.exe" "hkey"="HKLM" "item"="TosNC" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosReelTimeMonitor] "command"="C:\\Program Files\\TOSHIBA\\ReelTime\\TosReelTimeMonitor.exe" "hkey"="HKLM" "item"="TosReelTimeMonitor" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TWebCamera] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TWebCamera" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\TOSHIBA\\TOSHIBA Web Camera Application\\TWebCamera.exe\" autorun" ==== Startup Folders ====================== 2015-04-17 16:01:43 1931 ----a-w- C:\Users\cedric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/02/2015 11:53] C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce0e0f4a8bbd6e.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22/10/2014 18:19] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [22/10/2014 18:19] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASC7_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe] "C:\Windows\SysNative\tasks\ASC7_SkipUac_cedric" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\ConfigFree Startup Programs" [C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1ce0e0f4a8bbd6e" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\cedric\AppData\Roaming\Mozilla\Firefox\Profiles\m1r89vlm.default-1376402822709 user_pref("browser.startup.homepage", "http://www.google.be/"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "sweetsearch@gmail.com"="C:\Users\cedric\AppData\Roaming\Mozilla\Firefox\Profiles\m1r89vlm.default-1376402822709\extensions\sweetsearch@gmail.com" [] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "{22FDDDD5-6EA3-2EC5-7ED6-BE555D785516}"="C:\Program Files (x86)\ver9SpeedCheck\178.xpi" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\cedric\AppData\Roaming\Mozilla\Firefox\Profiles\m1r89vlm.default-1376402822709 - Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi - Belgium eID - %ProfilePath%\extensions\belgiumeid@eid.belgium.be.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\cedric\AppData\Roaming\Mozilla\Firefox\Profiles\m1r89vlm.default-1376402822709 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013 C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\cedric\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104 ==== Fake Chromium Profiles Check ====================== Fake profile C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== Google Chrome Version: 42.0.2311.90 (Possible outdated, latest Stable version: 41.0.2272.118) [z-db] HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions fnjbmmemklcjgepojigaapkoodmkgbae - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx[08/12/2010 23:15] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx[08/12/2010 23:15] Advanced SystemCare Surfing Protection - cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd DivX HiQ - cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae {page b.html}content_scripts:[{all_frames:falsejs:[c.js]matches:[http://*/*https://*/*]run_at:document_end}]description:icons:{16:icon16.png48:icon48.png128:icon128.png}manifest_version:2name:SpeedCheckpermissions:[cookiesstorageunlimitedStoragehttp://*/*https://*/*tabswebRequestwebRequestBlocking]version:1.178.0.0} - cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlbokfjpijhbcoagghgljdbpbfmlkcf Cars 2 World Grand Prix Races - cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo DivX Plus Web Player HTML5 \u003Cvideo\u003E - cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm ==== Chromium Startpages ====================== C:\Users\cedric\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.mystartsearch.com/?type=hp&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC00EYJX4LGSX", "startup_urls": [ "http://www.mystartsearch.com/?type=hp&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC00EYJX4LGSX" ] ==== Chromium Fix ====================== C:\Users\cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlbokfjpijhbcoagghgljdbpbfmlkcf deleted successfully C:\Users\cedric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkpnakihjiclpakoaggnpaphjjjjelo deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.mystartsearch.com/?type=hp&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC00EYJX4LGSX" "Default_Page_URL"="http://www.mystartsearch.com/?type=hp&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC00EYJX4LGSX" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC00EYJX4LGSX&q={searchTerms}" "Default_Page_URL"="http://www.mystartsearch.com/?type=hp&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC00EYJX4LGSX" "Start Page"="http://www.mystartsearch.com/?type=hp&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC00EYJX4LGSX" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC00EYJX4LGSX&q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.mystartsearch.com/web/?type=ds&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC00EYJX4LGSX&q={searchTerms}" "Default_Page_URL"="http://www.mystartsearch.com/?type=hp&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC00EYJX4LGSX" "Start Page"="http://www.mystartsearch.com/?type=hp&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC00EYJX4LGSX" "Search Page"="http://www.mystartsearch.com/web/?type=ds&ts=1429286807&from=wpc&uid=HitachiXHTS545032B9A300_100903PBNC00EYJX4LGSX&q={searchTerms}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{536CD26E-A652-426E-8497-E3EB81927955}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {2BF1907A-156C-4923-BE7F-17713D97E1F8} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" {536CD26E-A652-426E-8497-E3EB81927955} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1022104969-3133531358-4227153473-1001\Software\Mozilla\Firefox\Extensions\{22FDDDD5-6EA3-2EC5-7ED6-BE555D785516} deleted successfully HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\sweetsearch@gmail.com deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Increase performance and video formats for your HTML5